Results 1 to 8 of 8

Thread: Ebay phish

  1. #1
    Junior Member
    Join Date
    May 2003
    Posts
    5

    Ebay phish

    I have a server I use for on line gaming and some small websites. My server was exploited through php and vwar combo and my stupidity of having a file above 755. My question is : Is there anyplace that I canturn to to help me track down these people. IS there any "police" force that will take on the investigation or do I have to pay to have someone arrested.

    Its one thing if someone just messes up a page but these people where trying to use my server to steal. You would think some law inforcement agency would be interested. I did trace some of it back back a server that has hundreds of hacks, exploit scripts and worms.(Not exagerating) Now this could be just another exploited server so I don't know, but i'd love to see someone in jail for it.

    thanks for any advice

  2. #2
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867

    Re: Ebay phish

    Originally posted here by At)|(ri
    I have a server I use for on line gaming and some small websites. My server was exploited through php and vwar combo and my stupidity of having a file above 755. My question is : Is there anyplace that I canturn to to help me track down these people. IS there any "police" force that will take on the investigation or do I have to pay to have someone arrested.

    Its one thing if someone just messes up a page but these people where trying to use my server to steal . You would think some law inforcement agency would be interested. I did trace some of it back back a server that has hundreds of hacks, exploit scripts and worms.(Not exagerating) Now this could be just another exploited server so I don't know, but i'd love to see someone in jail for it.

    thanks for any advice
    Can you explain this a little more, how do you know they were trying to use it to steal? Also, you said "where/were", does this mean you restored the server? If so, you have destroyed any evidence that law enforcement may have needed to bust these guys.

    Cheers:
    DjM

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Yes,

    Can you explain the
    Ebay phish
    connection?

    Also, as DjM says, if you have fixed your machine you will probably have destroyed the evidence.

    Unfortunately, it seems to be that unless an actual crime was commited for a significant tangible monetary amount, enforcement agencies don't seem too interested.


  4. #4
    Junior Member
    Join Date
    May 2003
    Posts
    5
    I was able to get my server provider to look into this a little. They said my sever wasn't rooted. They said they exploited Vwar which is a php "program" used for a forum/calendar/uploading thingy.

    What I mean by them trying to steal relates to those phishing emails that talk about your ebay account and the need to update you personal information. Well your directed to a fake website to enter that stuff and that website was on MY SERVER . So if someone thought that it was a real ebay email and they clicked on the link, that link went to my server were it looked like you were on ebay, and then it would have used my sever to send the stolen information to the hackers email/server. I have a link to their sever that has the ebay scam scripts on it. They use this other sever as a file server and use it to store their hacks that they download onto exploited servers.

    I didn't wipe out anything except the vwar directory that had these fake websites in it. I had to get rid of that stuff before someone actually tried to enter information. I was sent an email from my sever company ( which was notified by ebay) to remove the offending pages and something about the FBI investigating me for fraud, yet nothing about helping me (also a victim)

  5. #5
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    At this point, the best thing to do is make sure you have everything fully documented. Dates & times you were made aware of the problems. IP Address's that you have tracked (screen shots if you can get them.) Dates & times that you spoke with your ISP (the name of the person would be good). This way, "if" the FBI come knocking, you can produce some evidence that shows you were a victim and not the "perp".
    By the way, don't be looking over your shoulder, I doubt the FBI will even call you, let alone show up at your door.

    Cheers:
    DjM

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Thankyou At)|(ri for clearing that up in my mind.

    Since you posted, someone has reported a similar e-bay phish, where the "victim" server appears to be run by the London Borough of Hillingdon.

    Here is a link to the thread:

    http://www.antionline.com/showthread...hreadid=275251

    You might like to get some details from that, as it provides useful evidence that this sort of thing is going on all the time on the internet, and in that case it was a .gov server that was compromised.



    Here is another one:

    http://www.antionline.com/showthread...hreadid=275224

    This time in New Jersey

  7. #7
    Junior Member
    Join Date
    May 2003
    Posts
    5
    Thanks for the info and help. I'm not real worried about getting in trouble I just wish the real perp would be prosecuted

  8. #8
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    You are welcome for any help that I might have given. I am not worried about you getting into trouble as such, only that someone might waste your time (and theirs) on a fruitless investigation.

    Unfortunately, these guys are rather cute, so the best place to catch them is when the money gets transferred. Your end is just part of the fraud mechanism and is probably not particularly important to the overall fraud process.

    After all, they are just using your site to get information. They then have to use that, to steal money from someone else, and then get that money into their hands.

    I suspect that the authorities would prefer these people to try to steal funds and then catch them at that point when they will net accomplices, launderers and the like as well?


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •