paypal scam - tracing link

Bret Stern bret_stern at machinemanagement.com
Thu Oct 26 19:42:17 UTC 2006 

> -----Original Message-----
> From: redhat-install-list-bounces at redhat.com 
> [mailto:redhat-install-list-bounces at redhat.com] On Behalf Of 
> Bob McClure Jr
> Sent: Thursday, October 26, 2006 12:36 PM
> To: redhat-install-list at redhat.com
> Subject: Re: paypal scam - tracing link
> 
> On Thu, Oct 26, 2006 at 12:20:35PM -0700, Bret Stern wrote:
> > Afternoon,
> > 
> > Can anyone suggest how to find and delete these files which show up
> > during a locate command.
> > 
> > I've looked in the folders below (where the locate command found
> > them), but cannot find the files.
> > 
> > Any help would be appreciated.
> > 
> > Bret Stern
> > 
> > /usr/local/apache/htdocs/www.paypal.com
> > /usr/local/apache/htdocs/www.paypal.com/cgi-bin
> > /usr/local/apache/htdocs/www.paypal.com/cgi-bin/webscrcmd=_login-run
> > 
> /usr/local/apache/htdocs/www.paypal.com/cgi-bin/webscrcmd=_log
in-run/updates
> > -paypal
> > 
> /usr/local/apache/htdocs/www.paypal.com/cgi-bin/webscrcmd=_log
in-run/updates
> > -paypal/addr.gif
> > 
> > <long list trimmed>
> > 
> > 
> /usr/local/apache/htdocs/www.paypal.com/cgi-bin/webscrcmd=_log
in-run/updates
> > -paypal/update.php
> > 
> /usr/local/apache/htdocs/www.paypal.com/cgi-bin/webscrcmd=_log
in-run/updates
> > -paypal/_login-submit.htm
> > 
> /usr/local/apache/htdocs/www.paypal.com/cgi-bin/webscrcmd=_log
in-run/updates
> > -paypal/login.html
> > 
> /usr/local/apache/htdocs/www.paypal.com/cgi-bin/webscrcmd=_log
in-run/updates
> > -paypal/cc.db
> 
> The database that "locate" works from is built a little after 4am
> every day.  So it looks like the files were there then, but not now.
> As root, run "updatedb" to rebuild the database, and see if the
> problem still exists.
> 
> The next question, of course, is, has your machine been cracked by a
> phisher?

It was not my machine, but it is true. This was a re-creation of
paypal.com created on a customers host.

so the next question.. how was this accomplished.
Did someone actually guess the password, or are there other
ways..including insided folks, or other??




> 
> Cheers,
> -- 
> Bob McClure, Jr.             Bobcat Open Systems, Inc.
> bob at bobcatos.com             http://www.bobcatos.com
> "Where you go in the hereafter depends on what you were after here."
>   - Thanks to Graffiti, 2 March 2004
> 
> _______________________________________________
> Redhat-install-list mailing list
> Redhat-install-list at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-install-list
> To Unsubscribe Go To ABOVE URL or send a message to:
> redhat-install-list-request at redhat.com
> Subject: unsubscribe
>

More information about the Redhat-install-list mailing list