Phishing Attack on Another Website

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
ambaum2
Forum Newbie
Posts: 1
Joined: Sat May 12, 2012 3:57 pm

Phishing Attack on Another Website

Post by ambaum2 »

I have been a developer for a few years and have not had much experience with phishing attacks. I work for an organization and yesterday they were subject to a phishing attack. I contacted the webmaster and no response. So we notified our members and our legal department contacted the sites host dreamhosting.com but no response yet. Out of curiosity I looked around on the site (a little wordpress blog) where the phishing page was and this file manager popped up and I was able to see everything the hackers did. The cloned login page of the our site and the php file that would store the usernames and passwords in a text file and email the hacker. So I copied the emails and notified those members and blocked their accounts. It looks like the hackers got the wordpress admin password and uploaded this tool "exploit db" into the uploads directory. Is this normally how these phishing attacks work and should I be able to see this tool? Or are these hackers just not very good? Also is there anything I can do? - if I delete the files they just put them back up. I did manage to change the hackers email address and he hasn't noticed so far. I'm just wondering if anyone has suggestions don't know if this was the right place to post.
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Phishing Attack on Another Website

Post by requinix »

Are you sure it started off with phishing? That has to be combated with education for the privileged users and a good security model to restrict the access of the underprivileged users. Plus no security holes in the software but that's a given.
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: Phishing Attack on Another Website

Post by social_experiment »

ambaum2 wrote:Also is there anything I can do?
If you haven't already you should update the administrator password, and all other passwords related to your site (ftp, etc)
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Post Reply