How to detect Server Side Phishing? Here is the solution

Phishing filtering techniques we can apply in the client-side as well as on the server-side. In this article, we are going to see server side phishing filtering techniques. There are four server-side phishing filtering techniques we have discussed here.

They are the one-time password mechanism, watermarking mechanism, filtering phishing through session hijacking, and email phishing.

1.One-Time Password Mechanism in Server Side Phishing Filtering

One-time Password mechanism is a step by step process,

#1       First, the login approves by both the website and the customer. Then, the website sends an account validation message to the user. It sends by the designated communication channel.

#2     The user starts the actual login process by browsing the login page. It contains an input field for the customer’s login name and the CAPTCHA test.

#3    If the user’s login name is not recognized by the website, then it must be displayed on a page.

#4   If the user’s account name valid, the website checks the customer’s registered account. Then, sends an acknowledgement to that account.

 #5  The customer enters the assigned security code on the input page. 

#6     On receipt of the security code, the website has to make sure it. It should check the customer’s security code. It should check the IP address too.

The life span of the security code limits in this method.

Even though One Time Password is the secure method, we need to see the next method call Watermarking.

2. Watermarking Mechanism in Server Side Phishing Filtering


The user has to see his/her machine’s date and time in the logo.

Then only he/she should login. This imitates from the server.

After login, the user has to places the cursor over the logo. There the secret code displays. This secret code is user-dependent and it stores in the server database.

If the user places the cursor at the top of the web page, the user’s name displays.

But the attacker may hack the server database, to get the respective secret code of the user.

Hence, it may show the watermark on the fake website as a legitimate website.

How to avoid this kind of problem? The server will encrypt the secret code before storing it in the database.

Therefore, we should follow some methods of encryption to encrypt the secret code. Then, the watermarking mechanism method will be a more secure one.

The next method we need to see is Session Hijacking.

3. Session Hijacking – Server Side Phishing Filtering

Session Hijacking

The Session Hijacking Attack Prevention System (SHAPS) consists of three methods

a)Session fixation prevention web service

Each session has a unique session identifier for the identification of the key of the user.

There is a possibility of the attacker issuing a session ID to the user’s browser. Thereby, forcing the client to use a chosen session.

Thus, the essential information consists of a session ID, IP address, date and time and hostname of the request.

So, Using this information calls by the validation services. It can check with the requested URL.

Hence, the validation service finds it out as an attacker session. The service passes the request to the webserver.

If the session ID is the same, the IP address is different and the hostname is the same. The request is for a short period of time.

b)One-time URL service

The one time URL is valid only for one-time access.

The one time URL is generated in the web application.

This is for accessing sensitive information or any kind of service like money transfer, account activation and secret details reset.

Hence, these types of services are very confidential and must be protected against outside users and attackers.

c)Non-static web session creator

This provides non-static (Dynamic) session IDs instead of static session IDs.

Here, each HTTP request must use a different session ID to provide protection from session hijacking attacks.

Even though, this method provides more security, the next method we will see in E-mail.

4. EMail Phishing

Server side phishing filtering_s1

The three-stage server side phishing classification model develops for Email phishing.

Now, let us discuss one by one

Stage#1 The mails are checked for legitimacy in the subject

Stage#2 Contents are checked

Stage#3 IP Address is Checked

Stage-one analyses especially the subject of the header. It classifies the message and adds the label of the messages. It will do this for either spam or valid.

If the message appears legitimate it is labelled as good or legitimate.

Hence, If illegitimate, it marks as spam/junk.

Thus, messages marks as good are fed as input to stage two.

If spam, they are directly moved to the spam or junk folder. Legitimate messages send to stage-three for further analysis.

Messages or emails marked as spam move to the spam or junk folder.

Thus, in Stage-three, the algorithm uses to detect spam emails. It detects by validating the IP address.

Phishing Emails recognizes in several ways.

Server side phishing filtering

Hence, E-Mail Phishing is an important concept. We will see what are all the features that can be considered.

The following features can be considered to find the EMail is phished or not.

  1. Presence of Popup
  2. The text “Verify Account”
  3. Presence of Java script
  4. Presence of on click attribute
  5. Change of Window status
  6. The IP address in URLs
  7. Reply To modification
  8. Number of unique domains in URLs
  9. Number of words in the subject
  10. The richness of the vocabulary
  11. Number of periods in URL
  12. Link in image
  13. Number of hyperlinks
  14. Presence of CSS
  15. Number of words in the subject with at least fifteen characters

Therefore, we are in a position to consider all the features.

Final Words,

Hence, four methods of server side phishing filtering techniques are explained. These play a vital role in a secure transactions.

Want even more resources..

Here are a few links to favourite resources on this topic..