Why phishing works? (Was: Re: [LINK] Harvard arts-science requires open-access publishing)

Adrian Chadd adrian at creative.net.au
Sat Feb 16 17:49:54 AEDT 2008


On Sat, Feb 16, 2008, Rick Welykochy wrote:

> One thing I have done is check into which web server is being used for
> dozens of phishing scams. They are all Apache running PHP/4 or PHP/5.
> I do not think Apache itself is insecure, so I would put the blame
> on PHP (full of holes) or else the owners of the servers are willingly
> hosting the scam pages. I tend to think the former is the case.

I've been cleaning out a site which has been used for phishing.
99% of the time its because someone installed some 100% insecure php
software that you just can't live without, apparently.





Adrian




More information about the Link mailing list