Scraper, Rogue Bot Or Phishing

Jun 9, 2009

I spotted a user on my site with the hostname: gator832.hostgator.com
This particular visitor identified themselves as a "visitor", with the user agent: Mozilla/4.8 [en] (Windows NT 6.0; U)

Upon typing the user's IP into google, a boatload of "phishing" / "bad bots" logs come up.

My question: Can I identify visitors like this via automation?
i.e.: fake users. People who masquerade themselves as a human, while they're really a bot.
(I only noticed this potentially 'bad' user because I was viewing my visitor log in real-time. -I was on at the very moment they were-)

In previous experience, not every user with the "host" phrase in their hostname are bad users, so sniffing those bits wouldn't do anything useful.

View 0 Replies


ADVERTISEMENT

Rogue Network Activity From Dedicated Box

Aug 6, 2007

I have a dedicated box with Fasthosts and they tell me they've detected that the server is talking out to other networks via IRC although there's no activity on port 53.

Can anyone point me in the right direction of steps to take to find out what this is and eliminate it?

Recent changes to server include...
Started SpamAssassin (with network checks on - could these be the cause?)
Installed Mongrel as a proxy server for RoR apps and configured Apache on port 80 to make use of two Mongrel processes.

Some other data about server as requested on sticky thread on this board:

Linux OS: Fedora Core 6
Kernel: 2.6.18-1.2798.fc6
Control Panel: Matrix LSA

Processes (ps -auxf):

Quote:

USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 2032 556 ? Ss Jul31 0:01 init [3]
root 2 0.0 0.0 0 0 ? S Jul31 0:00 [migration/0]
root 3 0.0 0.0 0 0 ? SN Jul31 0:00 [ksoftirqd/0]
root 4 0.0 0.0 0 0 ? S Jul31 0:00 [watchdog/0]
root 5 0.0 0.0 0 0 ? S Jul31 0:00 [migration/1]
root 6 0.0 0.0 0 0 ? SN Jul31 0:00 [ksoftirqd/1]
root 7 0.0 0.0 0 0 ? S Jul31 0:00 [watchdog/1]
root 8 0.0 0.0 0 0 ? S< Jul31 0:00 [events/0]
root 9 0.0 0.0 0 0 ? S< Jul31 0:00 [events/1]
root 10 0.0 0.0 0 0 ? S< Jul31 0:00 [khelper]
root 11 0.0 0.0 0 0 ? S< Jul31 0:00 [kthread]
root 15 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kblockd/0]
root 16 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kblockd/1]
root 17 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kacpid]
root 123 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [cqueue/0]
root 124 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [cqueue/1]
root 127 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [khubd]
root 129 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kseriod]
root 194 0.0 0.0 0 0 ? S Jul31 0:00 \_ [pdflush]
root 196 0.0 0.0 0 0 ? S< Jul31 0:14 \_ [kswapd0]
root 197 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [aio/0]
root 198 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [aio/1]
root 363 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kpsmoused]
root 393 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [ata/0]
root 394 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [ata/1]
root 395 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [ata_aux]
root 399 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [scsi_eh_0]
root 400 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [scsi_eh_1]
root 401 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kjournald]
root 421 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kauditd]
root 1305 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [hda_codec]
root 1461 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kmpathd/0]
root 1462 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kmpathd/1]
root 1469 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kmirrord]
root 1491 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kjournald]
root 1493 0.0 0.0 0 0 ? S< Jul31 0:01 \_ [kjournald]
root 1495 0.0 0.0 0 0 ? S< Jul31 0:07 \_ [kjournald]
root 2105 0.0 0.0 0 0 ? S< Jul31 0:02 \_ [rpciod/0]
root 2106 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [rpciod/1]
root 2143 0.0 0.0 0 0 ? S Aug04 0:00 \_ [pdflush]
root 447 0.0 0.0 2212 332 ? S<s Jul31 0:00 /sbin/udevd -d
root 1629 0.0 0.0 1624 364 ? Ss Jul31 0:00 cpuspeed -d -n
root 1630 0.0 0.0 1624 348 ? S Jul31 0:00 \_ cpuspeed -d -n
root 1931 0.0 0.0 1692 580 ? Ss Jul31 0:06 syslogd -m 0
root 1934 0.0 0.0 1640 316 ? Ss Jul31 0:00 klogd -x
root 1943 0.0 0.0 1632 280 ? Ss Jul31 0:00 irqbalance
rpc 1964 0.0 0.0 1776 416 ? Ss Jul31 0:00 portmap
root 1982 0.0 0.0 1884 604 ? Ss Jul31 0:00 rpc.statd
root 1989 0.0 0.0 1628 232 ? S Jul31 0:00 /usr/sbin/courierlogger -pid=/var/spool/authdaemon/pid -star
root 1990 0.0 0.0 2120 544 ? S Jul31 0:00 \_ /usr/libexec/courier-authlib/authdaemond
root 2008 0.0 0.1 2964 1452 ? S Jul31 0:01 \_ /usr/libexec/courier-authlib/authdaemond
root 2009 0.0 0.0 2172 752 ? S Jul31 0:01 \_ /usr/libexec/courier-authlib/authdaemond
root 2010 0.0 0.1 2584 1172 ? S Jul31 0:01 \_ /usr/libexec/courier-authlib/authdaemond
root 2011 0.0 0.0 2172 752 ? S Jul31 0:01 \_ /usr/libexec/courier-authlib/authdaemond
