Hi

I had a customer who was running a phishing website. Somebody emailed me letting me know and I backup and terminated the account right away after doing some investigation of my own. It looked like he installed a script that had a bunch of different clones.

He wants his files back and said it was in my best interest "legally".

Anybody encounter anything like this. Should I turn him in? Your thoughts are much appreciated.

By the way he has been banned from DP forums.

Thanks

Was he intentionally phishing or were one of his scripts compromised?

I would say return the files (with maybe an extra fee for your time) if his scripts were compromised, however if he was intentionally phishing and you're 100% positive... tell him to go pound sand. :)

Are you sure he did it intentionally or was it done via an exploited script? I've never seen an incident of someone uploading phishing files to their account on purpose.

--Tina

I would give him his files and be done with him.

Am I missing something? The OP said:
I had a customer who was running a phishing website.
Are you sure he did it intentionally or was it done via an exploited script? I've never seen an incident of someone uploading phishing files to their account on purpose.

--Tina

Really? Unless I misunderstood your reply, people do it all the time, they're called phishers...

I don't see how you legally have to give them his script used for illegal purposes back, so don't and ignore him, if he goes to court he will be laughed at, than sued himself.

as the others stated. I would be willing to bet that his site was exploited. I have a lot of clients that run PHPNuke sites and Galleries that have been exploited. In those cases I remove all rights from the exploited folder and then notify the client.

So unless you know 100% that he did it himself I would return the files.

Really? Unless I misunderstood your reply, people do it all the time, they're called phishers...



Phishers don't have to purchase hosting, there are millions of exploitable scripts ripe for the picking.

--Tina

Phishers don't have to purchase hosting, there are millions of exploitable scripts ripe for the picking.

--Tina
True. But you said they don't have to, the majority I've encountered, are simple sites dedicated to phishing. I'm sure (hope) the OP knows the difference between an exploited script and phishing script.

True. But you said they don't have to, the majority I've encountered, are simple sites dedicated to phishing.


In the 10 years I've been doing this, I've never encountered a phishing site that was "just" a phishing site. Exactly 100% of the time, its been an exploited script. YMMV.

--Tina

In the 10 years I've been doing this, I've never encountered a phishing site that was "just" a phishing site. Exactly 100% of the time, its been an exploited script. YMMV.

--Tina
Agreed than. :agree:

Of course you should give the files back to him, just because he committed a crime doesn't give you the right to commit a crime. Simiarly, if someone owed you a sum of money and declared they were not going to pay you back, you are not automatically given the right to steal their car to recoup your losses; you have to go through the courts.

Before handing back over his files though, I would censor them to ensure that no phished customer data is stored anywhere.

Of course you should give the files back to him, just because he committed a crime doesn't give you the right to commit a crime. Simiarly, if someone owed you a sum of money and declared they were not going to pay you back, you are not automatically given the right to steal their car to recoup your losses; you have to go through the courts.

Before handing back over his files though, I would censor them to ensure that no phished customer data is stored anywhere.
I agree with you ONLY if this wasn't a dedicated phishing script, because if it was, you should not give him the means to commit a crime by giving him the files back.

Of course you should give the files back to him, just because he committed a crime doesn't give you the right to commit a crime. Simiarly, if someone owed you a sum of money and declared they were not going to pay you back, you are not automatically given the right to steal their car to recoup your losses; you have to go through the courts.

That's such an awful comparison...

If the client was intentionally running a phishing website, and I have to agree with Tina that most phishing websites are the result of a compromised script, why the hell should you return their files?

Willfully doing so, is probably illegal in itself given the nature of the crime.

If running a phishing site is against your TOS/AUP (I would sure hope it is) and your TOS/AUP says you reserve the right to cancel any account found in violation of said terms and that you are not responsible for their data, don't give them anything. This situation is exactly why you have those documents.

But like Tina, in 8 years I've never seen someone upload a phishing site to their own web space, so I would suspect it's a compromised site.

Of course you should give the files back to him, just because he committed a crime doesn't give you the right to commit a crime. Simiarly, if someone owed you a sum of money and declared they were not going to pay you back, you are not automatically given the right to steal their car to recoup your losses; you have to go through the courts.

Thats a bad comparison. It's more like whether or not you should give a gun back to a serial killer who you just saw murder someone in cold blood...but theirs a plot twist: The guy had a twin brother who is a cop, and now your not sure who you should give the gun back to because you don't know if its a serial killer or the cop your giving it to. If it was me I would just hold on to the gun and run to the local authorities and let them argue over who gets the gun back :stickout:

Thats a bad comparison. It's more like whether or not you should give a gun back to a serial killer who you just saw murder someone in cold blood...but theirs a plot twist: The guy had a twin brother who is a cop, and now your not sure who you should give the gun back to because you don't know if its a serial killer or the cop your giving it to. If it was me I would just hold on to the gun and run to the local authorities and let them argue over who gets the gun back :stickout:
Sounds like a M. Night Shyamalan film.

I agree with you ONLY if this wasn't a dedicated phishing script, because if it was, you should not give him the means to commit a crime by giving him the files back.


if it was a dedicated phishing site I am pretty sure he already has the files since he uploaded them in the first place. If he is that worried about retrieving his files I still think he had a legitimate site. Someone that knowingly commited a crime would have cut his losses and went elsewhere.

Of course you should give the files back to him, just because he committed a crime doesn't give you the right to commit a crime.

My lawyer told me if someone is uploading illegal content to a server (such as a warez site) giving the files back to him would mean that I am supporting his crime for I am helping him to continue. Therefore from a legal point of view I would be breaking law by assisting someone to commit a crime.

So you should be very very careful about giving someone illegal content back. It is really pretty much like giving a serial killer his gun back like someone said before me.

I'm going to go ahead and point out the obvious. Its probably a pretty sure bet that the customer was innocent and that he just had an exploited script. If this was the case (OP checked, right?) - why even cancel the account? A better route would have been to suspend the account, notify the customer and tell him to fix his script so that you can keep him as a loyal customer.

--Tina

But like Tina, in 8 years I've never seen someone upload a phishing site to their own web space, so I would suspect it's a compromised site.

I've seen someone sign up, and intentionally use their space as a fileserver for warez. IP that ftp'd the content matched the ip that signed up. But I've never seen someone intentionally upload a phishing site. Like Tina, it's always been exploited sites.

I've seen someone sign up, and intentionally use their space as a fileserver for warez. IP that ftp'd the content matched the ip that signed up. But I've never seen someone intentionally upload a phishing site. Like Tina, it's always been exploited sites.

Yeah, kids like to upload warez and movies/music downloads. That's a given. But, that's quite a different issue. That group wouldn't know what to do with a bunch of info gathered via phishing. :P

--Tina

... suspend the account, notify the customer and tell him to fix his script ...SOP :wht:

So, yeah. Give him his files back.

I never encountered anything like this. Never thought that the files were an exploit. I did back up the site just because. I probably jumped the gun but ...

1. The guy was banned from DP because he was stealing 2 bucks from a bunch of people at DP with some affiliate scam.

2. He replied to me canceling his account with this "your mom". That was his reply. Why didnt he plea with me?

3. His next email was can I at least have my files back. So he still hadn't pleaded his innocence to this point.

4. He never had an index file uploaded to his public_html folder. All the files were buried deep.

I am going to take a look at the files and make sure he did or didnt upload the script before I give or dont give his files back.

Thanks for everyones replies you all make excellent points.

I don't think you are legally obligated to give him the files back. I just hope you have a legal team.

...

I am going to take a look at the files and make sure he did or didnt upload the script before I give or dont give his files back.

Thanks for everyones replies you all make excellent points.Yup. I have seen one case where the phisher definitely was the customer. So, it 'can' happen.