Kronologi Phishing Attack di blog Denaihati

Assalamualaikum dan salam 1Dunia, memang terkejut besar apabila buka je blog Denaihati keluar warning besar “Warning : Suspect phishing page“. Dalam tempoh satu jam terima berbagai massage daripada Rakan Blogger yang tak dapat masuk blog Denaihati dan ada yang buat entri khas. Apa yang berlaku sebenarnya atas kesilapan aku yang sebenarnya tak sangka amaran yang diberi oleh Google memang serius.

Amaran Google pada 29/5/2012

Dear site owner or webmaster of denaihati.com,

We recently discovered that some pages on your site look like a possible phishing attack, in which users are encouraged to give up sensitive information such as login credentials or banking information. We have removed the suspicious URLs from Google.com search results and have begun showing a warning page to users who visit these URLs in certain browsers that receive anti-phishing data from Google.

Below are one or more example URLs on your site which may be part of a phishing attack:

http://www.info.denaihati .com//wpau-backup/wp-content/index/index.html

We strongly encourage you to investigate this immediately to protect users who are being directed to a suspected phishing attack being hosted on your web site. Although some sites intentionally host such attacks, in many cases the webmaster is unaware because:

1) the site was compromised
2) the site doesn’t monitor for malicious user-contributed content

If your site was compromised, it’s important to not only remove the content involved in the phishing attack, but to also identify and fix the vulnerability that enabled such content to be placed on your site. We suggest contacting your hosting provider if you are unsure of how to proceed.

Once you’ve secured your site, and removed the content involved in the suspected phishing attack, or if you believe we have made an error and this is not actually a phishing attack, you can request that the warning be removed by visiting http://www.google.com/safebrowsing/report_error/?tpl=emailer and reporting an “incorrect forgery alert.” We will review this request and take the appropriate actions.

Sincerely,
Google Search Quality Team

Terima email amaran dari Google ketika baru nak mula Kembara Musafir Beijing jadi sibuk berjalan terlupa nak ambil tindakan. Akibat daripada kesilapan mengambil ringan amaran Google blog Denaihati telah disekat lebih kurang jam 10.20 pm, 30/5/2012 kerana disyaki menjadi punca phishing attack kepada sebuah bank di USA. Dapat message pertama dari Datin Tyka pada jam 10.25 pm, terima kasih. Berikut detail yang dimaklumkan oleh Cloudflare.

[CloudFlare] has received a phishing report regarding your site pada 30/5/2012

CloudFlare received an abuse report regarding:
denaihati.com

Details about alleged infringement:
Team,

We are an Internet security company in the United States working on behalf of Regions Bank. We are contacting your organization to report phishing content targeting Regions Bank’s brand and customers that was detected on 5/30/2012. Our research shows that your organization provides hosting and/or IP services for a website that’s been compromised and is currently being used in a phishing attack. Please investigate the threat at the location(s) below:

http://www.info.denaihati.com//regions/index.html

IP Address: 141.101.124.216

This is an illegal and unauthorized copy of Regions Bank’s website that was created in an attempt to trick Regions Bank’s customers into sending sensitive personal and financial data to online criminals. We request that you deactivate this threat on your network immediately. If you are not the appropriate staff to handle this, we ask that you escalate this matter to the attention of those within your organization who can resolve this abuse issue.

Regards,

Security Incident Response Team

Apalagi cepat email Serverfreak untuk bantu selesaikan masalah yang sedang dihadapi. Seperti biasa tak sampai 3 minit Serverfreak memberi maklumbalas nak menutup connection ke subdomain info.denaihati.com yang menjadi angkara masalah. Aku garu kepada kenapalah semalam tak terfikir benda ni. Serverfreak buat siasatan apa sebenarnya yang menjadi masalah sehingga blog Denaihati jadi punca phishing attack.

Maklumat daripada Serverfreak.

that info folder they uploaded shell script and then uploaded few phishing site.

Kalau aku tak salah faham maksudnya ada manusia entah dari mana telah upload beberapa skrip phishing dalam theme subdomain info.denaihati.com dan digunakan untuk attack Regions Bank. Pernah ke kita terfikir boleh jadi macam ni. Untuk maklumat theme info.denaihati.com ini aku dapat percuma kerana menang contest. Teringat ayat dalam entri di blog Problogger.net rasanya macam betul je bila guna theme free ni.

