Highest Voted 'phishing' Questions - Server Fault Stack Exchange

44

votes

6 answers

Phishing site uses subdomain that I never registered

I recently received the following message from Google Webmaster Tools: Dear site owner or webmaster of http://gotgenes.com/, [...] Below are one or more example URLs on your site which may be part of a phishing…

domain-name-system phishing

asked Sep 13 '12 at 21:26

gotgenes

543
4
6

13

votes

4 answers

Suspected server or data vulnerability and reporting a fraud site

Two days ago someone created a website that has the exact same domain of the company I work for, but missing one letter, and sent a mail campaign to many people that there is a promotion on the website, when you go to the website you (as…

security web phishing scam

asked Dec 24 '13 at 12:48

mpcabd

233
1
7

8

votes

1 answer

Why is fail2ban finding but not banning

I noticed something strange on my Ubuntu Xenial server. It has SSH on the default port and it has fail2ban. Fail2ban is detecting brute force attempts on the server and are logged accordingly: 2017-01-12 10:58:19,927 fail2ban.filter [23119]:…

ubuntu ssh security fail2ban phishing

asked Jan 12 '17 at 10:53

Waleed Hamra

731
6
16

6

votes

6 answers

Are Extended Validation SSL certificates effective?

Every time an SSL cert comes up for renewal, my provider tries to sell me an Extended Validation certificate. The big difference is the green address bar in FireFox and Safari for quadruple or quintuple the cost. Supposedly, the benefit (and reason…

ssl-certificate phishing

asked Oct 21 '09 at 21:25

sh-beta

6,756
7
46
65

4

votes

1 answer

SPF - Will softfail get inherited when included?

If I add the SPF-policy v=spf1 include:_spf.google.com -all to my domain, will the -all have some effect or will the ~all from _spf.google.com get "inherited" to my domain?

email phishing

asked Aug 02 '15 at 21:42

user82444

4

votes

5 answers

Securing Internet and E-mail in small corporate environment

Our company is having a real problem with spam, phishing, and sophisticated viruses (ones that are brand new at time of first download, and not recognized by any virus scanners for at least a few hours after being downloaded, sometimes days). We…

security email anti-virus phishing

asked Jul 26 '11 at 12:54

Beep beep

1,843
2
18
33

3

votes

2 answers

Report phishing websites

Is there a central place to report domains that have made phishing attempts against my users? I usually make a report to the host of the domain (GoDaddy, generally) but I was wondering if there is a more effective place to send a report?

spam phishing

asked Jul 10 '18 at 18:06

Richard

133
3

3

votes

1 answer

Spamassasin regex body and header check not working

We are trying to mark phishing mails with a simple rule in Spamassasin as spam. But unfortunately we are unable to get a working check out of it. Basically what we are trying to achieve is that if the sender of the Mail is not from our domain…

email spamassassin phishing

asked Jan 24 '17 at 13:50

Daywalker

485
5
25

3

votes

3 answers

Reported Attack Page : how to resolve this problem

My site bccfalna.com is working normal before 2 days but now its not open in firefox/chrome and other browser and come below error message Reported Attack Page! This web page at www.bccfalna.com has been reported as an attack page and has been…

security hacking phishing

asked Sep 20 '10 at 04:35

tanujdave

33
1
4

3

votes

1 answer

How is this email passing DMARC?

Today we received a spoofed email: it was sent to us "from us". (Assume we own foo.com -- real domain redacted.) This is disturbing, as it shows as "from foo.com", yet the sender is definitely not from "foo.com". The mailbox "hello@foo.com" is a…

email spf dkim dmarc phishing

asked Dec 12 '21 at 19:30

Lawrence Wagerfield

47
8

3

votes

1 answer

Display full FROM email address in Outlook

I'm trying to do phishing mitigation in the Outlook desktop app, and I've seen a number of cases where the display name is so long that the email address gets truncated, e.g. From: Microsoft email account activity notifications…

security outlook phishing

asked Sep 14 '21 at 14:38

Barton Chittenden

310
2
8

2

votes

3 answers

Can anyone purchase a SSL certificate?If so what is it's significance in identifying phishing?

I have read a lot that a phishing site will not be having an SSL certificate installed.As far as I know, anybody can purchase an SSL certificate and install it in their website, irrespective of the site being genuine or fraud. In this scenario, what…

ssl-certificate phishing

asked Nov 29 '19 at 20:12

user7282

121
3

2

votes

3 answers

Block people searching for server admin pages

Occasionally I flip through our (apache) access log and I often come across people trying to fish for admin pages. For example, they are trying to access pages like: /wp-login.php /administrator/index.php /admin.php /user None of these…

apache-2.2 spam hacking block phishing

asked Mar 05 '15 at 01:04

Hubbo

23
3

2

votes

3 answers

Avoiding viruses 101

I'm looking to send out an email to my users to give them advice on avoiding getting viruses and phishing emails. I've found http://www.sonicwall.com/furl/phishing/ which is a bit dated and is primarily for phishing but still applies a bit for…

anti-virus malware phishing

asked Feb 16 '11 at 15:05

PHLiGHT

1,041
10
25

2

votes

5 answers

Virus sending phishing emails through exchange server

It appears that there is a virus on my network somewhere that is sending phishing emails through my exchange server. I can see the messages in message tracking and I see many SMTP errors for NDR's and rejected connections from external servers, but…

exchange-2003 smtp malware phishing

asked Apr 22 '10 at 16:26

therulebookman

340
2
4
9

Questions tagged [phishing]