Innocence and Shame Project
Have You Received One of My Alerts?
Did you come to this page by clicking the link in my alert email?
You received my alert because your server is being used in the click-to link in a phishing email that I received on one of my domains. When naïve Internet users click links in that phishing email, they open a web page to your server and become infected. My alerts are sent as soon as I received notification of a phishing email. The timeliness of this alert indicates a phishing campaign is in progress. You should take action now to secure your system.
The first thing you should do is delete the infected files from your server. By removing the infected files from your server, you help decrease the effectiveness of the spammer's email campaign.
The next thing you should do is have your systems administrator secure your system. By securing your server, you increase the spammer's costs in maintaining a network of compromised systems such as yours. The spammer will need to buy access to another infected system to replace the one he lost.
You should be angry that your server has been hacked and was part of a phishing spam campaign. Take action now to undermine that campaign: remove the infection and secure your system. It will decrease the spammer's revenue and increase his costs, a situation that puts most people out of business.
More About This Project
This is one of my personal projects. It attempts to change the economics of email phishing scams by increasing costs for those spammers using my domains in their forged email headers. This economic strategy is in addition to the technical means I already use to secure my domains.
This is not a battle against all Internet spammers, which would be insane; only the handful that have latched onto my domains. It is personal.
The "Innocence and Shame" project name refers to the "innocent" owners of insecure and compromised websites that are exploited by these spammers. ("Shame" will be implemented in the second phase of this project.)
Compromised servers cost the spammer money. While the cost for such "rooted servers" is cheap, ranging from pennies to dollars, there is some cost. A spammer needs a network of compromised systems to support his multi-million email scam campaign.
The project works by sending an alert email to the owners or legal representatives of the compromised system. The email tells them the exact directly location containing the spammer's files and advises them to secure their system.