[SURBL-Discuss] Notification of Blacklist Status

SURBL Role surbl.role at gmail.com
Fri Jul 3 12:36:07 CEST 2009

On 7/2/09, Petros Kolyvas <pk at shiftfocus.ca> wrote:

>  2. Since we were not notified of being added (again my main point
>  contention,) no action could be taken to remedy the situation if there
>  was, in fact, something we could do to secure the site.

To be clear, the owner of the phished brand usually makes very
thorough efforts to contact the site owner or web host to let them
know about it and to ask them to correct the problem.

>  Our host even claimed that: The domain is not directly hosting the
>  phishing attack. Due to the fact that the server is running UserDir
>  functionality, other user accounts can be accessed through the /
>  ~username path. My ISP has confirmed that the UserDir functionality
>  will be removed from all server within 48 hours."

Which doesn't answer any of these probably important questions:

1.  How was the server cracked?
2.  How was the server fixed?
3.  Is the phishing site down or still up?
4.  Is the server now secure?

It would probably help to have answers to these questions.

More information about the Discuss mailing list