Phishing using the /.well-known/ directory
Keep an eye on the content of your /.well-known/ folders that are normally used for pki-validation for your SSL certificates.
Full details may be found at The hidden "well-known" phishing sites | Netcraft
-
cPanel doesn't use any special permissions on the .well-known directory so it shouldn't be any more at risk than any other directory. 0 -
No need to defend cPanel, nor was there any suggestion of any fault nor criticism of cPanel, it was only a 'heads up' that there looked like there was an emerging trend for malware to be hidden in that folder (which is often not seen unless one has made the effort to show hidden files) and even less likely to be regularly inspected. - Perhaps hidden files should be enabled by default, with an option to hide them ? I also wonder if it might be a good idea to have the AutoSSL system generate a security.txt file as recommended, with at least the email address of the cPanel account filled in. 0 -
I can't imagine having the user's email address placed in a publicly accessible file (at least without explicit permission and sometimes I wonder if that's even enough - people will click anything) as being a very good idea. Basically, if files are being written into the .well-known folder (or any folder) without the account owner's knowledge... that's a security issue and means there's a security issue that the account owner (or web hosting provider, if they are completely managing the account?) would need to rectify. I don't really see much of the point of this "news" release. They might as wells to have headlined this as "WARNING: If you have a website you are at risk of potentially hosting a phishing site" 0 -
I would encourage you to contribute to the IETF recommendations draft, and explain to them how short sighted they are in even considering this policy. draft-foudil-securitytxt-02 - A Method for Web Security Policies 0
Please sign in to leave a comment.
Comments
4 comments