Results 1 to 11 of 11
-
08-30-2007, 09:07 AM #1New Member
- Join Date
- Jun 2006
- Posts
- 1
How to fight Phishing / Fraud sites in Free Hosting Server?
Hi,
I run a Free web hosting service on my server with XPanel script installed. It has around 47K accounts in all. Recently i started getting mails from e-bay, banks and many other institutions regarding the Phishing sites operating from my server for cheating their customers / members. Though i removed them but i have to do it manually and after getting mails from them.
Now that i dont want any more such site to run from my hosting site, What are the options available for me in order to check all accounts automatically and remove any such site on its own? As there are 47K accounts and 100+ new signups each day, it is not possible to check all accounts manually.
I want any script / addon which can check all possible Phishing / Spamming / Spurious / Fraud sites and intimate me/ delete them upon request. Any person using such services? I need your guidance + support.
Looking for some fast and effective answers from experts here.
Thanks
-
08-30-2007, 03:07 PM #2Web Hosting Master
- Join Date
- Mar 2007
- Location
- UK
- Posts
- 852
Its very hard to do such a thing completely automatic. However you could create a file that run through random files hosted by your clients looking for certain words and then flag them up for you to view them.
Really this is something we can't tell you how to do, this is something you would need to employ a coder to create.
,AshleyZXPlay
Premium Virtual Private Servers | Dedicated Media Streaming Servers
Dedicated Resources | EU Based
www.zxplay.co.uk
-
08-31-2007, 07:16 AM #3Web Hosting Master
- Join Date
- Oct 2004
- Location
- Kerala, India
- Posts
- 4,771
webseoindia,
From a user level, I don't think much can be done here.David | www.cliffsupport.com
Affordable Server Management Solutions sales AT cliffsupport DOT com
CliffWebManager | Access WHM from iPhone and Android
-
08-31-2007, 05:57 PM #4learning is in the doing
- Join Date
- Sep 2000
- Location
- Alberta, Canada
- Posts
- 3,146
Make sure no directories have 777 permissions.
• PotentProducts.com - for all your Hosting needs
• Helping people Host, Create and Maintain their Web Site
• ServerAdmin Services also available
-
08-31-2007, 07:27 PM #5Web Hosting Master
- Join Date
- Jun 2006
- Location
- United Kingdom
- Posts
- 1,776
47,000 accounts on one server?
Wow, Whats the server load like?-- Adam
-
08-31-2007, 08:54 PM #6Web Hosting Master
- Join Date
- Apr 2002
- Location
- Auckland - New Zealand
- Posts
- 1,575
Well at minimum you'd want mod_security rules to block access to anything with commonly phished sites phrases in, ie paypal, ebay bankofamerica etc.
If you are allowing php scripts to be run and having accounts auto setup, I can see why your freehost would be very popular (especially with the phishing crowd) .
I'd imagine it's a bit of a nightmare to manage..
-
09-01-2007, 02:23 AM #7Aspiring Evangelist
- Join Date
- Jul 2006
- Posts
- 413
Not just the load. One would have to ask;
Whats the spam count like?
Whats the size of the HD?
How many years does it take to do a backup, if any.
...but i find it hard to believe that he has 47k on one box and if he does, he should be converting them to paid accounts. Let the pawpers be peddlers.
