httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sander Temme <scte...@apache.org>
Subject Re: [users@httpd] phishing problem
Date Tue, 12 Jul 2011 16:49:03 GMT

On Jul 12, 2011, at 1:37 AM, Patrick Proniewski wrote:

> Hi,
> 
> Apache servers are not victims of phishing attacks.
> Users are victims of phishing attacks.
> 
> As the OP is french, I'm continuing in french:

Patrick, remember that one of the reasons we have these conversations on a mailinglist is
that others can also benefit from the information exchanged.  You're not just talking to Frank,
you're talking to all of us.  Keeping the conversation in English will ensure maximum benefit.

Thank you, 

S.

> Comme je ne dis plus haut, tes serveurs ne peuvent pas être victimes d'une attaque de
phishing. Un phishing c'est une attaque par abus de confiance (ou de bêtise), et ça se situe
donc directement au niveau de l'utilisateur.
> Le seul moyen de lutter contre le phishing c'est d'éduquer les utilisateurs. Tu peux
toujours proposer des services en https, si les utilisateurs se moquent de la validité des
certificats, c'est mort.
> 
> Tu ne donnes pas assez de détails pour qu'on puisse comprendre ce qu'il s'est passé,
donc impossible de te donner des pointeurs vers de la doc. 
> Quoi qu'il en soit, si les utilisateurs ont été dirigés à leur insu vers un serveur
"pirate", il n'existe aucune configuration d'apache qui peut les protéger, puisque par définition,
les utilisateurs arrivent sur un serveur qui n'est pas le tien.
> 
> On 12 juil. 2011, at 10:20, Frank Bonnet wrote:
> 
>> Hello
>> 
>> Few weeks ago we discovered that two of our apache servers
>> has been victims of phishing attack.
>> 
>> The first one is running squirrelmail webmail and the second one
>> in running our extranet services for students and professors.
>> 
>> Both of them are using https and require authentication.
>> 
>> The two phising pages had the same look and feel than original servers
>> of course !
>> 
>> The "traps" has been used to grab users's login and passwords as usual.
>> 
>> The attack has been performed by "real" hackers that have been paid
>> by some students to hack passwords of "interresting" people.
>> maybe some hacked DNS or Internet routers has been compromised/used ?
>> 
>> I would be VERY interrested by ANY documentation about that kind
>> of phising techniques and HOW to fight them ( if possible ) also
>> I would be interrested by any apache gurus advices ...
>> Would it be possible to configure something in apache to track down
>> that kind of problem ? any log analyzer that could help ?
>> 
>> Thank you very much
> 
> Patrick PRONIEWSKI
> -- 
> Administrateur Système - DSI - Université Lumière Lyon 2
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message