Deadpool
Go Sens Go
Premium,VIP
join:2001-03-29
Canada | reply to delenn13
Re: [Serious] Certapay Scam
It's funny how they said they took the necessary action to block the website when they're not an ISP, nor do they manage the backbones of the Internet. LOL
--
Sens 7 (40 GF) - Leafs 0 (14 GF) **** Final Round: April 15, 2006 |
|
Devanchya
Smile
Premium
join:2003-12-09
Ajax, ON
 ·Bell Sympatico
| Actually Deadpool, they are taking the necessary steps.
Over the last week I have been sub-contracted to remove 3 differnt Spoofing scams on web servers that had a user with weak passwords
In this case, the "real" company just needs to prove to the .com commity. Takes 24-72 hours in most cases.
--
»www.codecipher.com - Marking the way to tomorrow's solutions |
|
Deadpool
Go Sens Go
Premium,VIP
join:2001-03-29
Canada
·Bell Sympatico
| said by Devanchya  :Actually Deadpool, they are taking the necessary steps. Over the last week I have been sub-contracted to remove 3 differnt Spoofing scams on web servers that had a user with weak passwords In this case, the "real" company just needs to prove to the .com commity. Takes 24-72 hours in most cases. Sorry, I was taking what they said literally. They said 'block', and in my books that means block. If what you're saying is true, then they're not even having the site removed either, just the actual .com removed. Which doesn't really help since the HTML link can be spoofed to display whatever.com, but actually points to the IP.
What they should do is contact the hosting company and have them removed.
--
Sens 7 (40 GF) - Leafs 0 (14 GF) **** Final Round: April 15, 2006 |
|
Devanchya
Smile
Premium
join:2003-12-09
Ajax, ON
·Bell Sympatico
| Problem with contacting the hosting company is 9 times out of 10, this is on a Kiddie-scripted hacked machine. Bascily some bozzo has a website with a user "web" and password "123456" and this script gets in.
Depending on the level of the server setup, the next step is usally the instalation of a PHP script with Shell Access, and then using local access exploits to gain root to the box and setup an IRC network connection to publish phishing scams.
Now the larger groups will go ahead and buy .com .net .org names with a spelling error and point it to this location. Domain cost $1.99 in some of the cheaper locations, and a single "successful capture" of personal data is worth about $3000 min. Add Online banking access, or a CC number and that raises the stakes.
Now, Most phishing scams use "HTML" emails to hide the actual address and will instead redirect to something like rbonline.fasf.com/online or something stupid like that. IF that machine is hosted in a certain locations, you can get them shutdown/notified in a few days. Other countries good luck they don't give a fig.
In my case, there was a yahoo lottery scam that was going around and 3 of the attacks were from a twiki exploit, 1 from a weak password, and another 2 from a and [very old] old sendmail exploit. Took about 4-5 hours each just to investigate them and in some cases removal wasn't an option at all and we had to block access to the server locations at the router.
Each one of these cost at least $500 to even begin to repair, and after loss of confidence, support issues, reinstall steps etc, most likely will costs close to $2-3000 on the server side.
This is just KILLER for anyone who is running a small-medium hosting company.
Don't even get me started on the pure ammount of BANDWIDTH some of these attacks can take due to spam/bot inclusion attacks etc can take over.
Makes me sick in a way.
--
»www.codecipher.com - Marking the way to tomorrow's solutions |
|
