The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Phishing.

Discussion in 'Security' started by cygus, Sep 11, 2011.

  1. cygus

    cygus Active Member

    Joined:
    Jun 18, 2007
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Hi,

    I have problem on my cpanel server. A lot of domains of my customers have subdomains with phishing sites.
    For example:

    Customer's domain: domain.com
    Customer's subdomains (phishing): paypal.com.domain.com

    Do you know this kind of issue?

    Second problem is that my server send a lot of spam from my customer's account.
    For example:

    Customer's email account: info@domain.com
    Spam sender address: info@domain.com

    This problem exists on several accounts.

    Who can help me?
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    There is not a current way to prevent subdomain creation of that type, since any subdomain name can be used so long as it conforms to internet standards. Adding something.com.domain.com would work since domain.com is already on the account, so the WHM > Tweak Setting > Allow Remote Domains setting being off will not restrict subdomain creation (only parked and addon domain creation).

    As for the second question, I'm not entirely certain what your example means. The email account is actually being used to send or the email account is being spoofed?
     
  3. abdelhost77

    abdelhost77 Well-Known Member

    Joined:
    Apr 25, 2012
    Messages:
    81
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator




    Here is a small scrip that will send you a notification when a user create a subdomain containing some fraudulent terms like "paypal , visa , discover , bank " .. you have to add it to crontab to be excuted for example each 2 hours , it consume ~ 0% cpu , then when receive alert you can check on whm ==> list subdomain



    Example for alert for subdomain contain "paypal" .

    rm tempo00

    for i in `ls /var/cpanel/users`
    do
    /scripts/listsubdomains $i >> tempo00
    done



    p=`grep -i paypal tempo00|wc -l`
    if [ $p -ne "0" ]
    then
    ""| mail -s "Attention PAYPAL pishing blablabla" yourmail@yourdomain.com
    fi
     
  4. bizzy

    bizzy Member

    Joined:
    Nov 30, 2006
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    You should also think why your server is being targetted. Are your prices too low? Spammers are notoriously mean people. Hiking the prices can get you a better quality of customer provided you can provide something to justify the extra cost.

    You don't have to apply it to existing 'good' clients. Kicking off the bad boys will mean there are less likely to return. Your server's performance will improve and you won't have to trouble yourself with de-blacklisting or taking difficult calls from your ISP.

    If on the otherhand these subdomains are hanging off 'good' clients without their knowledge then it is likely they may be running an out of date CMS which allows SQL injection. Start with Wordpress (currently 3.5.1) and then down through the other likle contenders - Joomla (2.5 or 3.0) and Drupal.

    The key is to kill the cause rather than mop up the mess.
     
Loading...
Similar Threads - Phishing
  1. S3RCE
    Replies:
    10
    Views:
    448
  2. axel50397
    Replies:
    3
    Views:
    1,076
  3. Erik1
    Replies:
    1
    Views:
    451
  4. MrGrey
    Replies:
    1
    Views:
    361

Share This Page