root 2012 0.0 0.1 2964 1456 ? S Jul31 0:01 \_ /usr/libexec/courier-authlib/authdaemond
root 2022 0.0 0.0 4932 308 ? Ss Jul31 0:00 rpc.idmapd
dbus 2034 0.0 0.0 3140 308 ? Ss Jul31 0:00 dbus-daemon --system
root 2042 0.0 0.0 2344 416 ? Ss Jul31 0:00 hcid: processing events
root 2048 0.0 0.0 1712 368 ? Ss Jul31 0:00 /usr/sbin/sdpd
root 2072 0.0 0.0 0 0 ? S< Jul31 0:00 [krfcommd]
root 2107 0.0 0.0 0 0 ? S Jul31 0:00 [lockd]
root 2124 0.0 0.0 12692 552 ? Ssl Jul31 0:00 pcscd
root 2141 0.0 0.0 1876 348 ? Ss Jul31 0:00 /usr/bin/hidd --server
root 2154 0.0 0.0 9044 708 ? Ssl Jul31 0:00 automount
root 2170 0.0 0.0 1640 392 ? Ss Jul31 0:00 /usr/sbin/acpid
root 2187 0.0 0.0 5172 716 ? Ss Jul31 0:02 /usr/sbin/sshd
root 14427 0.0 0.2 8172 2468 ? Ss 14:09 0:00 \_ sshd: root@pts/0
root 14432 0.0 0.1 4620 1472 pts/0 Ss 14:09 0:00 \_ -bash
root 17290 0.0 0.0 4192 936 pts/0 R+ 16:35 0:00 \_ ps -auxf
root 2258 0.0 0.0 4488 544 ? S Jul31 0:00 /bin/sh /usr/bin/mysqld_safe --defaults-file=/etc/my.cnf --p
mysql 2294 0.0 0.6 139508 6432 ? Sl Jul31 1:26 \_ /usr/libexec/mysqld --defaults-file=/etc/my.cnf --basedi
root 2401 0.0 0.1 6240 1344 ? Ss Jul31 0:06 /usr/libexec/postfix/master
postfix 20416 0.0 0.1 6484 1612 ? S Aug03 0:01 \_ qmgr -l -t fifo -u
postfix 16541 0.0 0.1 6300 1664 ? S 15:31 0:00 \_ pickup -l -t fifo -u
postfix 17111 0.0 0.1 6292 1644 ? S 16:21 0:00 \_ anvil -l -t unix -u
postfix 17248 0.0 0.1 6308 1980 ? S 16:33 0:00 \_ trivial-rewrite -n rewrite -t unix -u
postfix 17273 0.0 0.1 6468 1876 ? S 16:34 0:00 \_ smtp -t unix -u
postfix 17274 0.0 0.1 6468 1880 ? S 16:34 0:00 \_ smtp -t unix -u
postfix 17275 0.0 0.1 6468 1876 ? S 16:34 0:00 \_ smtp -t unix -u
postfix 17276 0.0 0.1 6464 1832 ? S 16:34 0:00 \_ smtp -t unix -u
postfix 17277 0.0 0.1 6468 1880 ? S 16:34 0:00 \_ smtp -t unix -u
postfix 17278 0.0 0.1 6468 1880 ? S 16:34 0:00 \_ smtp -t unix -u
postfix 17281 0.0 0.1 6340 1660 ? S 16:34 0:00 \_ bounce -z -n defer -t unix -u
postfix 17283 0.0 0.1 6340 1640 ? S 16:34 0:00 \_ bounce -z -n defer -t unix -u
root 2411 0.0 0.0 1864 292 ? Ss Jul31 0:00 gpm -m /dev/input/mice -t exps2
root 2434 0.0 0.1 5804 1648 ? Ss Jul31 0:00 /usr/sbin/httpd-matrixsa
apache 15100 0.0 0.1 5948 1856 ? S Aug05 0:00 \_ /usr/sbin/httpd-matrixsa
apache 15101 0.0 0.1 5948 1704 ? S Aug05 0:00 \_ /usr/sbin/httpd-matrixsa
apache 14593 0.0 0.1 5948 1852 ? S 14:22 0:00 \_ /usr/sbin/httpd-matrixsa
root 2442 0.0 0.0 5216 596 ? Ss Jul31 0:00 crond
xfs 2465 0.0 0.0 3132 548 ? Ss Jul31 0:00 xfs -droppriv -daemon
root 2480 0.0 0.0 2204 348 ? Ss Jul31 0:00 /usr/sbin/atd
root 2501 0.0 0.1 24212 1372 ? S Jul31 0:00 /usr/bin/python /usr/sbin/yum-updatesd
avahi 2510 0.0 0.0 2864 612 ? Ss Jul31 0:00 avahi-daemon: running [server88-208-201-113.local]
avahi 2511 0.0 0.0 2864 124 ? Ss Jul31 0:00 \_ avahi-daemon: chroot helper process
68 2520 0.0 0.1 5708 1100 ? Ss Jul31 0:00 hald
root 2522 0.0 0.0 3336 520 ? S Jul31 0:00 \_ hald-runner
68 2553 0.0 0.0 2292 568 ? S Jul31 0:00 \_ hald-addon-acpi: listening on acpid socket /var/run/
root 2554 0.0 0.0 3392 520 ? S Jul31 0:00 \_ /usr/libexec/hald-addon-cpufreq
68 2560 0.0 0.0 2288 564 ? S Jul31 0:00 \_ hald-addon-keyboard: listening on /dev/input/event2
68 2563 0.0 0.0 2288 564 ? S Jul31 0:00 \_ hald-addon-keyboard: listening on /dev/input/event0
ntp 2607 0.0 0.0 4128 944 ? Ss Jul31 0:00 ntpd -u ntp:ntp -p /var/run/ntpd.pid -g
root 2667 0.0 0.0 1628 380 tty1 Ss+ Jul31 0:00 /sbin/mingetty tty1
root 2668 0.0 0.0 1628 360 tty2 Ss+ Jul31 0:00 /sbin/mingetty tty2
root 2671 0.0 0.0 1628 360 tty3 Ss+ Jul31 0:00 /sbin/mingetty tty3
