The Boston Diaries

The ongoing saga of a programmer who doesn't live in Boston, nor does he even like Boston, but yet named his weblog/journal “The Boston Diaries.”

Go figure.

Monday, September 25, 2006

It's magic!

One of our client's customer's site was being used for a phishing scam. The site itself had nothing to do with the scam, it's just that someone had uplaoded some pages that looked like a PayPal login screen. Our client wrote in:

We rec'd a call saying that a phishing scam was using XXXXXXXXXXXXXX (a site on XXXXXX) This is the email they rec”d:

Ticket from our client

And yes, the email was a typical phishing email. I had some exchanges with the client. It ended thus:

Did you already remove the problem files? If not, what should we do? And what can we do to prevent this in the future. I'm sure the client didn't know what was going on.

Response from our client

I didn't remove the files, as it's inaccessible anyway due to the Apache configuration. If you want, I can delete them.

As for prevention, remind the client not to let out their account information. Another thing to check is for insecure CGI scripts (PHP, etc) that might allow someone to upload such items.

My response

I think it's best to remove the infected files to prevent the site, or the server, from being blocked or placed on any blacklists or anything. Thank you.

Client respnose

“Infected files?”

These are not “infected files”—they contain no virus. They don't propagate on their own. They don't infect other files (I'm also tempted to question their reading comprehension, as I clearly stated the files were “inaccessible due to the Apache configuration” but I won't). These files were placed there by someone.

Does no one truely understand this stuff anymore? Does anyone read anymore?

Sigh.

Update a few minutes later

Why am I being so harsh?

I think it's because the client that wrote in is a web design and hosting company (and we do some of the hosting for them). If it was the end customer, the one who's site was being used, that wrote in, I would be more forgiving (or rather, I'd roll my eyes, fix the problem, and go on). But for a company that does web design? That also hosts some of their sites? Them, I would expect a bit more from.

In the end, I rolled my eyes, fixed the problem, and then went on to make a post about it.

Obligatory Picture

[The future's so bright, I gotta wear shades]

Obligatory Contact Info

Obligatory Feeds

Obligatory Links

Obligatory Miscellaneous

You have my permission to link freely to any entry here. Go ahead, I won't bite. I promise.

The dates are the permanent links to that day's entries (or entry, if there is only one entry). The titles are the permanent links to that entry only. The format for the links are simple: Start with the base link for this site: https://boston.conman.org/, then add the date you are interested in, say 2000/08/01, so that would make the final URL:

https://boston.conman.org/2000/08/01

You can also specify the entire month by leaving off the day portion. You can even select an arbitrary portion of time.

You may also note subtle shading of the links and that's intentional: the “closer” the link is (relative to the page) the “brighter” it appears. It's an experiment in using color shading to denote the distance a link is from here. If you don't notice it, don't worry; it's not all that important.

It is assumed that every brand name, slogan, corporate name, symbol, design element, et cetera mentioned in these pages is a protected and/or trademarked entity, the sole property of its owner(s), and acknowledgement of this status is implied.

Copyright © 1999-2024 by Sean Conner. All Rights Reserved.