Skip to content

Phishing

Featured Replies

Some little toe rag has put some files on my server which were being using for phishing. :finger:

I got an email this morning from the bank concerned asking me to remove all the files and send them on to them.

I've had a look and sure enough the files are on the server.

How could this little sh!t have got access to my server? Would it mean that my password was comprimised? I have changed it now.

In the meantime the hosting company have been a bit over zealous and shut me down.

I'm fuming it's really pi$$ing me off.

Sounds like they've either compromised your password, or more likely gained access to the host provider's systems and just picked on your account (or your account is the only one that's been discovered). Changing your password may not help in this case, but it can't do any harm :D Your provider can look at their logs which may show activity on your account, but it'll come down to how good the phishers are at cleaning up after themselves :D

Chris

  • Author

Pity I can't get hold of the scrote.

I've been checking my PC all day. Can't seem to find any virus activity or malware.

What virus protection/firewall have you got and what server?

  • Author

On my home PC I have a Linksys Router and AVG Pro Av & Firewall.

The hosting is shared hosting.

Thats explains alot then.

All except what phishing is of course.

Never heard of it. I thought you spelt it wrong. Was going to suggest a rod and line and some maggots!!

Shared hosting can cause this kinda thing, annoyingly.

Grab me on MSN, we'll get something sorted ;)

In my opinion you should inform your ISP as it sounds like there is probably a vulnerability on the shared server which has allowed somebody to compromise the system and host them in your home directory on the server.

Thats my opinion, however from my experience in that field, in such cases a complete blank and reinstate data from a backup will be the only sure way to get around that issue and be safe.

Could be an external party getting in via a flaw (Major worry for the ISP) or more likely another user on the system has used a local exploint to gain access to your account. This is assuming your shared hosting gives you a shell etc.

As a precaution i would also format and reinstall your desktop and other machines where you log into the server just incase some bugger has managed to get a logging torjan or similar onboard.

  • Author

I'll see what the hosting company says when I get home tonight - Thanks

Stu feel free to PM me if you have any specific questions, or failing that if you are free i'll pop around to get those bits for the talex mounting and we can have a look into it if you need to.

  • Author

Thanks mate. I have another hosting account so I'm currently upping to that and then I'll try and setup a redirect for now.

I've sent a rather strong email to the server company asking them why they think it necessary to suspend my account.

  • Author

Looks like it's a server side thing as another couple of sites I know that are hosted by the same company are now down.

Stu, do you control the DNS for fabia-vrs.com?

Glad to see you are up and going though. If their server has been comprimised i'd avoid logging into it and definately change all paswords to all accounts that use the same password anywhere. Call me paranoid, but I have seen these things go **** up while working for an ISP, and depending on the scrotes intentions things can get v messy v quick.

If you use online banking from your desktop that you maintain the site from i would call the bank and shut it temporarily and get them to send you a new password and pin, just incase.

  • Author

Yes I have control of the DNS.

I am going to wipe this PC when I get time this week, I don't think there is anything on it but we'll see.

was going to suggest having a fabia-vrs point to a redirect page on octavia-vrs which takes peeps to the appropriate subdirectory. Good luck.

There are some evil little "baw bags" out there Stu ! :mad:

Gutted for you mate, you put a lot & time and effort into that site & some little piece of pond life puts puts you off line. :mad:

I actually went for another look at your site to get the pin connections to finish the cruise wiring and it wasn't there ... arrrrgh !!!!! :eek:

I was coming on here to P.M. you for the connections when I saw this thread, I got them from the mirror site on the link you posted cheers for that ! :thumbup:

Hope you get it all sorted soon & the culprits get what's coming to them. :finger:

  • Author
was going to suggest having a fabia-vrs point to a redirect page on octavia-vrs which takes peeps to the appropriate subdirectory. Good luck.

Yeah, I may have to although I was hoping that I might have it back tonight.

  • Author
There are some evil little "baw bags" out there Stu ! :mad:

Gutted for you mate' date=' you put a lot & time and effort into that site & some little piece of pond life puts puts you off line. :mad:

I actually went for another look at your site to get the pin connections to finish the cruise wiring and it wasn't there ... arrrrgh !!!!! :eek:

I was coming on here to P.M. you for the connections when I saw this thread, I got them from the mirror site on the link you posted cheers for that ! :thumbup:

Hope you get it all sorted soon & the culprits get what's coming to them. :finger:[/quote']

Have you got your plug now or are you just preparing yourself? :thumbup:

Just preparing mate, I wanted to print them off so I could have them to hand when the plug arrives. I'm just relieved that you've not lost the site & are able to host it elsewhere, evil little sh!ts ! :mad:

  • Author

Gimme a bell or PM if you need any more pics or info.

Gimme a bell or PM if you need any more pics or info.

Cheers mate !

Hopefully won't have to bother you though, I reckon you've got enough to contend with at the moment. :rolleyes:

  • Author

It looks like this is the scrotes email address from the script

[email protected]

Create an account or sign in to comment

Recently Browsing 0

  • No registered users viewing this page.

Important Information

Welcome to BRISKODA. Please note the following important links Terms of Use. We have a comprehensive Privacy Policy. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

Account

Navigation

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.