root 2672 0.0 0.0 1628 360 tty4 Ss+ Jul31 0:00 /sbin/mingetty tty4
root 2673 0.0 0.0 1628 360 tty5 Ss+ Jul31 0:00 /sbin/mingetty tty5
root 2683 0.0 0.0 1628 360 tty6 Ss+ Jul31 0:00 /sbin/mingetty tty6
root 4656 0.0 0.0 1628 296 ? S Jul31 0:00 /usr/sbin/courierlogger -pid=/var/run/imapd.pid -start -name
root 4657 0.0 0.0 1732 504 ? S Jul31 0:00 \_ /usr/lib/courier-imap/libexec/couriertcpd -address=0 -ma
1003 8661 0.0 0.1 2344 1316 ? S 10:00 0:11 \_ /usr/lib/courier-imap/bin/imapd /home/default/polloc
1001 9528 0.2 0.2 3860 2772 ? S 10:24 1:05 \_ /usr/lib/courier-imap/bin/imapd /home/default/aaronp
1003 15914 0.0 0.1 2200 1072 ? S 14:43 0:00 \_ /usr/lib/courier-imap/bin/imapd /home/default/polloc
1001 17199 0.0 0.0 2124 1020 ? S 16:27 0:00 \_ /usr/lib/courier-imap/bin/imapd /home/default/aaronp
root 4663 0.0 0.0 1632 168 ? S Jul31 0:00 /usr/sbin/courierlogger -pid=/var/run/imapd-ssl.pid -start -
root 4664 0.0 0.0 1732 428 ? S Jul31 0:00 \_ /usr/lib/courier-imap/libexec/couriertcpd -address=0 -ma
root 4669 0.0 0.0 1632 300 ? S Jul31 0:00 /usr/sbin/courierlogger -pid=/var/run/pop3d.pid -start -name
root 4670 0.0 0.0 1732 500 ? S Jul31 0:00 \_ /usr/lib/courier-imap/libexec/couriertcpd -address=0 -ma
root 4675 0.0 0.0 1628 168 ? S Jul31 0:00 /usr/sbin/courierlogger -pid=/var/run/pop3d-ssl.pid -start -
root 4676 0.0 0.0 1736 428 ? S Jul31 0:00 \_ /usr/lib/courier-imap/libexec/couriertcpd -address=0 -ma
root 14860 0.0 1.5 33316 15544 ? Ss Aug03 0:01 /usr/sbin/httpd
apache 30327 0.0 2.1 43480 21688 ? S 01:55 0:16 \_ /usr/sbin/httpd
apache 30328 0.0 2.0 43220 21180 ? S 01:55 0:15 \_ /usr/sbin/httpd
apache 30329 0.0 2.1 43616 21868 ? S 01:55 0:13 \_ /usr/sbin/httpd
apache 30330 0.0 2.1 44132 22308 ? S 01:55 0:16 \_ /usr/sbin/httpd
apache 30331 0.0 2.2 44660 23384 ? S 01:55 0:15 \_ /usr/sbin/httpd
apache 30332 0.0 2.2 44604 22820 ? S 01:55 0:14 \_ /usr/sbin/httpd
apache 30333 0.0 2.0 43576 21532 ? S 01:55 0:17 \_ /usr/sbin/httpd
apache 30334 0.0 2.1 43908 22064 ? S 01:55 0:17 \_ /usr/sbin/httpd
apache 11425 0.0 1.9 42328 20276 ? S 10:53 0:12 \_ /usr/sbin/httpd
apache 16125 0.0 1.6 40572 17052 ? S 15:04 0:01 \_ /usr/sbin/httpd
apache 16126 0.0 1.6 40564 16696 ? S 15:04 0:01 \_ /usr/sbin/httpd
apache 16581 0.0 1.5 40508 16412 ? S 15:34 0:00 \_ /usr/sbin/httpd
apache 16582 0.0 1.6 40612 16436 ? S 15:34 0:00 \_ /usr/sbin/httpd
apache 16637 0.0 1.6 40496 16660 ? S 15:38 0:00 \_ /usr/sbin/httpd
mongrel 15242 0.0 2.8 45536 29104 ? Sl Aug03 0:03 /usr/bin/ruby /usr/bin/mongrel_rails start -d -e production
mongrel 15245 0.0 0.0 42184 828 ? Sl Aug03 0:02 /usr/bin/ruby /usr/bin/mongrel_rails start -d -e production
apache 27873 0.0 0.0 1608 244 ? Ss Aug04 0:00 /usr/local/apache/bin/httpd -DSSL
apache 28536 0.0 0.2 4556 2408 ? S Aug04 0:01 /usr/local/apache/bin/httpd -DSSL
apache 32052 0.0 0.2 4552 2400 ? S Aug04 0:01 /usr/local/apache/bin/httpd -DSSL
apache 32094 0.0 0.2 4552 2400 ? S Aug04 0:01 /usr/local/apache/bin/httpd -DSSL
root 15106 0.0 0.2 9836 2056 ? Ss Aug05 0:00 cupsd
root 15135 0.0 1.2 90504 12360 ? Sl Aug05 0:11 python2 MatrixSALaunch.py ThreadedAppServer
apache 19934 0.0 0.3 6096 3864 ? S Aug05 0:00 /usr/local/apache/bin/httpd -DSSL
1001 8664 0.0 0.1 2524 1044 ? S 10:00 0:00 /usr/libexec/gam_server
1003 8666 0.0 0.1 2528 1040 ? S 10:00 0:00 /usr/libexec/gam_server
root 17068 0.0 2.6 31508 27016 ? Ss 16:16 0:00 /usr/bin/spamd -d -c -m5 -H -r /var/run/spamd.pid
root 17070 0.1 2.8 33752 29236 ? S 16:17 0:01 \_ spamd child
root 17071 0.0 2.7 32432 27772 ? S 16:17 0:00 \_ spamd child

