More phishing files found on Mauritian webserver

April 12, 2015

A few days ago I wrote the following: flaw on Mauritian website reveals a possible phishing scam. The discussion then continued on the Mauritius Internet Users mailing list and S. Moonesamy alerted Orange about the vulnerability. Something like three days afterwards some of the files were removed.

Now, after almost a week it appears that only files that have been reported were removed. There was no further investigation or maybe the investigation was poorly handled.

What prompts me to say so?

Currently there are several other phishing pages that lurk on the same victimized server as before. I should maybe re-iterate that it is a shared server and hosts other websites, among which we have a Government owned website, the Mauritius Oceanography Institute ( Now, it doesn’t look good if an IP address where a Government of Mauritius website is running, is involved in sending spam, used for phishing bank accounts, Dropbox accounts or Google accounts.


Possible phishing page targetting Dropbox users


Phishing page targetting Google account holders

A similar situation can be found at

The server has several suspended cPanel accounts which apparently still contain Malware.