* * * * *

                                 It's magic!

One of our client's customer's site was being used for a phishing scam [1].
The site itself had nothing to do with the scam, it's just that someone had
uplaoded some pages that looked like a PayPal login screen. Our client wrote
in:

> We rec'd a call saying that a phishing scam was using XXXXXXXXXXXXXX (a
> site on XXXXXX) This is the email they rec”d:
>
> “Ticket from our client”
>

And yes, the email was a typical phishing email. I had some exchanges with
the client. It ended thus:

> Did you already remove the problem files? If not, what should we do? And
> what can we do to prevent this in the future. I'm sure the client didn't
> know what was going on.
>
> “Response from our client”
>

> I didn't remove the files, as it's inaccessible anyway due to the Apache
> configuration. If you want, I can delete them.
>
> As for prevention, remind the client not to let out their account
> information. Another thing to check is for insecure CGI (Common Gateway
> Interface) scripts (PHP, etc) that might allow someone to upload such
> items.
>
> “My response”
>

> I think it's best to remove the infected files to prevent the site, or the
> server, from being blocked or placed on any blacklists or anything. Thank
> you.
>
> “Client respnose”
>

“Infected files?”

These are not “infected files”—they contain no virus. They don't propagate on
their own. They don't infect other files (I'm also tempted to question their
reading comprehension, as I clearly stated the files were “inaccessible due
to the Apache configuration” but I won't). These files were placed there by
someone.

Does no one truely understand this stuff anymore? Does anyone read anymore?

Sigh.

Update a few minutes later

Why am I being so harsh?

I think it's because the client that wrote in is a web design and hosting
company (and we do some of the hosting for them). If it was the end customer,
the one who's site was being used, that wrote in, I would be more forgiving
(or rather, I'd roll my eyes, fix the problem, and go on). But for a company
that does web design? That also hosts some of their sites? Them, I would
expect a bit more from.

In the end, I rolled my eyes, fixed the problem, and then went on to make a
post about it.


[1] http://en.wikipedia.org/wiki/Phishing

Email author at [email protected]

You are viewing proxied material from gopher.conman.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.