PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
It is currently Tue Feb 19, 2019 2:48 am

All times are UTC - 5 hours

Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Sat May 12, 2012 4:12 pm 
Forum Newbie

Joined: Sat May 12, 2012 3:57 pm
Posts: 1
I have been a developer for a few years and have not had much experience with phishing attacks. I work for an organization and yesterday they were subject to a phishing attack. I contacted the webmaster and no response. So we notified our members and our legal department contacted the sites host but no response yet. Out of curiosity I looked around on the site (a little wordpress blog) where the phishing page was and this file manager popped up and I was able to see everything the hackers did. The cloned login page of the our site and the php file that would store the usernames and passwords in a text file and email the hacker. So I copied the emails and notified those members and blocked their accounts. It looks like the hackers got the wordpress admin password and uploaded this tool "exploit db" into the uploads directory. Is this normally how these phishing attacks work and should I be able to see this tool? Or are these hackers just not very good? Also is there anything I can do? - if I delete the files they just put them back up. I did manage to change the hackers email address and he hasn't noticed so far. I'm just wondering if anyone has suggestions don't know if this was the right place to post.

PostPosted: Sat May 12, 2012 6:20 pm 
Spammer :|
User avatar

Joined: Wed Oct 15, 2008 2:35 am
Posts: 6617
Location: WA, USA
Are you sure it started off with phishing? That has to be combated with education for the privileged users and a good security model to restrict the access of the underprivileged users. Plus no security holes in the software but that's a given.

PostPosted: Mon May 14, 2012 6:26 am 
DevNet Master
User avatar

Joined: Sun Feb 15, 2009 12:08 pm
Posts: 2794
Location: .za
ambaum2 wrote:
Also is there anything I can do?

If you haven't already you should update the administrator password, and all other passwords related to your site (ftp, etc)

“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering

Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC - 5 hours

Who is online

Users browsing this forum: No registered users and 5 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group