North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Phishing (Was Re: WashingtonPost computer security stories)
On Tue, 17 Aug 2004, Eric Kuhnke wrote: > > >>The mail originated from 68.77.56.130 (an ameritech.net DSL connection, > >>right now not pingable) and loads some images from www.citibank.com. > >>It links to http://61.128.198.51/Confirm/ - an IP address hosted by > >>Chinanet (transit to there supplied by Savvis from my point of view). > > It's a 1 line rule with mod_rewrite and apache to block > nonexistant or off-site http referers attempting to display > GIF/JPG/PNG images... Sometimes I wonder why Citibank, > Paypal and others don't do this. It would cut down on the > displayed authenticity level of many basic phishes. <cookie-foo>: 31-Dec-2014 00:00:00 GMT; path=/; domain=.usbank.com Server: Microsoft-IIS/5.0 Date: Tue, 17 Aug 2004 15:34:02 GMT Citibank.com returns: Server: "" Perhaps the 1-line mod_rewrite isn't available to them because they don't have mod_rewrite?
|