So let’s just say it out loud so we can put it behind us: Forget about free themes! They are evil! This is something I’ve been saying for a little more than a year now. And hey, don’t blame me, it’s just the way it is. Almost all free WordPress themes include some kind of strange code in their structures, usually in the footer section. The code is encrypted, and, often, the theme stops working if you try to remove it. Also, you don’t have a clue about what’s actually in that code until you decrypt it. Just to make things clear, as a developer, designer, or simply a website owner, you never want to have any unknown code on your site.

Setelah semua masalah diselesaikan aku hantar maklumbalas kepada Google untuk mengeluarkan blog Denaihati daripada senarai warning phishing attack. Alhamdulillah pada jam 2.15 am, 31//5/2012 aku terima email daripada Google.

Phising problem [Abuse and DMCA reports]

From: Justin
Subject: Phising problem

The phishing warning has been removed from the domain.

Trafik blog jatuh merudum kerana kes phishing attack

Masalah tak abis begitu sahaja 31/5 dan 1/6 trafik blog Denaihati jatuh merudum 75%. Alhamdulillah 2/6/2012 dengan bantuan Eizil setting semula Cloudflare trafik blog kembali normal dan admin panel dah boleh masuk seperti sedia kala.

Banyak yang aku belajar dari peristiwa ini. Sekali lagi terbukti Serverfreak memang boleh diharap. Kepada yang sedang mencari hosting terbaik jangan lepaskan offer SF – Denaihati. Bagimana pulak rakan pembaca apa yang boleh dipelajari dari kes phishing attack ini?

---

  1. Pihak yang melakukan phising disebut sebagai Phiser.
    Entri terbaru Blog Keperawatan – Manfaat OlahragaMy Profile

  2. Kita harus hati-hati terhadap phising attack ini
    Entri terbaru Blog Keperawatan – Manfaat OlahragaMy Profile

  3. selamat ya sudah normal kembali..
    semoga atas kejadian itu denaihati tambah sukses selalu.
    Entri terbaru eflianda – Tikaman Belati KehidupanMy Profile

  4. bahaya gak kalau jadi kat blog sendiri
    Entri terbaru Wan Gerrard – Euro 2012 2nd Semi Final: Germany vs ItalyMy Profile

  5. Kejadian ini sungguh luar biasa,
    Terjadi kepada kita tentu merana jiwa.
    Entri terbaru sensasi2020 – Juara Euro 2012My Profile

  6. Kalau terjadi kepada kita sebegitu,
    Apa yang harus kita buat,
    Mengharap rakan sudi bantu,
    Bolehlah DH buat entri utk diperhebat.
    Entri terbaru sensasi2020 – Juara Euro 2012My Profile

  7. Mereka sentiasa mencari senjata,
    Untuk menyerang pertahanan kita,
    Namaun begitu tidak boleh alpa,
    Harus belajar sesuatu untuk terus dijaga.
    Entri terbaru sensasi2020 – Juara Euro 2012My Profile

  8. Pertahanan sesuatu blog mesti kuat,
    Tapi tidak terlepas dari serangan,
    Walau setahan mana kita perhebat,
    Belum tentu tidak boleh dirobohkan.
    Entri terbaru sensasi2020 – Juara Euro 2012My Profile

  9. Apa yang berlaku nanti bukan dirancang,
    Ia kan terjadi dan bila2 masa bole hilang.
    Entri terbaru sensasi2020 – Juara Euro 2012My Profile

  10. Semoga kejadian ini menjadi panduan,
    Buatlah backup untuk buat pedoman.
    Entri terbaru sensasi2020 – Juara Euro 2012My Profile

  11. Syukur sudah kembali seperti sediakala,
    Bolehlah buat entri yang hebat lagi la….!!
    Entri terbaru sensasi2020 – Juara Euro 2012My Profile

  12. Kata Kata Motivasi buat semua.
    Jangan menunggu waktu yg tepat tuk melakukan hal yg baik. Jangan terus bertanya apa yg mungkin terjadi, beranikan diri!
    semoga bermanfaat !

  13. alhamdulillah udah normal kembali. mungkin ini cobaan buat anda atu sebagai jalan untuk meningkatkan quality blog anda.
    Entri terbaru natural beauty – Pomegranate Health BenefitsMy Profile

Trackbacks

  1. [...] terbaik pada pandangan mata aku mengenai tips berblogging dari denaihati.com itu.Tips Update Blog Serangan Terhadap Blog Strategi Penjenamaan Blog Tips Kongsi Backlinks Tips Tingkatkan Trafik Blog 15 Teknik Menaikkan [...]