I was reading this insightful post on Palisade called Pharming on the Net by Nilesh Chaudhari. Nilesh’s article discusses about how DNS poisoning is used in pharming. What happened to my website recently is a prelude to this. To send out camouflaged (pharming) links, attackers need servers. They have been sending via proxys and localhosts and vague email addresses, but now because so many blacklists exist, and that spam filters are getting aggressive on the origins of spam, attackers are using legitimate websites to send their links to mailboxes.

Until now, we were only receiving spam and phishing attacks. But now, our normal weblog or websites are being targeted to be hosts to such activities. Now here’s how the game becomes dangerous: you are a normal user, you maintain a website or a hosted site for blogging, photoblog, SOHO business, etc. Your site has nothing of importance, nothing secretive or has the need to be secure. Yet, your site gets cracked. Why? Because your site can become a potential host for illegal activity, to be used in an unlawful black hat acts. And you become a gullible partner in crime by being a host to illegal files through whose interface phishing attacks are sent for pharming. Whether you like it or not.

Today, there are millions of hosted weblogs. That number alone makes it an irresistible proposition for attack and control these sites (turn them into zombies), park files that can mail phishing attacks (right under the owners’ nose), while we bloggers continue to write stories amusing you folks. And one fine day, we might hear the law knocking on our front doors.

There direly needs a guide for bloggers and casual website owners from getting indirectly involved in such illegal activities. If you’re reading this, please give this topic a momentum. You could list as many things as possible (but not limited to the following):

• List of trusted and vigilant hosting companies
• Tools for monitoring one’s website
• Safe methods to accessing and maintaining websites
• Things to avoid
• Grey areas and concerns
• Network security loopholes
• Bad employees

One of the things I am doing post being a victim is that I always report phishing or pharming mail sent to my inbox. Not only in Gmail but also by going to the bank site or eBay or PayPal and forward the received mail to their address. Thankfully, most solicit such feedback.

There is a pool of knowledge amongst us bloggers. The least we could do is protect ourselves, our sites and protect a fellow and his or her family from being conned on the internet. Please help, blog about it, educate your parents, friends, colleagues, readers about safety on the internet, tips for performing safe online purchases, bank and other financial transactions, help identify phishing and how to avoid becoming a host to pharming.

Tags to use: safetyonline, ihatepharming. Digg this, if you like.

Related articles from elsewhere

• Wired: Pharming out-scams phishing
• BBC: Phishing con hijacks browser bar; Users face new phishing threats; Hi-tech tools fuel phishing boom; How to escape the phishing nets; How to avoid the phishing bug;
  Virus tries to con PayPal users; E-mail fraudsters attack Citibank; Hi-tech tools fuel phishing boom.
• TechRepublic: Why phishing isn’t just a crime against individual users
• Cnet: Alarm over pharming attacks: identity theft made even easier.

security

Related posts

Following list is auto-generated, based on this post's context as possibly related. You may, however, occasionally find some in this list unrelated, but nevertheless, we sincerely hope that you'll enjoy them too.

• Why phishing works
• To hell and back
• NDTV: “Should blogs be regulated?”
• Popular but average
• Hard to beat blogs: The New York Times
• MSM.. oops, sorry
• IE getting back on track
• Preserving blogs
• Rationale of blogs
• Wired chief prefers good blogs