-
09-03-2007, 08:59 AM #8Newbie
- Join Date
- Jan 2003
- Location
- Europe
- Posts
- 27
single way that we know is to create rules in uploadscript.pl and time by time to run file_killer.pl file that will parse all users files and will remove all unallowed content
-
09-03-2007, 09:06 AM #9Newbie
- Join Date
- Jan 2003
- Location
- Europe
- Posts
- 27
examples of rules in uplodscrip.pl
my %aLoop;
$aLoop{'.'} = {
'http://\d+\.\d+\.\d+\.\d+\:\d*/wwwroot/?' => '_LOG_',
# 'Credit\s+Card' => '_LOG_',
# 'America\s+Online' => '_LOG_',
# 'http://depoch\.net' => '',
'RapidLeech' => '_LOG_',
'RapidGet' => '_LOG_',
'RapidKill' => '_LOG_',
'Credits to Pramode & Checkmate' => '_LOG_',
'MSN Money\. All rights reserved' => '_LOG_',
'Bank Online' => '_LOG_',
'AOL account check' => '_SUSPEND_',
'AOL Billing Center' => '_SUSPEND_',
'Log in to Citizens Bank Online' => '_SUSPEND_',
'Citizens Financial Group\. All rights reserved'=> '_LOG_',
'Sign In to Your FirePay Account' => '_SUSPEND_',
'http://www.firepay.com/_privacy/' => '_SUSPEND_',
'http://www.firepay.com/_terms/' => '_SUSPEND_',
'https?://account\.' => '_LOG_',
'http://www.firepay.com/_help/' => '_LOG_',
'FireOne Group plc. All Rights Reserved' => '_LOG_',
# 'Mailing\s+List' => '_LOG_',
# 'FastMailer' => '_LOG_',
# 'Bulk Maileren' => '_LOG_',
# 'PHP-Mailer' => '_LOG_',
# 'GuerillaMailer' => '_LOG_',
# 'Grab\s+e?-?mail' => '_LOG_',
'https?://[\w\-\.]*wellsfargo\.com/util/signon\.jhtml' => '_SUSPEND_',
'https?://[\w\-\.]*wellsfargo\.com' => '_LOG_',
'https?://[\w\-\.]*passport\.com' => '_LOG_',
# 'https?://[\w\-\.]*[^w]\.aol\.com' => '_LOG_',
'https?://[\w\-\.]*[^w]\.aim\.com' => '_LOG_',
'https?://[\w\-\.]*bankofamerica\.com' => '_LOG_',
'https?://[\w\-\.]*olb2\.nationet\.com' => '_LOG_',
'https?://[\w\-\.]*rbc\.com' => '_LOG_',
'https?://[\w\-\.]*rbcfunds\.com' => '_LOG_',
'https?://[\w\-\.]*rbcinsurance\.com' => '_LOG_',
'https?://[\w\-\.]*rbcroyalbank\.com' => '_LOG_',
'https?://[\w\-\.]*actiondirect\.com' => '_LOG_',
'https?://[\w\-\.]*vozipglobal\.com' => '_LOG_', # au inchis serverul, ceva legat de spam
'https?://[\w\-\.]*vozipglobal\.com/afiliacion\.php' => '_SUSPEND_', # au inchis serverul, ceva legat de spam
'https?://[\w\/\-\.]*bank[\w\/\-\.]+' => '_LOG_',
# 'https?://[\w\-\.]*2checkout\.com' => '_LOG_',
# 'https?://[\w\-\.]*secpay.com' => '_LOG_',
# 'https?://[\w\-\.]*authorize\.net' => '_LOG_',
# 'https?://[\w\-\.]*ipayment\.de' => '_LOG_',
# 'https?://[\w\-\.]*nochex\.com' => '_LOG_',
'iRcHaTaN Mail Bomber' => '_SUSPEND_', # spam
'SendTo - by P7rk' => '_SUSPEND_', # spam
'phpSimpleEMail' => '_SUSPEND_', # spam
'Email Broadcasting System' => '_SUSPEND_', # spam
};
-
09-03-2007, 12:43 PM #10Aspiring Evangelist
- Join Date
- Mar 2006
- Posts
- 427
you can consider to setup some outgoing email blocking if the mail server is supported for those common phising keywords but this might filter out some of the positive emails.
Tweakservers : Authorised Reseller of SmarterMail | SmarterStats | SmarterStats | Mailenable
-
09-03-2007, 01:44 PM #11Ottomatic backup specialist
- Join Date
- Aug 2006
- Location
- Canada
- Posts
- 763
I run a free host too and I do indeed receive these emails quite often. I only host 30k account, but... unlike XPanel, I use LayeredPanel. Tycho made it so that it would find words from your access_log and flag them, you will then have to review it manually.
Make sure no directories have 777 permissions.
To prevent users from sending out spam, I disabled mail() completely except for those who can scan in a photo ID of some sort. This policy was working well until I found out that some legitimate users have exploitable scripts to send out emails with viruses.
So if you haven't done it already, I suggest:
1) Doing what XPanel said to do, kind of obvious.
2) Disable mail() completely, so that phishing sites are rendered useless - can't send information to the person that made the site.
3) Looking through the access_log and grep all paypal files?
Hope that helped,
Otto█ Otto Yiu
█ Rsync Palace ● Providing offsite backups since 2007.
█ Backomatic ● Hassle-free Automated cPanel/WHM, DirectAdmin, FTP, and MySQL backups.