Re: phishing problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, July 12, 2011 10:20, Frank Bonnet wrote:
> Hello
>
> Few weeks ago we discovered that two of our apache servers
> has been victims of phishing attack.
>
> The first one is running squirrelmail webmail and the second one
> in running our extranet services for students and professors.
>
> Both of them are using https and require authentication.
>
> The two phising pages had the same look and feel than original servers
> of course !
>
> The "traps" has been used to grab users's login and passwords as usual.
>
> The attack has been performed by "real" hackers that have been paid
> by some students to hack passwords of "interresting" people.
> maybe some hacked DNS or Internet routers has been compromised/used ?
>
> I would be VERY interrested by ANY documentation about that kind
> of phising techniques and HOW to fight them ( if possible ) also
> I would be interrested by any apache gurus advices ...
> Would it be possible to configure something in apache to track down
> that kind of problem ? any log analyzer that could help ?
>
If you are saying that someone made a copy of your website and somehow
lured people in to login to those websites under the guise that they were
in fact your website then:

The best defence against this is the education of your userbase. This
attack is essentially a social engineering attack and your users need to
be educated to mitigate the risk.

When your user enters a password, make sure they take a look at the
situation before doing so.

1. Is the connection HTTPS
2. Is the certificate provided correct
3. Does the URL look correct

and so on.

If anything looks a bit 'phishy' then they should call your helpdesk. You
do have a helpdesk, don't you?

As it is a social engineering attack there is relatively little you can do
on the technical side to mitigate the risks here.



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux