Joined: Fri Oct 12, 2007 10:22 pm Posts: 1117 Location: Virginia
I have three websites - two for my actual profession and one for my jewelry. They don't get very much traffic as I don't advertise, etc.
Recently - for about a month - I've been getting phishing emails to my jewelry email address. Mostly they are fraudulent receipts for non-existent purchases I supposedly made. Some are about bank transactions that have been rejected. Several were about payroll errors. But most are mimicking real companies and have emails that look genuine.
I traced one through the firm they were impersonating, and that owner had tracked them to an Argentinian isp.
I have had a serious increase in traffic on my site from Ukraine and Russia - for no reason I can think of - and show numerous new links to my site from those locales.
They have not been doing this through my other 2 sites (yet) and I assume that is because they are consulting services, not retail, but I could be wrong.
If you get emails like this DO NOT clink on any of the links and do not give them any information. Forward the email to the company they are impersonating - if it's one you recognize.
_________________ Soil is not dirt. http://hmmdesign.net
Joined: Fri Feb 24, 2006 1:20 am Posts: 2756 Location: Southern California, U.S.A.
Barbra Voltaire wrote:
One can block access for IPs from certain countries if they wish.
Care to expand on that? I'm being plagued by a large number of site visits from Russia, Ukraine, Romania, China, Iran etc. and when I try to block them I get the message: Sorry, the name you entered could not be resolved to a valid IP address.
Meanwhile I'm getting hits from all sorts of weird URLs: porn sites, auto financing sites, etc. I want to stop this but don't know how. Any help out there?
Joined: Fri Feb 24, 2006 1:20 am Posts: 2756 Location: Southern California, U.S.A.
Hi Jeffrey, My site has the IP Deny feature and that's the function that can't single out an IP or an IP range to block. When I see the logs from the troublemakers there are literally dozens of different IP numbers shown. They must use some sort of feature than automatically changes their IPs every few seconds so they can't be tracked to a blockable number.
Worse, I'm not sure what they're doing on my site. I've ID'd some as "content spammers" whatever that means. I know it's bad but I don't know how to stop them. It's very frustrating.
Joined: Tue Jun 12, 2007 6:41 pm Posts: 5534 Location: Massachusetts, USA
My security practice is to monitor the logs and see IP addresses that try to access script directories like /cgi. First offense, that IP is blocked. Next offense the range 111.222.0-255 is blocked. Next offense, 111.0-255.0-255 is blocked. Nuclear option is to block the first quad, and to hell with that country. .CN is more laborious.
Joined: Sun Feb 25, 2007 12:44 pm Posts: 209 Location: Dallas, Texas
There is a free application that will give you the original site as well as mirrors...... www.peerguardian.com Origanially a university project, we forward to FBI or maybe they already have these due to US cyber snooping:-) W
Joined: Tue Jun 12, 2007 6:41 pm Posts: 5534 Location: Massachusetts, USA
Thanks. I have noticed a lot more hostile activity this year. Usually sniffing for CGI/PHP/other script or Dbase folders. My Deny list is many pages long. In addition this forum has been sniffed to the extent I am getting spam sent to the address I only use as a contact here. Mideast and the old FSU countries, mostly. And the usual Nigerian scams. And of course the innumerable hits from the sick, sick chair-sniffer of the Web, Google, doing the bidding of Friends in High Places, as usual.
I had to laugh yesterday when one came in offering their expertise in PHP. Yes, no doubt they were very good at it, but No Thanks. Hire Willy Sutton to be bank guard?
Users browsing this forum: No registered users and 7 guests
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum