Preventing Phishing Sites
Feb 18, 2007
I am running a hosting service. Recently a user put a phishing site on the server, pretending to be an eBay signup page and soliciting passwords. I had all kind of truble with this, because eBay complained to my server company.
I would like to ask if you know any solution what would block such sites automatically?
It could search for some predefined texts on the page (such as "sign in to eBay") and block the page if they are found. I wasn't able to find anything in Apache documentation.
View 6 Replies
ADVERTISEMENT
Aug 30, 2007
I run a Free web hosting service on my server with XPanel script installed. It has around 47K accounts in all. Recently i started getting mails from e-bay, banks and many other institutions regarding the Phishing sites operating from my server for cheating their customers / members. Though i removed them but i have to do it manually and after getting mails from them.
Now that i dont want any more such site to run from my hosting site, What are the options available for me in order to check all accounts automatically and remove any such site on its own? As there are 47K accounts and 100+ new signups each day, it is not possible to check all accounts manually.
I want any script / addon which can check all possible Phishing / Spamming / Spurious / Fraud sites and intimate me/ delete them upon request. Any person using such services? I need your guidance + support.
Looking for some fast and effective answers from experts here.
View 10 Replies
View Related
Nov 1, 2007
with my server i ran in to big issue with phishing sites. i have secured my server with firewall, and many other security things. but still i can see some times some one place phishing site. serverbeach suspend my server few times. i know this is not doing by users by there selfs. but however its coming in to the server. in secure side now i have to only go thorugh sites and check all writable directories.
is there any way to monitor the phishing activities? may be its some kind of scripts some one running inside the server?
View 8 Replies
View Related
Jun 15, 2007
I currently run a dedicated server and for the past 2 month or so have been attacked by some hackers or so. Meaning that on my sites every other day there is a folder of a phishing site. It is either paypal, ebay, exc phishing site and I know that I did not upload it there. I have tried almost anything to stop that, but it just keeps happening, my server company suggested to do os reload, but I am not sure as that will cost me $100. Was anyone faced with a problem like this that can give few suggestions? I use cpanel server.
View 8 Replies
View Related
Apr 4, 2007
I'm just wondering what a few good techniques to prevent DDoS would be. What causes them? How can I protect my server against them? I noticed that Apache has something called mod_evasive which helps against them. Does lighttpd have something like this?
View 9 Replies
View Related
Jun 1, 2008
I'm not that techy I'd like to ask why this person downloaded the file below before uploading some phishing webpages on my account ? I've changed my password numerious times from different computers and even from mobile phone just to check if the person can still get in. But again it is no use the person were able to upload phishing pages.
logs:
May 25 21:50:42 server100 pure-ftpd: (weblogin100@62.56.133.36) [NOTICE] /home/weblogin100//.htpasswds/update/Login.php downloaded (21251 bytes, 755.78KB/sec)
Right now I deleted all other scripts on the account and remain some htmls. Folder were also set to 644 no 777, while waiting if the person can still upload his phishing pages please help me why he downloaded the file above. I've check the file on my account and I cannot see Login.php. By the way I have a root login and only two accounts were a constant phishing victims.
View 1 Replies
View Related
Jul 22, 2008
Is there a way to prevent a certain service from taking up a certain amount of load on the server?
Like, shouldn't there be a way I can tell gzip or exim how much server load they are allowed to take up on my server?
I know it may run them slower, but it will be for the better if I could set each one to only be able to have a max load peak or something.
View 7 Replies
View Related
Sep 15, 2007
The images I am trying to block are on page generated by a simple PHP script on my server. The offender has replicated what I am doing with ASP on their server. They are hotlinking to my images for the resulting page. They left my website's name on them, so they must think that giving credit is enough.
I'm going to be contacting them to stop but I also want to see if there is a way for me to prevent it from happening in the first place.
I tried mod_rewrite...
Code:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^[url].*$ [NC]
RewriteRule .(gif|jpg)$ - [F]
I know mod_rewrite works on my server because I've been using it for some other things.
However, whenever I enable the above code (add it to the directives and restart apache - have also tried just putting it in a .htaccess file in the appropriate directory), I end up with images still being allowed on my domain and the other domain I'm trying to stop from using my images. Do you think it could have to do with an absent referrer? I read that the code doesn't work if the referrer is blank. What else would cause this not to work? Obviously the domain would have to be correct, but it doesn't block from my domain OR the offending domain.
I tried another method:
Code:
<FilesMatch ".(gif¦jpg¦png)$">
SetEnvIfNoCase Referer ^$ allow_image
SetEnvIfNoCase Referer ^[url] allow_image
Order Deny,Allow
Deny from all
Allow from env=allow_image
</FilesMatch>
This one blocked images to the offending domain, but it also blocked mine!
