Situation
-
Phishing Mail received:
CONFIG_TEXT: <example.com> Attention! No disk space(quota) left
-
Base URL is not the Hostname of the hosting server nor the domain of the user:
CONFIG_TEXT: https://PhishingDomain.com/login_up.php?success_redirect_url=https://www.example.com:8443
-
URLs on the mail redirect to webhostplesk.com
Impact
External Phishing attack, trying to steal server/user credentials
Check PFSI-62906 for updates
Call to Action
-
Report Phishing to the domain registrar and email server provider, this can be checked over WHOIS, as an example:
Main domain:
# whois webhostplesk.com | grep -i Abuse
Registrar Abuse Contact Email: compliance_abuse@webnic.ccDo the same for the hacked domains that redirect to the main one:
# whois PhishingDomain.com | grep -i Abuse
Registrar Abuse Contact Email: abuse@hoster.comReport IP of the server that send the mail:
# whois 203.0.113.2 | grep -i Abuse
% Abuse contact for '203.0.113.0 - 203.0.113.255' is 'abuse@hoster.com' -
Do not click or use the links in these mails nor fill in any information there
-
Use anti-spam measures How to protect a Plesk server from incoming spam and viruses
Comments
0 comments
Please sign in to leave a comment.