Monday April 29th, 2019 12:35 The Spamvengers: Stupidgame

So, one of my users just got a phishing email from a lazy-ass cred thief.

It was fairly well composed, HTML-wise. So, I’ll give them that. But OMFG how could you completely fall down on the job with everything else? For instance:

The second dir I obfuscated because it’s the name of the supposed sender. I’m gathering this twit got a hold of their account and copied out the contacts list for this little endeavor.

But, seriously? Block directory listing, you imbecile.

Because that inevitably leads to someone clicking through and finding a handy zip of all your PHP. And that leads to them finding a plain text copy of the emails you were having all the credentials sent to:

And that leads to no one caring about obfuscating your address, since you’re a spammer dickhead. Or using online services to flood your inbox for hours on end.

I don’t know what dastardly individual would do that second part, though.

Oh, that’s right.

Los Commentos, as the French say

Your name

Your email

Your URL

Whois

IT guy, dev, designer, writer.

Got a degree in print journalism from UF but history dealt some bad cards to that industry, so I moved back to an earlier love: the computer.

Was recently at ZMOS Networks, but am now the Senior IT Associate at the Edna McConnell Clark Foundation.

My name is moderately common, as are a couple screen names, so always look for the logo to make sure you're reading something with official Km approval.

You can get to me directly with kyle(@)kylemitchell.org