View 3 Replies
View Related
Sep 22, 2007
I am currently using IPB as my forum software. I've enabled admin validation only for registrations, to combat the increasing amount of spam signups. I see a lot of .ru and .cn email signups, or other suspicious signups, which I always delete.
What is the best way to combat these spammers?
I've been considering something like WHT uses, that you need X posts before being able to post links, how can I accomplish this with IPB?
View 6 Replies
View Related
Jun 9, 2009
I spotted a user on my site with the hostname: gator832.hostgator.com
This particular visitor identified themselves as a "visitor", with the user agent: Mozilla/4.8 [en] (Windows NT 6.0; U)
Upon typing the user's IP into google, a boatload of "phishing" / "bad bots" logs come up.
My question: Can I identify visitors like this via automation?
i.e.: fake users. People who masquerade themselves as a human, while they're really a bot.
(I only noticed this potentially 'bad' user because I was viewing my visitor log in real-time. -I was on at the very moment they were-)
In previous experience, not every user with the "host" phrase in their hostname are bad users, so sniffing those bits wouldn't do anything useful.
View 0 Replies
View Related
Apr 26, 2008
Gmail has a feature to detect email phishing and it marks them with a red header alert saying "Warning" This message may not be from whom......", I believe this red alert has nothing to do with spf record of that email, so how does it detect it as phishing email?
We have spf record and I sent an email from another server, when I received that emai the spf record was "softfail" but it does not have that red alert.
View 0 Replies
View Related
Jan 10, 2007
We have received the complain from paypal that one of the domains were phishing. How to track it down? How to find out the method that how they uploaded? I checked /tmp file and couldn't find anything. I check access_log file for wget and couldnt find anyting.
View 2 Replies
View Related
Sep 18, 2008
I want post here about RapidVPS hosting,
they host all scam and phishy sites like Hyip.
What is Hyip? Here-> [url]
My proof:
ablehyip. com/hyip/ (IP:208.84.144.131)
globalmarketsol. org (IP:66.35.79.68)
forexco. us/index.php?a=home (IP:66.35.79.37)
xlinvestment. us (IP:66.35.79.29)
topprofitworld. net (IP:66.35.79.94)
real-onlineforex. com (IP:66.35.79.118)
fx-88. com (IP:208.84.150.149)
marvelpartners. us (IP:66.35.79.68)
and so on too many hyip scams, very big list.
All provided IP addresses are rigistered with
OrgName: Infinitum Technologies Inc. (RapidVPS)
OrgID: INFIN-27
Address: 873 Grand Regency Pte.
Address: Suite 201
City: Altamonte Springs
StateProv: FL
PostalCode: 32714
Country: US
All IP addresses are provided for
network: Organization-Org-Name:NVHSERVER Inc
network: Organization-Name:Ha Nguyen
network: Description-Usage:Internet Service Provider
I have contacted with RapidVPS admin and this guy (name is Rick) never answer my reports,
just ignore me, ban me, I'm sure he is owner of all this scam.
I have created account on the RapidVPS forum,
and Rick ban me for my first post about hyip scam on their servers,
here is proof: [url]
If you wanna ask about this issue, contact Rick directly: rickb@rapidvps.c0m
Guys what you think about this issue or maybe it's normal for all US hosters?
Please your comments.
Thanks for this post reading and your time.
Here is more info about hyip scam:
fbi.gov/majcases/fraud/fraudschemes.htm#ponzi
sec.gov/answers/ponzi.htm
View 14 Replies
View Related
Dec 17, 2007
I don't know about security on servers much, and we're setting up our new server. I have the techs doing the install stuff, but I would love to know what to install security wise. My current list:
Firewall - good free one?
Antivirus - good free one?
rootkit, some way of stopping it (anti-rootkit?)
Also, is there some sort of script which searches all cPanel accounts/files for phishing sites or spam sites etc? I swear I've seen one before, in firewall form?
Oh the server setup is going to be:
php5-CGI, fCGI, mySQL 5, apache 2.2.x, centOS, ruby on rails, django, ioncube, other php libraries, mod_rewrite, I think thats everything. (cPanel).
View 4 Replies
View Related
Jul 31, 2007
Someones managed to upload a phishing site to my VPS.
How do they normally achieve this, there has been no unauthorised root access as I get e-mail each time someone log in as root.
Is it likely they've just managed to guess my ftp password, or is it going to have something to do with a script running elsewhere?
I've got solarvps looking at it now.
View 14 Replies
View Related
Jul 28, 2008
I can't get SELinux to let httpd load the IonCube module for PHP. I've given the CentOS 5 forum a try (here: http://www.centos.org/modules/newbb/...15403&forum=42), talked with WHMCS's support (the app I'm using that needs it), and even opened a ticket with IonCube. Unfortunately nobody seems to know how to tell SELinux to let httpd "exec" modules.
