I take back what I said about hacking not being the best way to get rid of phishing/scam websites — it’s a great way! Why the sudden change? Here’s my experience…
Earlier today, I got a standard PayPal phishing email with the subject “Your account will be suspended!”, claiming that my account would be removed shortly if I didn’t fill in my PayPal information. This is an extremely common ploy, and PayPal frequently reminds you never to follow through with these kinds of emails. Out of curiousity, I copied the link they so desperately wanted me to click, and pasted it into my browser. I examined it closely to make sure my email address wasn’t encoded into the URL in some way, and hit Return to load the page. While the address started out with a valid-looking domain, it was actually an eBay banner link which was modified to redirect me to a fake server further down the link (and out of view in a standard browser window). A page loaded which looked exactly like the PayPal homepage, but you can be sure it wasn’t.
Judging by the “/~test/” in the address in my browser, I could see that the scam site was located on a server under a user’s account. To see what else was there, I removed the PayPal scam directories from the address, and went to the user’s folder. I couldn’t believe what I stumbled upon.
Before my eyes was a page labeled “PHP Shell 1.7,” with a command line, execute button, and output area. Knowing full well what this was — a PHP script which executed the given instruction at the command line of the server it resided on — I typed “ls” and hit Execute Command. The contents of the user’s folder were displayed in the text field below the command, just as if I were sitting at a keyboard connected to that machine. I knew what was next. I took another look at the scam address from the email, and used the PHP Shell to change directory to the actual folder where the scam files were located. Using a simple ‘tar’ command, I gathered all the files into one, and grabbed the whole lot (for further investigation, as well as a backup…just in case). After that, I did a simple “rm -r PayPal” to delete the entire scam website. Revisiting the link in the phishing email returned a 404 Not Found. I tried to remove the single PHP Shell script itself, so other users of the site aren’t at any possible risk, however it had permissions which denied my removal attempt.
While my efforts were hardly what I’d consider hacking, if what I did helped save one person from having their information stolen, I feel it was it was worth it. That’s just one phishing site among thousands, though. The real solution is to educate people about the malicious intent of scammers, and to give them the knowledge to simply ignore fraudulent emails.