ScamBlog

Scamdex

Scamdex's Somewhat Cynical Take on Scams
Scamdex is a resource about scams, mainly internet-based. It contains a huge archive of carefully sifted email scams, categorized and analysed. The ScamBlog is commentary on the world of scams - scams which get bigger, cleverer and nastier day by day. These are our thoughts on stuff that makes us mad.Blog Directory - Blogged

8 Nov '07

Long-needed Upgrades to Scamdex

by mxw @ 11:45 am. Filed under Scamdex

Well to start with, I wanted to PHP-ize everything. SO I started looking at the Apache/PHP config and as usual, without backups or testing or anything, I dived in and threw the big red switch. Everything seemed to go ok but then the trouble started!
All my websites broke. any ‘.html’ web pages that had embedded php in them broke really badly, whole directories of files became ‘not found’ and it kept asking me what I wanted to do with files of type httpd-php5 and so on….

ANyway, lots of hacking later and it seems to be working. I had to force all the ‘.html’ files to become ‘.php’ files, but a little bit of .htaccess rewriting allows for previous search engine results to continue to work. had to upgrade wordpress and do a lot of tweaking for the file ownerships and permissions to even allow people to see them.

and then…

and then I noticed I had a visitor. Not just any visitor – he had guessed the ‘admin’ password (and I thought it was SOOOO clever) and had made himself root and installed some shitty little spam engine. Got rid of that and locked down sshd access to impose limits on number of failed logins per IP but he got back in and this time installed a Mech Chat server.

He”l probably get back in – linux security isn’t my best skill – but at least he didnt trash anything and it forced me to tidy up a bit.

Sees like he was one of our dear Romanian friends, but that might just have been ip cloaking…

Next phase is to make the scam emails look a bit nicer. I am trying out mhonarc – more flexible than hypermail and much better de-miming than my sad pathetic efforts. Check back to see how I’m doing.

Link To This Post
1. Click inside the codebox
2. Right-Click then Copy
3. Paste the HTML code into your webpage
codebox
powered by Linkubaitor

3 Nov '07

Who owns Westpac-site.org?

by mxw @ 11:33 am. Filed under Email Scams, Identity Theft, Trojans, Viruses, banking, spoof websites

Why do I ask? Well, I got a spam/scam email today that pretends to be an alert from Microsoft, via the Secret Service that a backdoor has been found in Windows XP and that a patch has been released which will ‘fix’ this vulnerability.

Well, as you can imagine, the ‘patch‘ turns out to be a trojan/virus/worm thingy itself.

interestingly, this scammer uses imageshack.us to host his images. Here’s one:
Scammer ImageThe download site was WWW.WESTPAC-SITE.ORG which is hosted by one-and-one, a huge internet web hosting company and the rest of the details are probably spurious (Ian Arend from Victoria, Australia).

If you go to the westpac-site.org website, you find the beginnings of a Pharming operation, attempting to extract the PIN numbers of people’s credit cards for Bank of America accounts.

I have send emails to the relevant ISPs to try to get this site down as soon as possible, but people will get burned (unless that is, they see this posting first!)

Link To This Post
1. Click inside the codebox
2. Right-Click then Copy
3. Paste the HTML code into your webpage
codebox
powered by Linkubaitor

View blog top tags

Recent ScamBlog Posts

Scamdex Sponsors

Spam Blocked

Contact the ScamBlog

Your Name (required)

Your Email (required)

Subject

Your Message

captcha
Confirm code

Scamdex Sponsors

Categories

ScamBlog Archives

Tags

Meta

15,294 spam comments
blocked by
Akismet
[powered by WordPress.] 26 queries. 0.425 seconds