On 07/12/2011 10:33 AM, Giles Coochey wrote:
On Tue, July 12, 2011 10:20, Frank Bonnet wrote:Hello Few weeks ago we discovered that two of our apache servers has been victims of phishing attack. The first one is running squirrelmail webmail and the second one in running our extranet services for students and professors. Both of them are using https and require authentication. The two phising pages had the same look and feel than original servers of course ! The "traps" has been used to grab users's login and passwords as usual. The attack has been performed by "real" hackers that have been paid by some students to hack passwords of "interresting" people. maybe some hacked DNS or Internet routers has been compromised/used ? I would be VERY interrested by ANY documentation about that kind of phising techniques and HOW to fight them ( if possible ) also I would be interrested by any apache gurus advices ... Would it be possible to configure something in apache to track down that kind of problem ? any log analyzer that could help ?If you are saying that someone made a copy of your website and somehow lured people in to login to those websites under the guise that they were in fact your website then: The best defence against this is the education of your userbase. This attack is essentially a social engineering attack and your users need to be educated to mitigate the risk. When your user enters a password, make sure they take a look at the situation before doing so. 1. Is the connection HTTPS 2. Is the certificate provided correct 3. Does the URL look correct and so on. If anything looks a bit 'phishy' then they should call your helpdesk. You do have a helpdesk, don't you? As it is a social engineering attack there is relatively little you can do on the technical side to mitigate the risks here.
OK I understand .. there is nothing to do after all --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|