Pelder Posted August 2, 2012 Author Posted August 2, 2012 Because of phishing? How on earth could that happen?
Byron Posted August 2, 2012 Posted August 2, 2012 This support request is being escalated to our root admin.
Pelder Posted August 2, 2012 Author Posted August 2, 2012 Alright, thanks. I really have no idea how it could have happened and it's quite bad as it was my portfolio website.
Byron Posted August 2, 2012 Posted August 2, 2012 On 7/22/2012 9:19 PM, nabCERT Security Operations Centre wrote: ---=== This email has been sent by an automated monitoring system on behalf of nabcert.soc@nab.com.au ===--- THIS IS AN URGENT MATTER Hello,We work for and represent National Australia Bank Limited. Please be advised that we have received reports of a phishing website at the following URL being used to illegally obtain the login details of National Australia Bank Internet Banking customers: http://www.pelder.he...bisco/index.htm As at 23-Jul-2012 02:17:35PM EST these URLs resolved to the IP address of: 216.218.192.170 for which you are listed as an abuse/support contact. We would greatly appreciate your prompt assistance in: 1. Zipping any relevant files from the folders below and forwarding these to nabcert.soc@nab.com.au for investigation http://www.pelder.heliohost.org/wp-includes/js/jquery/nabisco/index.htm 2. Immediately shutting these sites down or removing the phishing related material 3. Checking for other compromised web accounts on your servers which may also contain the same files 4. Checking for and fixing any security vulnerabilities which may have contributed to the creation of these phishing pages We believe the purpose of this website and associated pages is solely to commit fraud against Internet Banking customers and in the absence of any response we reserve the right to take this matter further. In case of the need for further investigation the Australian Federal Police have also been notified. Please contact us as soon as possible via the email address nabcert.soc@nab.com.au to let us know when this site has been disabled. If you are not the correct person(s) to deal with this incident, please forward this request to the appropriate person(s). Regards,nabCERT Security Operations Centre We also have evidence of a file on your site used to phish usernames and passwords and email them to your gmail and hotmail accounts.
Pelder Posted August 3, 2012 Author Posted August 3, 2012 Could you tell me what file it was? I never uploaded a file to the server that had 'bisco' in it's name. I basically just uploaded a Wordpress installation file and a theme to the FTP and that was all I did. Also, could you possibly mail me the hotmail and gmail accounts where the info would have been mailed to?
Byron Posted August 3, 2012 Posted August 3, 2012 This was the file name: http://www.pelder.heliohost.org//wp-includes/js/jquery/nabisco/index.htm Email addresses: arablogs100th@hotmail.com arablogs.100th@gmail.com
Pelder Posted August 3, 2012 Author Posted August 3, 2012 Checked my files on my harddisk and I can safely say I haven't uploaded that "nabisco" directory and those e-mail adresses aren't mine either. Sounds like either my account has been hacked or the server has safety issues. Is it possible to get my account back with the directories that caused the phishing deleted? Surely you can check IP addresses who uploaded what, I'm 100% sure they won't match my address. EDIT: Issue solved and phishing account permanently deleted.
Recommended Posts