PaulDotCom mailing list archives
Re: How to detect phishing and spoofed websites
From: Bill Swearingen <hevnsnt () i-hacked com>
Date: Wed, 12 Dec 2012 21:27:57 -0600
I have found that an email to the hosting company to be very successful, even in other countries. On Dec 12, 2012 7:14 PM, "allison nixon" <elsakoo () gmail com> wrote:
As a web app developer, I'm not sure how your responsibilities would apply to dealing with phishing sites. Are you maintaining a website and people are creating phishing sites mimicking yours? If so, pls read the following wikipedia entry: http://en.wikipedia.org/wiki/Backscatter_(email) also, phishers typically dump people onto the real website after they have fallen for the scam so it would be wise to locate some of the phishing pages imitating your site, "falling" for the scam yourself, and looking at the pattern of traffic that ends up going to your site. Other IPs with the same pattern of traffic could have their accounts compromised. Finally, once you've found the site, you could file dmca complaints, and you would have good standing to do so, but it probably wouldn't help you anyways. Phishing websites are disposable. I have seen people attempt to fill in the phishing site with lots and lots of garbage info to make the operation unprofitable, as well as locating the caches of stolen credentials on the server, but that begins to fall into a very grey area and you can make your own decisions on the matter. You could also create fake accounts and enter them into known phishing sites, and track the activity of any IP that attempts to log into those accounts. Typically the attacker attempts to log in with many usernames from its stolen credential cache, and you might even want to lower your login security to allow for many different logins from one IP, so they don't need to recycle IPs and are easier to track. Of course, do what makes sense for your situation. -Allison Nixon On Wed, Dec 12, 2012 at 1:25 PM, xgermx <xgermx () gmail com> wrote:Check for encoded javascript/php, check any redirects, check for any 1x1 iframes, etc wget/curl scripting can really do a lot for you and if you want to roll up your scripting sleeves, you can leverage the VirusTotal API. https://www.virustotal.com/documentation/public-api On Wed, Dec 12, 2012 at 8:43 AM, Brian Erdelyi <brian_erdelyi () yahoo com>wrote:Good morning everyone, I'd like to create a guide and checklist for detecting phishing attacks. I want to focus on server side. What can a website admin do to detect phishing attacks and spoofed websites? What can a web app developer do to make it easier to detect phishing attacks and spoofed websites? Brian Sent from my iPhone _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- _________________________________ Note to self: Pillage BEFORE burning. _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- How to detect phishing and spoofed websites Brian Erdelyi (Dec 12)
- Re: How to detect phishing and spoofed websites xgermx (Dec 12)
- Re: How to detect phishing and spoofed websites allison nixon (Dec 12)
- Re: How to detect phishing and spoofed websites Bill Swearingen (Dec 12)
- Re: How to detect phishing and spoofed websites Brian Erdelyi (Dec 13)
- Re: How to detect phishing and spoofed websites allison nixon (Dec 13)
- Re: How to detect phishing and spoofed websites allison nixon (Dec 12)
- Re: How to detect phishing and spoofed websites xgermx (Dec 12)
- Re: How to detect phishing and spoofed websites Robert Cazares (Dec 13)
- <Possible follow-ups>
- Re: How to detect phishing and spoofed websites Ian Ahl (Dec 14)
- Re: How to detect phishing and spoofed websites Tim Krabec (Dec 14)