Search This Blog

11 July 2005

Slashdot | When Webmasters Get Phished?

"'It happened to me a few months ago, and the hacker installed a phishing website. Ofcourse I found that out within a few hours and removed it (and patched the used vulnerability). To be helpful, I packed the whole folder, relevant logs, etc, and sent them - accompanied by a letter explaining what happened - to the fraud reporting email address of the bank that was the target of the attempt. That's what we all would do, right?

To my surprise however, instead of them trying to found out who it was that made the attempt (an email address where the phished usernames/passwords were transmitted to was clearly visible in the source), they had me disconnected from the internet and put on an ISP blacklist. Took me some cash and a lot of time to even get reconnected to the internet. And there I thought they would be happy with this information.

Damn. I probably would have reported it myself, until reading this.