Phishing (Was Re: WashingtonPost computer security stories)

• Previous message (by thread): Phishing (Was Re: WashingtonPost computer security stories)
• Next message (by thread): WashingtonPost computer security stories
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 17 Aug 2004, Eric Kuhnke wrote:

>
> >>The mail originated from 68.77.56.130 (an ameritech.net DSL connection,
> >>right now not pingable) and loads some images from www.citibank.com.
> >>It links to http://61.128.198.51/Confirm/ - an IP address hosted by
> >>Chinanet (transit to there supplied by Savvis from my point of view).
>
> It's a 1 line rule with mod_rewrite and apache to block
> nonexistant or off-site http referers attempting to display
> GIF/JPG/PNG images...  Sometimes I wonder why Citibank,
> Paypal and others don't do this.  It would cut down on the
> displayed authenticity level of many basic phishes.

<cookie-foo>: 31-Dec-2014 00:00:00 GMT; path=/; domain=.usbank.com
Server: Microsoft-IIS/5.0
Date: Tue, 17 Aug 2004 15:34:02 GMT

Citibank.com returns: Server: ""

Perhaps the 1-line mod_rewrite isn't available to them because they don't
have mod_rewrite?

• Previous message (by thread): Phishing (Was Re: WashingtonPost computer security stories)
• Next message (by thread): WashingtonPost computer security stories
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]