I'm running CentOS 5, and the error I'm getting in /var/log/messages is:
Jul 23 10:15:30 host kernel: audit(1216833330.905:1249): avc: denied { execheap } for pid=22055 comm="httpd" scontext=root:system_r:httpd_t:s0 tcontext=root:system_r:httpd_t:s0 tclass=process
I can disable SELinux and it works fine (setenforce 0), but that's not the solution I'm looking for. Can someone please tell me how to do this the *right* way?
View 11 Replies
View Related
Jun 5, 2014
PRODUCT, VERSION, MICROUPDATE, OPERATING SYSTEM, ARCHITECTURE
Plesk Panel 11.5.30#46
Centos 6.5
AuthenticAMD, AMD Opteron(TM) Processor 6272
PROBLEM DESCRIPTION
Upon a shutdown or reboot, the system shuts down sw-collectd. Further along, it will end wdcollect and the following will occur:
init: psa-wdcollect main process (pid) killed by KILL signal
init: psa-wdcollect main process ended, respawning
wdcollect[pid]: Language en-US is used for sending e-mail messages.
wdcollect[pid]: Failed to connect to database server during the startup. New attempts will be made if needed.
wdcollect[pid]: Server started
I believe this is preventing the un-mounting of drives which in the end freezes the shutdown process on:
Please stand by while rebooting the system...
After this occurs, I have to force the VM off and then boot again.
I have tried the following:[URL] .....
View 1 Replies
View Related
Jun 2, 2009
I know Brent from HostGator reads here so thought I share this, If you are an Australian you are more than likely getting phishing emails supposedly from Commonwealth Bank (Australia's largest bank). I get about 20 a day to all my email addresses, here's one I got today:
We recorded a payment request from "HostGator -www.hostgator.com- Reseller Web Hosting"
to enable the charge of $74.95 on your account.
Because the order was made from an African internet address, we put an Exception Payment on
transaction id #POS PAYM7284 motivated by our Geographical Tracking System.
THE PAYMENT IS PENDING FOR THE MOMENT.
If you made this transaction or if you just authorize this payment, please ignore or remove this email
message. The transaction will be shown on your monthly statement as "HostGator - Reseller Web Hosting".
If you didn't make this payment and would like to decline the $74.95 billing to your card, please follow
the link below to cancel the payment :
Cancel this payment (transaction id #POS PAYM7284)
NOTE: Because email is not a secure form of communication, please do not reply to this email.
© Commonwealth Bank of Australia 2009 ABN 48 123 123 124
Of course I'm not a customer of this bank nor am I with HostGator, but these emails are getting more sophisticated by the day.. please also see [url]
View 6 Replies
View Related
Apr 23, 2009
One day, you noticed that someone remotely connectted your computer and an application sends spam/phishing emails bu using your IP. What do you do?
Of course, I stopped the program and blocked remote connection for a while and changed my password... I any way, i have to connect my computer remotely... What do you advice?
By the way, i have more than 1000 email accounts on my computer. Hacker left me a gift, but I don't need them))
View 9 Replies
View Related
Jun 20, 2008
I am currently installing lxadmin in my webserver, but during the intallation i received a alert message from my "settroubleshootebrowser" saying:
SummarySELinux is preventing /usr/local/lxlabs/ext/php/php from loading /usr/local/lxlabs/ext/php/lib/mysql.so which requires text relocation.
Allowing AccessIf you trust:
/usr/local/lxlabs/ext/php/lib/mysql.so to run correctly, you can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t /usr/local/lxlabs/ext/php/lib/mysql.so"The following command will allow this access:chcon -t textrel_shlib_t /usr/local/lxlabs/ext/php/lib/mysql.so
This message was for thwe SQL and Zend optimizer.
My Question is, where do i find the "chcon -t textrel_shlib_t" file allow access?
View 3 Replies
View Related
May 22, 2014
I are running an Plesk 11.5 on a Ubuntu 12.04 machine. Since days i have problems where i see scripts of phishing sites and mailer scripts installed in the httpdocs directory of various domain.
How I can prevent that people outsiders install this scripts on the server? Where is the bug that allows this?
View 4 Replies
View Related
Mar 25, 2009
On my server, users can connect to any database as long as they have the database user and password. This makes it easier to hack any database on the server.
What I want to do is to make the users can only connect to their own databases and not other's.
I tried changing the localhost ip address but it didn't work ( I assume I didn't do it the right way)
View 7 Replies
View Related
Nov 10, 2007
just got some sites hacked for a second time by this V4 team.
