[Web4lib] Phishing exploits in emails

John Fereira jaf30 at cornell.edu
Wed Feb 7 18:34:09 EST 2007 

At 06:06 PM 2/7/2007, Micah Stevens wrote:
>Sounds like their webserver was just hacked and that sub-folder was 
>used to hold an add. This has happened to a couple of my clients 
>from time to time. I'm always amazed how people insist on using 
>logins like 'web' with a password of 'web' for their site FTP. One 
>time I was called because a client had found some really offensive 
>porn on their site and couldn't understand how it got there.
>
>If admins don't keep track of their site and don't use secure 
>password techniques, this type of thing will remain prevalent.

Password compromises are just one means for hacking web sites.  There 
are many other security vulnerabilities, but yes, passwords are a 
first line of defense.    One of the more common and annoying is 
compromising open source products that have been installed, but not 
properly secured.  Because the product is open source anyone can 
download it and examine it for possible security holes, the look for 
places that have installed the software and enter the system through 
a hole that, because it is open source, is more easily discovered.

We recently had quite a few reports of people receiving porn spam 
with URLs which looked like were coming from our PURL server.  The 
system was apparently compromised such that people were able to 
create persistant urls pointing to their favorite porn site.

Regarding the attacks coming from China, Russia, etc.  It's becoming 
a fairly common practice to configure mail servers such that all mail 
coming from a .ch (china) domain is rejected.


>-Micah
>
>On 02/07/2007 02:55 PM, Drew, Bill wrote:
>>I have been getting a lot of phishing emails supposedly from Amazon.
>>It is quite irritating since I do a lot of business on Amazon.  I looked
>>at the source code for one of the messages and found this web address:
>>//www.holyspirit-indy.org/pack46/.support/www.amazon.com/flex/sign-out.h
>>tml/2Fhomepage=protocol=httpsaction=sign-out/exec.php?cmd=sign-in
>>
>>I went to the website www.holyspirit-indy.org and found the website for
>>the Holy Spirit Catholic Church of Indianapolis.  I called them to tell
>>them that their webserver was being used for phishing exploits.  The
>>priest I talked to was quite happy to have my phone call.  He was going
>>to talk to their website administrator.  Is this type of hack common and
>>how do idiots get this type of access?  I am curious since most of the
>>phish e-mails I get come from places like China, South Korea, or Russia.
>>
>>
>>Wilfred (Bill) Drew Associate Librarian, Systems and Reference
>>Morrisville State College Library
>>E-mail: mailto:drewwe at morrisville.edu
>>AOL Instant Messenger:BillDrew4
>>Facebook me <http://www.facebook.com/p/Bill_Drew/202201900> 
>>BillDrew.Net: http://billdrew.net/
>>Wireless Librarian: http://people.morrisville.edu/~drewwe/wireless/
>>Library: http://library.morrisville.edu/
>>SUNYConnect: http://www.sunyconnect.suny.edu/
>>My Blog:http://babyboomerlibrarian.blogspot.com
>>
>>"They that can give up essential liberty for a little temporary safety
>>deserve neither liberty nor safety." Ben Franklin, 1759
>>
>>_______________________________________________
>>Web4lib mailing list
>>Web4lib at webjunction.org
>>http://lists.webjunction.org/web4lib/
>>
>_______________________________________________
>Web4lib mailing list
>Web4lib at webjunction.org
>http://lists.webjunction.org/web4lib/

John Fereira
jaf30 at cornell.edu
Ithaca, NY

More information about the Web4lib mailing list