httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Giles Coochey" <gi...@coochey.net>
Subject Re: [users@httpd] phishing problem
Date Tue, 12 Jul 2011 08:33:57 GMT
On Tue, July 12, 2011 10:20, Frank Bonnet wrote:
> Hello
>
> Few weeks ago we discovered that two of our apache servers
> has been victims of phishing attack.
>
> The first one is running squirrelmail webmail and the second one
> in running our extranet services for students and professors.
>
> Both of them are using https and require authentication.
>
> The two phising pages had the same look and feel than original servers
> of course !
>
> The "traps" has been used to grab users's login and passwords as usual.
>
> The attack has been performed by "real" hackers that have been paid
> by some students to hack passwords of "interresting" people.
> maybe some hacked DNS or Internet routers has been compromised/used ?
>
> I would be VERY interrested by ANY documentation about that kind
> of phising techniques and HOW to fight them ( if possible ) also
> I would be interrested by any apache gurus advices ...
> Would it be possible to configure something in apache to track down
> that kind of problem ? any log analyzer that could help ?
>
If you are saying that someone made a copy of your website and somehow
lured people in to login to those websites under the guise that they were
in fact your website then:

The best defence against this is the education of your userbase. This
attack is essentially a social engineering attack and your users need to
be educated to mitigate the risk.

When your user enters a password, make sure they take a look at the
situation before doing so.

1. Is the connection HTTPS
2. Is the certificate provided correct
3. Does the URL look correct

and so on.

If anything looks a bit 'phishy' then they should call your helpdesk. You
do have a helpdesk, don't you?

As it is a social engineering attack there is relatively little you can do
on the technical side to mitigate the risks here.



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message