Quote:
Hack3d
Your System 0wned By V4 TeAm
V.4 Crackers
Contact :
Dj_moad@hotmail.fr
Attack Method : uid=0(root) gid=0(root) groups=0(Root)
Attack Reason : Revenge against that websites
GrEetz To All V4 TeAm Members
==>>V4 TeaM<<==
links to [url]
i've run every security setting i can picture, including CSF, firewalls, restricting php access, suexec and what not.
how these a**holes keep coming in? using WHM11.
View 6 Replies
View Related
Aug 12, 2008
I'm having the oddest issue. For some reason, some of the websites on my server load fine, and some take a really long time to load (2 minutes).
Now, the server load is fine, and the size of the sites aren't the issue either. I've restarted Apache and a couple more services, and still the same sites seem to load very slow.
What could be causing this since it's only effecting certain websites?
View 14 Replies
View Related
May 18, 2009
I have a pretty beefy VPS (1 Gb RAM, equal share Intel xeon Quad core processor), but I have no idea how many other VPS's are sharing that processor.
Is there any way to know that? I'm guessing the hosting company (Future Host - very happy with them btw) isn't going to tell me.
Right now my stats are pretty low, but how many individual cPanel accounts (1 site each) before it starts to bog down? I know it depends largely on the traffic, but is 20-30 low-volume sites a lot for a VPS with 1Gb ram?
View 9 Replies
View Related
Aug 14, 2007
I have a few personal sites one server and my business sites on another. I was thinking of moving the personal ones to my business VPS (to save money) but I don't want someone to be able to do a NS or IP search on one group and find the others or see that they're related in any way. (I had a weird experience with a business contact contacting me via a personal site that he found by a NS search. That's why they're on another server now.)
Is is possible to add a second NS (another domain) on separate IPs to handle the personal sites, and my current NS handle the biz sites? Or should I just keep them on two different servers?
I thought maybe I could make the personal sites into their own reseller account and do a new NS that way, but if there's an easier way I'd rather do that.
I know a guy who has about 10 domains on the same IP and each of the domains uses its domain name as its own NS. I think the term he used was NS aliasing. I think it was all done by changing the DNS stuff in WHM. I tried to do what he said but it didn't work for me. Also I'm not sure how to handle the registrar part. They want two separate IPs for the NS, but he's using only one.
View 1 Replies
View Related
Feb 22, 2009
i currently have 2 webhosting providers but want to consolidate to one acct at one host with a bit better load times...
1. JaguarPc - i have two accts with them
a. i have a shared acct with them currently - i believe its called the gigadeal (something like $10 a month). i have been with them since 2000, pretty decent host not too much downtime. support is "ok" when needed.
currently i have 3 smallish websites hosted on this one acct, they dont get a lot of traffic. two of them are using wordpress one is just a static html site.
i did a look up and found the server has about 130 sites hosetd on it. so not too bad in regards to overselling. however my big problem is the site takes about 900-1500ms to generate a page. this seems to be pretty often. again the sites dont really draw that much traffic. so thats not the problem here.
b. i also have one of their freedom vps accts with upgraded ram and bandwidth. i only have one site hosted on it. this site used to get about 500K+ unique visitors a month. at its peak we were serving around 1tb bandwidth a month... i know we ran the vps hard but considering we wanted to stay under $50 it worked well. there was of course some downtime due to the massive traffic - [we serve up a popular flash cartoon website].
2. Hostgator - babygator plan
this host only serves up one wordpress site - the site isnt very well known yet, but the site is growing each month. the funny thing is that when i looked up this server there was about 830 websites hosted on it - obviously oversold and crowded. support really sucks here imho. however, the page load time is anywhere between 250ms to 500ms a lot faster than JaguarPcs. which is crazy since jag has much less sites on the server...
im looking to basically consolidate the websites that are on both shared plans. my original thought was to keep them all on my shared hosting acct at jaguarpc (the one with the 3 sites). obviously i cannot add them to the vps since its pretty active. also the vps is business and the other sites are all personal. and i dont want them to mix so to speak.
i am currently spending about $20 a month between the two shared host plans. im looking for some recommendations as to where to move -- where speed isnt such a big problem, and i can maintain one acct. it would be great if i could host these sites all for around $20 - hopefully without much lag.
was thinking mediatemple - but after reading so many negative posts here about them - im not sure...
View 14 Replies
View Related
Jul 11, 2009
one of my sites "www.maishare.com"
wents down a lot per day
the strange that it's working from some places while not working from others
what i mean that when it goes down i check it at siteuptime.com and i found that its working from some places and some is down
all my other sites doesn't went down 100% uptime
i've checked the dns setting in my domain panel
View 7 Replies
View Related
