I am tired now, very tired. Friday morning started great, got up and went running. That felt good. When I got home I had a message waiting for me from the CTO of a credit union in Portland saying that my website was being used for a phishing attack on the credit union customers. No way! That sucks! I quickly got onto my web server and started to check things out as I called the CTO. It appears that my web server was compromised through Dotnetnuke. I haven’t updated it in a while and apparently there is a massive security hole in the version that I was running. This exploit allowed the attacker to upload files to my web server. They installed a piece of software that collects data from web site forms. An an instance of WAMP to run the fake site and allow them to collect data from the phishing attack. I have all the logs and folders from the attack and will turn everything over to the authorities. I must once again say, that sucks!
Random »« Feeling Good
WPMU Theme pack by