When Webmasters Get Phished?

SirJorgelOfBorgel asks: "Many of us run webservers. Some of us just for fun - hosting many of the 'less important' stuff around on the web, others professionally. Though you always try to keep your webserver secure there's always the possibility you get hacked. What do you do, then?" You would think that, by doing the right thing and reporting the incident to the proper authorities, they would do the right thing and go after the hackers, right? This may not be the case. Here's a cautionary tale on what may happen if you follow that line of reasoning. The real question here is: what else could SirJorgelOfBorgel have done to make things turn out as he expected?

"It happened to me a few months ago, and the hacker installed a phishing website. Of course I found that out within a few hours and removed it (and patched the used vulnerability). To be helpful, I packed the whole folder, relevant logs, etc, and sent them -- accompanied by a letter explaining what happened -- to the fraud reporting email address of the bank that was the target of the attempt. That's what we all would do, right?

To my surprise however, instead of them trying to found out who it was that made the attempt (an email address where the phished usernames/passwords were transmitted to was clearly visible in the source), they had me disconnected from the Internet and put on an ISP blacklist. Took me some cash and a lot of time to even get reconnected to the Internet. And there I thought they would be happy with this information.

In light of this, if you should ever notice a phishing attempt, would you still report it, knowing it might get yourself in a lot of trouble? I for one, probably won't.

Furthermore, though I know it is my own responsibility to make sure my PCs are well protected, would there be any legal action I should/could take to get reimbursed for my losses? (The bank is a US bank, I am not a US citizen.)"

Perraps your actions had nothing to do with it ...

[dougmc]

To be helpful, I packed the whole folder, relevant logs, etc, and sent them - accompanied by a letter explaining what happened - to the fraud reporting email address of the bank that was the target of the attempt. That's what we all would do, right?

What seems quite likely is that these actions really had nothing to do with it.

When I get a phishing attempt, I generally report them to the institution being impersonated, especially if it's more convincing than normal. I imagine that some other people do the same. It's entirely possible that other users reported `your' phishing site, and the bank was already in the process of getting it shut down when they received your email.

... if they ever received your email. Lots of places don't really read their abuse@ addresses, or filter it so heavily that most everything gets filtered.

And if they did get your email, and it was received by the right people, they probably don't care. Your site cost them money, even if you claim that you weren't directly responsible, and they'll do what they can to stop it from happening again.

Ultimately, the right answer is to keep your system secured enough so this doesn't happen. Your email after the fact was the Right Thing [tm] to do, at least morally, but I'll bet if you had checked with your attorney, he'd have suggested not sending it at all. as it could be used as evidence if the bank decided to sue you.

It's not right, but it's the way things are ... being a Good Guy [tm] just doesn't pay anymore.

Re:Folder?

[bluephone]

I used to be all militant about that too. Then I realized it didn't really make any difference at all. MacOS always called them folders. With Windows 95, the MS world changed to that term too (albeit slowly). Frankly, it's a more accurate term for the metaphor, as a directory is a list, rather than a container. And it's faster and easier to say and type. The world changes. I decided to quit yelling at the tide.

Re:For unix, "directory" is right.

[bluephone]

from a programming perspective, sure, it is correct. From a human perspective, it's sorely lacking. Most coders and/org *nix fans fail to recognize that the wider world of people think in human terms, not programming terms. This is another reason why the standard *nix method will not "take over the world". Maybe it's time the metaphor evolved. Yes, it's not an actual container, but it is a metaphorical container, therefore the directory term fails in the metaphor sense despite being technically correct from the programmatical metaphor.

We evolve. Join the club.