Phishing Attack on Another Website
Moderator: General Moderators
Phishing Attack on Another Website
I have been a developer for a few years and have not had much experience with phishing attacks. I work for an organization and yesterday they were subject to a phishing attack. I contacted the webmaster and no response. So we notified our members and our legal department contacted the sites host dreamhosting.com but no response yet. Out of curiosity I looked around on the site (a little wordpress blog) where the phishing page was and this file manager popped up and I was able to see everything the hackers did. The cloned login page of the our site and the php file that would store the usernames and passwords in a text file and email the hacker. So I copied the emails and notified those members and blocked their accounts. It looks like the hackers got the wordpress admin password and uploaded this tool "exploit db" into the uploads directory. Is this normally how these phishing attacks work and should I be able to see this tool? Or are these hackers just not very good? Also is there anything I can do? - if I delete the files they just put them back up. I did manage to change the hackers email address and he hasn't noticed so far. I'm just wondering if anyone has suggestions don't know if this was the right place to post.
Re: Phishing Attack on Another Website
Are you sure it started off with phishing? That has to be combated with education for the privileged users and a good security model to restrict the access of the underprivileged users. Plus no security holes in the software but that's a given.
- social_experiment
- DevNet Master
- Posts: 2793
- Joined: Sun Feb 15, 2009 11:08 am
- Location: .za
Re: Phishing Attack on Another Website
If you haven't already you should update the administrator password, and all other passwords related to your site (ftp, etc)ambaum2 wrote:Also is there anything I can do?
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering