Results 1 to 3 of 3

Thread: website phising attack
      
   

  1. #1
    Join Date
    Feb 2006
    Posts
    75

    Default website phising attack

    Hi guys i received an email

    Dear site owner or webmaster of sameasiteverwas.co.uk,
    We recently discovered that some pages on your site look like a possible phishing attack, in which users are encouraged to give up sensitive information such as login credentials or banking information. We have removed the suspicious URLs from Google.com search results and have begun showing a warning page to users who visit these URLs in certain browsers that receive anti-phishing data from Google.
    Below are one or more example URLs on your site which may be part of a phishing attack:
    http://www.sameasiteverwas .co.uk###########.php
    http://www.sameasiteverwas .co.uk/##########.php
    Here is a link to a sample warning page:
    http://www.google.com/interstitial?url=http%3A//www.sameasiteverwas.co.uk/upload/###########.php
    We strongly encourage you to investigate this immediately to protect users who are being directed to a suspected phishing attack being hosted on your web site. Although some sites intentionally host such attacks, in many cases the webmaster is unaware because:

    1) the site was compromised
    2) the site doesn't monitor for malicious user-contributed content
    If your site was compromised, it's important to not only remove the content involved in the phishing attack, but to also identify and fix the vulnerability that enabled such content to be placed on your site. We suggest contacting your hosting provider if you are unsure of how to proceed.
    Once you've secured your site, and removed the content involved in the suspected phishing attack, or if you believe we have made an error and this is not actually a phishing attack, you can request that the warning be removed by visiting
    http://www.google.com/safebrowsing/r...r/?tpl=emailer
    and reporting an "incorrect forgery alert." We will review this request and take the appropriate actions.


    Sincerely,

    Google Search Quality Team

    Note: if you have an account in Google's Webmaster Tools, you can verify the authenticity of this message by logging into https://www.google.com/webmasters/tools/siteoverview and going to the Message Center, where a warning will appear shortly.



    i have removed the offending files and checked for any other files that should not be there. ( i removed part of the file names because i didn't know if i could post them).

    My questions are:
    how did they gain access to my account to upload these files.
    how can i stop it happening again
    How can i make my site more secure to prevent more attacks.

    I hope this is in the right forum.

    Cheers
    johnny

  2. #2
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    12,080

    Default Re: website phising attack

    Most probably, these files have been uploaded through the upload fields of your contactform. Did YOU create the "upload" folder ?

    If yes, which processor were you using to upload these files ?

    Most probably the hacker uploaded the file in the folder and then run it through the browser, thus copying files to the root directory.

    Usually, the "upload" folder should have a "strange" name, and should either be prohibited for vewing/browsing through cPanel, or you should publish inside this folder an "index" page which redirects to the main site, thus disallowing any hacker from viewing and running malicious files uploaded.

    Also please note that the built in form processor disaalows certain file extensions through Javascript. Hackers have Javascript disabled, so this type of validation doesn't work. You should be using PHP validation for file uploads (DBTS Form Processor in you-know-which forum)
    Navaldesign
    Logger Lite: Low Cost, Customizable, multifeatured Login script
    Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
    DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
    Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!


  3. #3
    Join Date
    Feb 2006
    Posts
    75

    Default Re: website phising attack

    Yes i did create a upload folder, and ill change the name of the folder asap. im using the built in form processor.

    Ive had a look at the upload folder permissions but im not sure what to change or even if im looking in the right place to make it hidden. As for the index page inside the upload folder is this just normal index page that redirects to my home page.

    And ill catch up with you in later "(DBTS Form Processor in you-know-which forum)" hopefully we both are on the same page, no pun intended

    cheers
    johnny

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

     

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •