Phishing pages, of late, have become an easy resort for the cyber hackers to strike millions of websites across the globe. The experts engage in dealing with these hackers in Netcraft confirmed it after encountering hundreds of such pages hosted in a folder/.well-known/.as they logged on to the websites since it serves as a Uniform Resource Identifier (URI) path for the users to get into the details of the policies.
Normally, the users keep browsing through the directory to own up a domain since they get to know the required information to host the domain.
According to the experts, the attacks of the kind with /.well-known/ in the directory is made available on the sites which support HTTPS only.
A phishing page is kept hidden in /.well-known/ since the folder is easily available in many websites without the active support in the administrator's system.
A dot in the directory’s name was believed to have provided the experts huge clue to the nefarious network. Since all the folders and files have start mark as “.” lS command is not visible. These hackers have no dearth of designs to strike as they have deployed subdirectories /pki/ validation/./acme-challenge to ensure that the phishing pages are not easily found out.
Those dealing with these cyber hackers find it quite tough to discover the way the nefarious hackers could hijack the websites with these phishing pages.
Most of them have concluded that only the shared hosting platforms are vulnerable to be misused since the file permissions on the directories are permissive which permits a portal to upload content on somebody else’s website.
Normally, the users keep browsing through the directory to own up a domain since they get to know the required information to host the domain.
According to the experts, the attacks of the kind with /.well-known/ in the directory is made available on the sites which support HTTPS only.
A phishing page is kept hidden in /.well-known/ since the folder is easily available in many websites without the active support in the administrator's system.
A dot in the directory’s name was believed to have provided the experts huge clue to the nefarious network. Since all the folders and files have start mark as “.” lS command is not visible. These hackers have no dearth of designs to strike as they have deployed subdirectories /pki/ validation/./acme-challenge to ensure that the phishing pages are not easily found out.
Those dealing with these cyber hackers find it quite tough to discover the way the nefarious hackers could hijack the websites with these phishing pages.
Most of them have concluded that only the shared hosting platforms are vulnerable to be misused since the file permissions on the directories are permissive which permits a portal to upload content on somebody else’s website.