When Webmasters Get Phished? 55
SirJorgelOfBorgel asks: "Many of us run webservers. Some of us just for fun - hosting many of the 'less important' stuff around on the web, others professionally. Though you always try to keep your webserver secure there's always the possibility you get hacked. What do you do, then?" You would think that, by doing the right thing and reporting the incident to the proper authorities, they would do the right thing and go after the hackers, right? This may not be the case. Here's a cautionary tale on what may happen if you follow that line of reasoning. The real question here is: what else could SirJorgelOfBorgel have done to make things turn out as he expected?
"It happened to me a few months ago, and the hacker installed a phishing website. Of course I found that out within a few hours and removed it (and patched the used vulnerability). To be helpful, I packed the whole folder, relevant logs, etc, and sent them -- accompanied by a letter explaining what happened -- to the fraud reporting email address of the bank that was the target of the attempt. That's what we all would do, right?
To my surprise however, instead of them trying to found out who it was that made the attempt (an email address where the phished usernames/passwords were transmitted to was clearly visible in the source), they had me disconnected from the Internet and put on an ISP blacklist. Took me some cash and a lot of time to even get reconnected to the Internet. And there I thought they would be happy with this information.
In light of this, if you should ever notice a phishing attempt, would you still report it, knowing it might get yourself in a lot of trouble? I for one, probably won't.
Furthermore, though I know it is my own responsibility to make sure my PCs are well protected, would there be any legal action I should/could take to get reimbursed for my losses? (The bank is a US bank, I am not a US citizen.)"
Perraps your actions had nothing to do with it ... (Score:5, Interesting)
When I get a phishing attempt, I generally report them to the institution being impersonated, especially if it's more convincing than normal. I imagine that some other people do the same. It's entirely possible that other users reported `your' phishing site, and the bank was already in the process of getting it shut down when they received your email.
And if they did get your email, and it was received by the right people, they probably don't care. Your site cost them money, even if you claim that you weren't directly responsible, and they'll do what they can to stop it from happening again.
Ultimately, the right answer is to keep your system secured enough so this doesn't happen. Your email after the fact was the Right Thing [tm] to do, at least morally, but I'll bet if you had checked with your attorney, he'd have suggested not sending it at all. as it could be used as evidence if the bank decided to sue you.
It's not right, but it's the way things are ... being a Good Guy [tm] just doesn't pay anymore.
Re:Folder? (Score:4, Interesting)
Re:For unix, "directory" is right. (Score:4, Interesting)
We evolve. Join the club.