Shared Hosting
Shared HostingKnowledgebase
Portal Home > Knowledgebase > Articles Database > How to fight Phishing / Fraud sites in Free Hosting Server?
How to fight Phishing / Fraud sites in Free Hosting Server?
 |
 |
 |
Posted by webseoindia, 08-30-2007, 09:07 AM Hi, I run a Free web hosting service on my server with XPanel script installed. It has around 47K accounts in all. Recently i started getting mails from e-bay, banks and many other institutions regarding the Phishing sites operating from my server for cheating their customers / members. Though i removed them but i have to do it manually and after getting mails from them. Now that i dont want any more such site to run from my hosting site, What are the options available for me in order to check all accounts automatically and remove any such site on its own? As there are 47K accounts and 100+ new signups each day, it is not possible to check all accounts manually. I want any script / addon which can check all possible Phishing / Spamming / Spurious / Fraud sites and intimate me/ delete them upon request. Any person using such services? I need your guidance + support. Looking for some fast and effective answers from experts here. Thanks
Posted by Ashley Merrick, 08-30-2007, 03:07 PM Its very hard to do such a thing completely automatic. However you could create a file that run through random files hosted by your clients looking for particular words and then flag them up for you to view them. Really this is something we can't tell you how to do, this is something you would need to employ a coder to create. ,Ashley
Posted by david510, 08-31-2007, 07:16 AM webseoindia, From a user level, I don't think much can be done here.
Posted by Website Rob, 08-31-2007, 05:57 PM Make sure no directories have 777 permissions.
Posted by Adam H, 08-31-2007, 07:27 PM 47,000 accounts on one server? Wow, Whats the server load like?
Posted by StevenG, 08-31-2007, 08:54 PM Well at minimum you'd want mod_security rules to block access to anything with commonly phished sites phrases in, ie paypal, ebay bankofamerica etc. If you are allowing php scripts to be run and having accounts auto setup, I can see why your freehost would be very popular (especially with the phishing crowd) . I'd imagine it's a bit of a nightmare to manage..
Posted by Mikie4648, 09-01-2007, 02:23 AM Not just the load. One would have to ask; Whats the spam count like? Whats the size of the HD? How many years does it take to do a backup, if any. ...but i find it hard to believe that he has 47k on one box and if he does, he should be converting them to paid accounts. Let the pawpers be peddlers.
Posted by XPanel, 09-03-2007, 08:59 AM single way that we know is to create rules in uploadscript.pl and time by time to run file_killer.pl file that will parse all users files and will remove all unallowed content
Posted by XPanel, 09-03-2007, 09:06 AM my %aLoop; $aLoop{'.'} = { 'http://\d+\.\d+\.\d+\.\d+\:\d*/wwwroot/?' => '_LOG_', # 'Credit\s+Card' => '_LOG_', # 'America\s+Online' => '_LOG_', # 'http://depoch\.net' => '', 'RapidLeech' => '_LOG_', 'RapidGet' => '_LOG_', 'RapidKill' => '_LOG_', 'Credits to Pramode & Checkmate' => '_LOG_', 'MSN Money\. All rights reserved' => '_LOG_', 'Bank Online' => '_LOG_', 'AOL account check' => '_SUSPEND_', 'AOL Billing Center' => '_SUSPEND_', 'Log in to Citizens Bank Online' => '_SUSPEND_', 'Citizens Financial Group\. All rights reserved'=> '_LOG_', 'Sign In to Your FirePay Account' => '_SUSPEND_', 'http://www.firepay.com/_privacy/' => '_SUSPEND_', 'http://www.firepay.com/_terms/' => '_SUSPEND_', 'https?://account\.' => '_LOG_', 'http://www.firepay.com/_help/' => '_LOG_', 'FireOne Group plc. All Rights Reserved' => '_LOG_', # 'Mailing\s+List' => '_LOG_', # 'FastMailer' => '_LOG_', # 'Bulk Maileren' => '_LOG_', # 'PHP-Mailer' => '_LOG_', # 'GuerillaMailer' => '_LOG_', # 'Grab\s+e?-?mail' => '_LOG_', 'https?://[\w\-\.]*wellsfargo\.com/util/signon\.jhtml' => '_SUSPEND_', 'https?://[\w\-\.]*wellsfargo\.com' => '_LOG_', 'https?://[\w\-\.]*passport\.com' => '_LOG_', # 'https?://[\w\-\.]*[^w]\.aol\.com' => '_LOG_', 'https?://[\w\-\.]*[^w]\.aim\.com' => '_LOG_', 'https?://[\w\-\.]*bankofamerica\.com' => '_LOG_', 'https?://[\w\-\.]*olb2\.nationet\.com' => '_LOG_', 'https?://[\w\-\.]*rbc\.com' => '_LOG_', 'https?://[\w\-\.]*rbcfunds\.com' => '_LOG_', 'https?://[\w\-\.]*rbcinsurance\.com' => '_LOG_', 'https?://[\w\-\.]*rbcroyalbank\.com' => '_LOG_', 'https?://[\w\-\.]*actiondirect\.com' => '_LOG_', 'https?://[\w\-\.]*vozipglobal\.com' => '_LOG_', # au inchis serverul, ceva legat de spam 'https?://[\w\-\.]*vozipglobal\.com/afiliacion\.php' => '_SUSPEND_', # au inchis serverul, ceva legat de spam 'https?://[\w\/\-\.]*bank[\w\/\-\.]+' => '_LOG_', # 'https?://[\w\-\.]*2checkout\.com' => '_LOG_', # 'https?://[\w\-\.]*secpay.com' => '_LOG_', # 'https?://[\w\-\.]*authorize\.net' => '_LOG_', # 'https?://[\w\-\.]*ipayment\.de' => '_LOG_', # 'https?://[\w\-\.]*nochex\.com' => '_LOG_', 'iRcHaTaN Mail Bomber' => '_SUSPEND_', # spam 'SendTo - by P7rk' => '_SUSPEND_', # spam 'phpSimpleEMail' => '_SUSPEND_', # spam 'Email Broadcasting System' => '_SUSPEND_', # spam };
Posted by tweakservers, 09-03-2007, 12:43 PM you can consider to setup some outgoing email blocking if the mail server is supported for those common phising keywords but this might filter out some of the positive emails.
Posted by -OY-, 09-03-2007, 01:44 PM I run a free host too and I do indeed receive these emails quite often. I only host 30k account, but... unlike XPanel, I use LayeredPanel. Tycho made it so that it would find words from your access_log and flag them, you will then have to review it manually. How would that help? That's to prevent people from hacking your server, not upload phishing to your account. To prevent users from sending out spam, I disabled mail() completely except for those who can scan in a photo ID of some sort. This policy was working well until I found out that some legitimate users have exploitable scripts to send out emails with viruses. So if you haven't done it already, I suggest: 1) Doing what XPanel said to do, kind of obvious. 2) Disable mail() completely, so that phishing sites are rendered useless - can't send information to the person that made the site. 3) Looking through the access_log and grep all paypal files? Hope that helped, Otto
Add to Favourites 
Print this Article
Also Read
