Salam to all my readers. Well, I believe some of you already know what is a phishing. According to Wikipedia,
phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.
In a simple word, my blog server, AdlanKhalidi.com has been hacked with a phishing attack. Out of nowhere, the hacker has installed Bank of America phishing page into my themes folder. Check the screen shot.
Personally and honestly, I don’t know how it works and I don’t really care about it. So, let me tell you how it happens.
Thursday, February 5, 2009
On my way back home from UIA, I received a call from Robot regarding a phishing activity. He wanted to confirm with me whether I know about it. I told him I have nothing to do with it.
I’ve checked my email with the subject ‘Security Alert’ from my hosting admin. Eventually, Bank of America has contacted JARING to inform about one of the server (AdlanKhalidi) has a phishing site. They asked me to redirect the site to a AntiPhishing website.
But then, after I’ve redirected the lenghty URL, it doesn’t work. I believe that the hacker has install some script that stops the URL redirect.
Friday, February 6, 2009
My entire blog server was blocked. I’m unable to view my blog and my server.
Sunday, February 8, 2009
Just before I wrote this entry, I’ve tried to delete the whole phishing folder inside my server. Guess what? It can’t be deleted, the server log said that: Permission denied.
So, I’ll have to ask for my hosting Master Admin to help me delete all those nasty folders.
Lesson: Increase the security of your password
Guess this is one of the lesson I should have taken earlier. My original password is way too easy. Its going to take less than 30 minutes for someone to hack into my server. So, some of the tips in choosing a password are:
-At least 8 characters in length
-At least 1 number
-At least 1 special character
-Upper and lowercase.
Read more about Good Password Tips and Password Management.
I hope this thing won’t happen again. It may happen to anyone of us. Is there any Malay term for phishing? Can I suggest ‘Panching’ or ‘Pancheng’ as a translation for it to DBP?