vmstat 5 5:

Quote:

procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu------
r b swpd free buff cache si so bi bo in cs us sy id wa st
0 1 86800 26008 285380 234780 0 0 3 10 21 1 0 0 99 0 0
0 0 86800 26716 285396 234792 0 0 0 98 289 538 4 1 94 0 0
0 0 86800 26764 285404 234792 0 0 0 62 254 333 0 0 100 0 0
0 0 86800 26772 285404 234792 0 0 0 0 255 346 0 0 100 0 0
0 0 86800 26772 285416 234792 0 0 0 16 253 408 0 0 100 0 0

View 3 Replies View Related

Phishing

Nov 1, 2007

with my server i ran in to big issue with phishing sites. i have secured my server with firewall, and many other security things. but still i can see some times some one place phishing site. serverbeach suspend my server few times. i know this is not doing by users by there selfs. but however its coming in to the server. in secure side now i have to only go thorugh sites and check all writable directories.

is there any way to monitor the phishing activities? may be its some kind of scripts some one running inside the server?

View 8 Replies View Related

Phishing

Jun 15, 2007

I currently run a dedicated server and for the past 2 month or so have been attacked by some hackers or so. Meaning that on my sites every other day there is a folder of a phishing site. It is either paypal, ebay, exc phishing site and I know that I did not upload it there. I have tried almost anything to stop that, but it just keeps happening, my server company suggested to do os reload, but I am not sure as that will cost me $100. Was anyone faced with a problem like this that can give few suggestions? I use cpanel server.

View 8 Replies View Related

Prevent Phishing

Jun 1, 2008

I'm not that techy I'd like to ask why this person downloaded the file below before uploading some phishing webpages on my account ? I've changed my password numerious times from different computers and even from mobile phone just to check if the person can still get in. But again it is no use the person were able to upload phishing pages.

logs:

May 25 21:50:42 server100 pure-ftpd: (weblogin100@62.56.133.36) [NOTICE] /home/weblogin100//.htpasswds/update/Login.php downloaded (21251 bytes, 755.78KB/sec)

Right now I deleted all other scripts on the account and remain some htmls. Folder were also set to 644 no 777, while waiting if the person can still upload his phishing pages please help me why he downloaded the file above. I've check the file on my account and I cannot see Login.php. By the way I have a root login and only two accounts were a constant phishing victims.

View 1 Replies View Related

Email Phishing Alert

Apr 26, 2008

Gmail has a feature to detect email phishing and it marks them with a red header alert saying "Warning" This message may not be from whom......", I believe this red alert has nothing to do with spf record of that email, so how does it detect it as phishing email?

We have spf record and I sent an email from another server, when I received that emai the spf record was "softfail" but it does not have that red alert.

View 0 Replies View Related

Tracking Down Phishing Site

Jan 10, 2007

We have received the complain from paypal that one of the domains were phishing. How to track it down? How to find out the method that how they uploaded? I checked /tmp file and couldn't find anything. I check access_log file for wget and couldnt find anyting.

View 2 Replies View Related

Preventing Phishing Sites

Feb 18, 2007

I am running a hosting service. Recently a user put a phishing site on the server, pretending to be an eBay signup page and soliciting passwords. I had all kind of truble with this, because eBay complained to my server company.

I would like to ask if you know any solution what would block such sites automatically?

It could search for some predefined texts on the page (such as "sign in to eBay") and block the page if they are found. I wasn't able to find anything in Apache documentation.

View 6 Replies View Related

RapidVPS - Hosting For Scam And Phishing

Sep 18, 2008

I want post here about RapidVPS hosting,
they host all scam and phishy sites like Hyip.
What is Hyip? Here-> [url]

My proof:

ablehyip. com/hyip/ (IP:208.84.144.131)
globalmarketsol. org (IP:66.35.79.68)
forexco. us/index.php?a=home (IP:66.35.79.37)
xlinvestment. us (IP:66.35.79.29)
topprofitworld. net (IP:66.35.79.94)
real-onlineforex. com (IP:66.35.79.118)
fx-88. com (IP:208.84.150.149)
marvelpartners. us (IP:66.35.79.68)
and so on too many hyip scams, very big list.

All provided IP addresses are rigistered with
OrgName: Infinitum Technologies Inc. (RapidVPS)
OrgID: INFIN-27
Address: 873 Grand Regency Pte.
Address: Suite 201
City: Altamonte Springs
StateProv: FL
PostalCode: 32714
Country: US

All IP addresses are provided for
network: Organization-Org-Name:NVHSERVER Inc
network: Organization-Name:Ha Nguyen
network: Description-Usage:Internet Service Provider

I have contacted with RapidVPS admin and this guy (name is Rick) never answer my reports,
just ignore me, ban me, I'm sure he is owner of all this scam.

I have created account on the RapidVPS forum,
and Rick ban me for my first post about hyip scam on their servers,
here is proof: [url]

If you wanna ask about this issue, contact Rick directly: rickb@rapidvps.c0m

Guys what you think about this issue or maybe it's normal for all US hosters?

Please your comments.

Thanks for this post reading and your time.

Here is more info about hyip scam:
fbi.gov/majcases/fraud/fraudschemes.htm#ponzi
sec.gov/answers/ponzi.htm

View 14 Replies View Related

A List & Anti-phishing Stuff

Dec 17, 2007

I don't know about security on servers much, and we're setting up our new server. I have the techs doing the install stuff, but I would love to know what to install security wise. My current list:

Firewall - good free one?
Antivirus - good free one?

rootkit, some way of stopping it (anti-rootkit?)

Also, is there some sort of script which searches all cPanel accounts/files for phishing sites or spam sites etc? I swear I've seen one before, in firewall form?

Oh the server setup is going to be:

php5-CGI, fCGI, mySQL 5, apache 2.2.x, centOS, ruby on rails, django, ioncube, other php libraries, mod_rewrite, I think thats everything. (cPanel).

View 4 Replies View Related

Someones Uploaded A Phishing Site

Jul 31, 2007

Someones managed to upload a phishing site to my VPS.

How do they normally achieve this, there has been no unauthorised root access as I get e-mail each time someone log in as root.

Is it likely they've just managed to guess my ftp password, or is it going to have something to do with a script running elsewhere?

I've got solarvps looking at it now.

View 14 Replies View Related

HostGator Being Targeted By Australian Phishing Scam

Jun 2, 2009

I know Brent from HostGator reads here so thought I share this, If you are an Australian you are more than likely getting phishing emails supposedly from Commonwealth Bank (Australia's largest bank). I get about 20 a day to all my email addresses, here's one I got today:

We recorded a payment request from "HostGator -www.hostgator.com- Reseller Web Hosting"
to enable the charge of $74.95 on your account.

Because the order was made from an African internet address, we put an Exception Payment on
transaction id #POS PAYM7284 motivated by our Geographical Tracking System.

THE PAYMENT IS PENDING FOR THE MOMENT.

If you made this transaction or if you just authorize this payment, please ignore or remove this email
message. The transaction will be shown on your monthly statement as "HostGator - Reseller Web Hosting".

If you didn't make this payment and would like to decline the $74.95 billing to your card, please follow
the link below to cancel the payment :

Cancel this payment (transaction id #POS PAYM7284)

NOTE: Because email is not a secure form of communication, please do not reply to this email.

© Commonwealth Bank of Australia 2009 ABN 48 123 123 124

Of course I'm not a customer of this bank nor am I with HostGator, but these emails are getting more sophisticated by the day.. please also see [url]

View 6 Replies View Related

Spam/phishing Emails By Remote Connection (hacked)

Apr 23, 2009

One day, you noticed that someone remotely connectted your computer and an application sends spam/phishing emails bu using your IP. What do you do?

Of course, I stopped the program and blocked remote connection for a while and changed my password... I any way, i have to connect my computer remotely... What do you advice?

By the way, i have more than 1000 email accounts on my computer. Hacker left me a gift, but I don't need them))

View 9 Replies View Related

How To Fight Phishing / Fraud Sites In Free Hosting Server?

Aug 30, 2007

I run a Free web hosting service on my server with XPanel script installed. It has around 47K accounts in all. Recently i started getting mails from e-bay, banks and many other institutions regarding the Phishing sites operating from my server for cheating their customers / members. Though i removed them but i have to do it manually and after getting mails from them.

Now that i dont want any more such site to run from my hosting site, What are the options available for me in order to check all accounts automatically and remove any such site on its own? As there are 47K accounts and 100+ new signups each day, it is not possible to check all accounts manually.

I want any script / addon which can check all possible Phishing / Spamming / Spurious / Fraud sites and intimate me/ delete them upon request. Any person using such services? I need your guidance + support.

Looking for some fast and effective answers from experts here.

View 10 Replies View Related

Plesk 11.x / Linux :: Scripts Of SPAM And Phishing Installed On Server?

May 22, 2014

I are running an Plesk 11.5 on a Ubuntu 12.04 machine. Since days i have problems where i see scripts of phishing sites and mailer scripts installed in the httpdocs directory of various domain.

How I can prevent that people outsiders install this scripts on the server? Where is the bug that allows this?

View 4 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved