pistol-training.com has been Hacked
http://pistol-training.com has been compromised, and is serving up a form here: http://pistol-training.com/dotw/use/...S7d/form1.html
That link was sent out to an organization that I consult for trying to get their users to put in their organizational username and password.
I could not find the contact information for whoever runs the website, so I am posting it here, in hopes that a mod will contact the owner of the site.
Thanks
-Josh
I'm not getting any form when I click on your link. It's not very hard for someone attempting to phish to use the logos of a legit website to try and fool people.
Suffice it to say that no-one on Pistol-Forum.com or at Pistol-Training.com will make requests of anyone for usernames and passwords to any company email or information system, paypal or banking sites, etc.
It looks like the form has now been removed... I had assumed an admin of the site had removed it... Are you one of the admins of Pistol-Training.com?Originally Posted by TCinVA
-Josh
No, just one of the folks with admin powers here. Todd is the only admin on Pistol-Training.com. If the form is gone I assume he's working on the problem.
We'll do whatever we can to assist.
Josh & everyone -- That was a legacy from a contest I was running years ago when we did DotW stuff on PTC instead of here at PF. It called to an outside service for form generation and perhaps someone hacked it at the source? The form was gone before I was aware of the issue and now I've removed all traces of the php form generator from the site.
Thanks!
Todd,
Ok, that makes sense, as I did a security scan of Pistol-Training.com (http://sitecheck.sucuri.net/results/Pistol-Training.com) and it came up clean.... I just assumed an FTP password was guessed or some such thing.
Do you remember what the outside service was?
As an aside, I would suggest that you put some kind of contact email on your site so that in the future, someone in my position can more easily contact you about issues like this.
Thanks-
-Josh
"php form generator" or something like that.
Spoken like someone who's never received 100 "what gun iz best?" emails per day from random strangers...As an aside, I would suggest that you put some kind of contact email on your site so that in the future, someone in my position can more easily contact you about issues like this.
But your point is well made and perhaps it's something I'll have the WordPress gnomes look into...
Generic email accounts are awesome for stuff like that: "pistol-training@gmail.com" or something. I have "gunnutsradio@gmail.com" for exactly that reason.
Not to get too far afield, but...
So? People send an email, they expect a response. Corollary: people send stupid emails, they still expect detailed thought out responses. I listed a contact email on a previous (pre-"blog") site and it was nearly the death of me.
Abuse@domain.com and webmaster@domain.com are pretty commonly used for this kind of thing. (Though abuse is generally monitored by whoever's running the mail server).
Reply With Quote
