Implementing a redirect in Apache
There are several ways to implement a redirect in Apache, but the following method is one of the simplest.
- Create a .htaccess file in the directory where the phishing site was stored. Note the leading dot on the .htaccess filename.
- The .htaccess file should contain the following text:
Redirect 301 /the-phishing-page.html http://education.apwg.org/r/?www.phishsite.com/the-phishing-page.html
(In the above text, “the-phishing-page.html” should be replaced with the filename of the phishing webpage that was taken down and “www.phishsite.com/the-phishing-page.html” should be replaced by the full URL of the phish site that was taken down. Note that there are two things that need to be replaced by the full URL of the phish site. For example, “the-phishing-page.html” could be “signin.html” and «www.phishsite.com/the-phishing-page.html» could be “yourcompany.com/update/signin.html”)
- The .htaccess file should be owned by an unprivileged «utility» user and group, and set to be world readable and writable by no one.
More information about .htaccess files can be found here:http://httpd.apache.org/docs/2.2/howto/htaccess.html
