Regaining reputation after defacement

After the defacement and clean up, I was going about my normal business when a couple of friends noted that select pieces of reputation software are highlighting the site as either a phishing site or malicious content. This means folks would be blocked or have WARNING EVIL signs as they attempted to connect to this site. Somewhat off putting I would imaging.

The first one to fix is Web of Trust (WOT), a plug-in for Firefox that is used as part of safe browsing.

Simple option is to create an account, link to your site under the My Site option, and save the web cookie verifier .html file on your home page. Click on verify the site and request it be reviewed. To speed up the process you can ask a few folks to certified it all okay. Takes about a day to go from Red and malicious to Green and good.

The second on is the excellent folks at www.phishtank.com who help steer folks away from evil phishing sites. They are part of OpenDNS, so if you’re using OpenDNS services, this site is marked as a phishing site and you’re told not to enter. OpenDNS results are used by other services, so fixing the reputation here will clean up other safe browsing tools.

Despite my site not being an actual phishing site, the bad guys linked through my domain name to a compromised web site on the same server.

So should you type:

www.chris-mohan.com/~hackedsite/Evil_Fake_PayPal_Phishing_Site/cc.php?cmd=_Confirm_being_ripped_off

and the computer translates it to :

10.1.10.1/~hackedsite/Evil_Fake_PayPal_Phishing_Site/cc.php?cmd=_Confirm_being_ripped_off

The /~hackedsite being another user account on the same server as me. Linux helpfully understands the command uses the ip address of my site (which is the same as a couple of hundred hosted others) and redirects to hackedsite web site. in effect this is what happens

10.1.10.1/~hackedsite/Evil_Fake_PayPal_Phishing_Site/cc.php?cmd=_Confirm_being_ripped_off

The web site hackedsite got closed down when I reported it by the hosting company, so phishing was no longer an issue.

I registered  an account  on www.phishtank.com and asked for the site to be review and reclassifed now that the bad stuff has been removed. Now waiting to see how long it takes before being reviewed.

Update: The faster way to get the site off phishtank was to send an email to the support team at OpenDNS. The team there turn around my request in under a day

Reply now | Feed

2 Comments

  1. #184
    ash :

    Jun 23, 2010 3:36 pm |

    Of course, none of this helps if your ISP dissapears into a blackhole for a while :)

    At least you’re back in action now Chris!

  2. #185
    ChrisM( author ) :

    Jun 23, 2010 5:40 pm |

    Well, when you get an email like this you can’t help but feel:

    A) Sorry
    B) Wondering what actually happen
    C) Disbelief
    D) Overpowering sense of hysterical amusement
    E) bleh, another day in IT
    F) Happy it didn’t happen to you

    ___________________________________________________________________
    IMPORTANT NOTICE

    Dear Customers,

    Customer Outage – Resolved, 22 June 2010

    Unfortunately we have been experiencing some packet loss of both our primary and secondary data links. This affected most of the network, client websites/services, including our support phone and email systems. This outage meant we could not provide a prompt notice, either directly or via our website.

    This issue has since been resolved and safe guards been put in place to prevent future reoccurrence.

    We sincerely apologise for the inconvenience this would have caused.

Leave a Reply


XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Wp Logo Theme: Guangzhou
Home