[horde] Phising despite latest CVS?

Jan Schneider jan at horde.org
Wed May 3 13:37:40 PDT 2006


Zitat von Jan Johansson <j2 at mupp.net>:

>
>> What are you trying to say, and what does all this have to do with
>> phishing?
>
> Sorry, let me rephrase my message.
>
> I said phising, because my server have been used as the "fake host" in a
> Phising attack against eBay. (Now, my ISP have been helpful, and is
> filtering traffic).
>
> But, if you look at the URL. Something has created a "SignIn.html" in my
> horde-tree.
>
> (/var/www/webmail.skyddsrummet.net/horde/services/help/ws/eBayISAPIdllSignIn
> favoritenav=2sid2=ruproduct=pp=co_partnerId=2ru=i1=ruparams=pageType=pa2=bsh
> owgif=pa1=pUserId=errmsg=UsingSSL-runame-iteid=0/SignIn.htm)
>
> As I said. Even after updating to latest CVS, it was recreated _Again_ so I
> wonder what else I should be looking for?

The attacker has probably already installed a backdoor before you  
upgraded and is installing the file through that.

Jan.

-- 
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/



More information about the horde mailing list