[members at lugog] OT - but need advice - my web site has had phishing pages added

Graham Smith graham.smith at myotis.co.uk
Tue Aug 17 21:14:56 UTC 2010 

Thanks,


> I'd escalate that tech support request fairly quickly.  The co-op
> tells our customers:

I have been trying that, but (possibly because there is no specific 
contract other than the price including 24hr support) there doesn't seem 
to be any mechanism to escalate it. I can't find a telephone number, but 
have now emailed other purplepaw email addresses.

> If your suppliers don't let you do something to that, I'd move.  Our
> software.coop hosting charge is similar to purplepaw's Power Hosting
> and we offer support contracts too, which I didn't see on purplepaw.

That has aready crossed my mind, but need a mailserver/webserver alternative
>
> Your aim should be to find out as many of possible of the 6 Ws of the
> attack: who, when, how, what, where and why.  Then make sure they
> can't do it again.

I have no idea how to do this, but assumed purplepaw would have done this

> Actually, last month I saw some "idiot user" software that added spam
> links to every file it uploaded.  It had been used on the website of a
> major hotel chain!

I am hoping that my RealMac RapidWeaver program will be rather better 
than tan

> Yes, I'd be wary of sending them to anyone you don't have a prior
> agreement with, unless it's www.CPNI.gov.uk or law enforcement.

Should, I be telling "someone" about it, its obviously criminal 
behaviour defrauding people by pretending to be ebay>

> I think that's good - the referer logs should tell you what other
> sites might have been attacked.  I'd contact their tech support and
> let them know.  They might even help you solve your problem.

The referer field is empty in every entry
>
>> I have also changed the password to one that was generated by my log-in
>> page and has a good Strength rating.
>
> Always a good move, but can you trust your log-in page?  I use pwgen
> on my workstation.  It's packaged for debian and probably others.

I will give this a look.
>
>> I would appreciate any advice, as to what my next step should be. Other
>> than continuing to chase purplepaw tech support.
>
> Why not continue to chase purplepaw tech support?  It sounds like
> they're dropping the ball and it's your online reputation at risk.

I will continue chasing them, as they are meant to be giving me 
technical support

> Other than that, I'd fix the hole and make sure it can't repeat.

I'm doing my best

> Hope that helps,

Yes, it did.

-- 
--
Graham M Smith
graham.smith at myotis.co.uk

More information about the Glastonbury mailing list