I am tired now, very tired. Friday morning started great, got up and went running. That felt good. When I got home I had a message waiting for me from the CTO of a credit union in Portland saying that my website was being used for a phishing attack on the credit union customers. No way! That sucks! I quickly got onto my web server and started to check things out as I called the CTO. It appears that my web server was compromised through Dotnetnuke. I haven’t updated it in a while and apparently there is a massive security hole in the version that I was running. This exploit allowed the attacker to upload files to my web server. They installed a piece of software that collects data from web site forms. An an instance of WAMP to run the fake site and allow them to collect data from the phishing attack. I have all the logs and folders from the attack and will turn everything over to the authorities. I must once again say, that sucks!

Information and Links

Join the fray by commenting, tracking what others have to say, or linking to it from your blog.

Other Posts

Write a Comment

Take a moment to comment and tell us what you think. Some basic HTML is allowed for formatting.

Reader Comments

Be the first to leave a comment!

Kontera DynamiContext Plugin plugged in.
Skip to toolbar