[LINK] Phishing Servers - Apache and Linux
Craig Sanders
cas at taz.net.au
Tue Sep 11 13:39:45 AEST 2007
On Tue, Sep 11, 2007 at 01:13:57PM +1000, Rick Welykochy wrote:
> I have received quite a number of phishing/pharming attempts
> lately, so I decided to follow up on the actual servers being
> used in the phisher's URL.
>
> Out of about 15 samples, all URLs pointed to servers running Linux
> and Apache.
my guess is that they're all running some crappy insecure PHP
application which has been exploited. PHP (still!) has several
exploitable bugs, and many people who code PHP don't really know what
they're doing.
this is exacerbated by the fact that many of the people who run such
apps also have no idea what they're doing and have no clue how to secure
their systems - and often deliberate compromise security for the sake of
convenience.
i tend to avoid php+mysql apps because they tend to be written by the
clueless. if they knew better, they'd choose a better language and a
better database.
> A final question: if a server is found to be hosting pharming
> pages, could / should the owner of the server be found complicit
> in criminal fraud?
depends how long it takes them to do anything about it.
craig
--
craig sanders <cas at taz.net.au>
More information about the Link
mailing list