LinkBack URL
About LinkBacks
tweaking mod_userdir to allow IP only...
Hi, Does anyone know if it is possible to change mod_userdir so that it only works via...
http://ip.ip.ip.ip/~bob/
instead of...
http://any_domain_on_the_server/~bob/
I'm asking this for the following reason...
An account was recently used in a phishing scam. The customers login details were compromised from their own computer, not via any vulnerability on the server or in the customers webspace.
The fraudster had a list of domains hosted on the server and simply linked to the "bob" account in different phishing emails but from all the different domains -i.e....
domain1.com/~bob/
domain2.com/~bob/
domain3.com/~bob/
domain4.com/~bob/
domain5.com/~bob/
Paypal in their wisdom contacted us to say that a large number of sites had been compromised - which of course was NOT the case. We were also contacted by phishcops.net who seem to have taken the liberty of reporting each individual site as being the source of the phishing scam - when of course it was simply one account.
Is there any way of forcing mod_userdir to use the IP address / server hostname but not any other domain on the server?
Reply With Quote
