paypal scam - tracing link
Bret Stern
bret_stern at machinemanagement.com
Thu Oct 26 19:42:17 UTC 2006
> -----Original Message-----
> From: redhat-install-list-bounces at redhat.com
> [mailto:redhat-install-list-bounces at redhat.com] On Behalf Of
> Bob McClure Jr
> Sent: Thursday, October 26, 2006 12:36 PM
> To: redhat-install-list at redhat.com
> Subject: Re: paypal scam - tracing link
>
> On Thu, Oct 26, 2006 at 12:20:35PM -0700, Bret Stern wrote:
> > Afternoon,
> >
> > Can anyone suggest how to find and delete these files which show up
> > during a locate command.
> >
> > I've looked in the folders below (where the locate command found
> > them), but cannot find the files.
> >
> > Any help would be appreciated.
> >
> > Bret Stern
> >
> > /usr/local/apache/htdocs/www.paypal.com
> > /usr/local/apache/htdocs/www.paypal.com/cgi-bin
> > /usr/local/apache/htdocs/www.paypal.com/cgi-bin/webscrcmd=_login-run
> >
> /usr/local/apache/htdocs/www.paypal.com/cgi-bin/webscrcmd=_log
in-run/updates
> > -paypal
> >
> /usr/local/apache/htdocs/www.paypal.com/cgi-bin/webscrcmd=_log
in-run/updates
> > -paypal/addr.gif
> >
> > <long list trimmed>
> >
> >
> /usr/local/apache/htdocs/www.paypal.com/cgi-bin/webscrcmd=_log
in-run/updates
> > -paypal/update.php
> >
> /usr/local/apache/htdocs/www.paypal.com/cgi-bin/webscrcmd=_log
in-run/updates
> > -paypal/_login-submit.htm
> >
> /usr/local/apache/htdocs/www.paypal.com/cgi-bin/webscrcmd=_log
in-run/updates
> > -paypal/login.html
> >
> /usr/local/apache/htdocs/www.paypal.com/cgi-bin/webscrcmd=_log
in-run/updates
> > -paypal/cc.db
>
> The database that "locate" works from is built a little after 4am
> every day. So it looks like the files were there then, but not now.
> As root, run "updatedb" to rebuild the database, and see if the
> problem still exists.
>
> The next question, of course, is, has your machine been cracked by a
> phisher?
It was not my machine, but it is true. This was a re-creation of
paypal.com created on a customers host.
so the next question.. how was this accomplished.
Did someone actually guess the password, or are there other
ways..including insided folks, or other??
>
> Cheers,
> --
> Bob McClure, Jr. Bobcat Open Systems, Inc.
> bob at bobcatos.com http://www.bobcatos.com
> "Where you go in the hereafter depends on what you were after here."
> - Thanks to Graffiti, 2 March 2004
>
> _______________________________________________
> Redhat-install-list mailing list
> Redhat-install-list at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-install-list
> To Unsubscribe Go To ABOVE URL or send a message to:
> redhat-install-list-request at redhat.com
> Subject: unsubscribe
>
More information about the Redhat-install-list
mailing list