[members at lugog] OT - but need advice - my web site has had phishing pages added

Graham Smith graham.smith at myotis.co.uk
Wed Aug 18 11:02:48 UTC 2010 

> Hrm.  Their co.uk WHOIS listing doesn't give a phone number (which
> might be usual for co.uk if I recall correctly) and their dotCom one
> lists a US phone number.  Their co.uk WHOIS gives a PO Box number in
> Southampton, while their Companies House registered office is in
> London.  Does anyone know who purplepaw really are?

I have been with them for 7+ years,  originally it was a small company 
in Devon, and they were very good, but they sold the company (to 
someone) and although it has gone down hill since, it has not come close 
to the horror stories that others relate about there hosting sites.

I have seldom had to contact them for anything in the past, as things 
have just trundled along. But they have really screwed things up 
recently, which is part of the problem as I cannot get into the client 
portal, because there is no account matching my email address. The email 
address they have sent my renewal notice to !!!

But equally, it seems they only respond to things sent through the 
client portal, so my emails sent to them saying I cannot get into the 
portal are being ignored.

> Searching the web for purplepaw hosting finds negative reviews like
> http://www.ukbusinessforums.co.uk/forums/showthread.php?t=11357
> easily, although I don't agree with that page about 1&1 ;-)

That particular review was from 2005, and they did go through a bad spell

> Assumption is the mother of all screwups.  I'd hope they would take
> an interest in a phishing break-in,

You would think so.

> I'd report it to http://www.actionfraud.org.uk/ - They're linked from
> http://www.getsafeonline.org/ who I generally trust on such things.
>
  I will have a look into this.

>> The referer field is empty in every entry
>
> Every entry? I'd expect some to contain links from webmail sites,
> to suggest it was used in email-based phishing.  Is any LUGger
> more familiar with webmail and know if they blank referer on links
> somehow?

Its only empty on the attempts to access the fake ebay pages. The 
genuine links have a referer field


>>>> I have also changed the password to one that was generated by my log-in
>>>> page and has a good Strength rating.
>
> Ask yourself: was the old password weak?  For example, can you find it
> in a web search?  If so, that might well be how they got in - I'd
> check the access logs for logins from networks you don't use.

I now think it was weak, I have used it for years and in the past when I 
tested it for strength it came up as "very strong" now it comes up as 
very weak.  So I assume this may well be the issue
>
> Elsewhere, it's written that the site was only three pages, so unless
> they were badly-written PHP or similar, I'd be surprised if they were
> the break-in route.  But I'm often surprised :-)

The web pages are just a few pages of plain text, and while I am sure 
people will argue about it, one of the reasons I went for Rapid Weaver 
to create them was the good reviews it got on the quality of the pages. 
There aren't any scripts on it.

Thanks again.

Graham
-- 
--
Graham M Smith
graham.smith at myotis.co.uk

More information about the Glastonbury mailing list