Gophish faʻamaumauga
tuʻuvaʻaga
E faʻafefea ona faʻatutuina se SMTP Email Server mo le Suʻega Phish i le 2022
O e mafaufau e fa'atutu lau oe lava fa'apolopolo fa'ata'ita'iga fa'akomepiuta i lenei tausaga?
Social Engineering ua tupu aʻe i se faʻamataʻu sili atu i le 2022 ma o loʻo e mafaufau i auala e foia ai.
Ae o le faʻaitiitia o le faʻaogaina o alamanuia ua faʻamalosia ai lenei mea nai lo se isi lava taimi.
Ina ia amata e te manaʻomia ni nai mea.
E te mana'omia se server imeli SMTP aoga.
E mafai ona lu'itau talu ai o le tele o kamupani e tu'uina atu ao poloka felauaiga SMTP.
E te mana'omia fo'i se dashboard e siaki ai, ma au'ili'ili au su'esu'ega fa'ainisinia fa'aagafesootai.
O lenei mea e mafai ai ona e matamata i le alualu i luma ma toe lipoti atu i le au pulega.
O le fa'atulagaina o nei mea e mafai ona alu ai vaiaso o galuega fa'atasi ai ma su'ega, fa'aopoopo i le afe tala i le galuega.
O le mea lena na matou fatuina ai lenei taʻiala e faʻaali atu ai ia te oe le auala e mafai ai ona e setiina se server SMTP i luga o kamupani talimalo e le poloka le SMTP.
E o'o atu i le fa'ai'uga o lenei ta'iala o le a e iloa ai le fa'atulagaina ma fa'amautu le server ina ia mafai ai ona lafo fe'au.
Ma le isi o le ae iloa le faʻamafanafanaina o le tuatusi IP o loʻo faʻaogaina e le 'auʻaunaga ina ia mafai ai ona momoli atu feʻau.
O le a matou faʻaogaina se meafaigaluega e taʻua o le Poste.io e fesoasoani i le faʻatulagaina o meli.
Matou te fa'aali atu fo'i ia te oe pe fa'apefea ona fa'atūina se dashboard phishing e mafai ona e fa'aogaina e siaki ma au'ili'ili ai au su'esu'ega.
E i ai le matou dashboard fa'aogaina GoPhish i luga o le Amazon Web Services ua sauni e fa'alauiloa.
E mafai ona e ki ma tape lenei dashboard pe a mana'omia e pulea ma au'ili'ili au fa'ata'ita'iga su'ega phish.
Fa'afefea ona seti lau SMTP Server
Muamua e te manaʻomia le mauaina o se VPS mai se kamupani e faʻatagaina le SMTP fefaʻatauaiga.
O lona uiga o le Contabo, Hetzner, LunaNode, BuyVM, poʻo le Scaleway.
O le a matou faʻaaogaina Contabo i lenei faʻataʻitaʻiga.
- Fausia se tala ile Contabo ma le itiiti ifo ile 4GB o le RAM ma le 80GB ole avanoa e teu ai.
kiliki iinei e tatala ai se Contabo VM faʻatasi ai ma faʻatulagaga na muai filifilia.
- E mafai ona e filifilia le faaupuga e fetaui ma lou tulaga fa'aoga.
E fa'aaoga e le matou 'au fa'amasina ta'i masina se'i vaganā ua umi se matou maliliega fa'aoga mo su'ega phish.
- O le isi mea e te mana'o e filifili se itulagi e sili ona latalata i le fa'alapotopotoga o le a e su'eina.
I lenei tulaga, o le a ou faʻaaogaina US East i Contabo.
- O le VPS e te faʻaaogaina mo le faʻafeiloaʻi o lau SMTP server e tatau ona i ai le itiiti ifo i le 4 GB o le RAM ma le itiiti ifo i le 80GB o le avanoa e teu ai.
- Ona e manaʻo lea e filifili le Operating System, filifili le Ubuntu 20.04 e faʻamautinoa le fetaui.
6. Filifili se upu fa'aoga e te fa'aogaina mo le fa'aogaina o lau 'au'aunaga e ala ile SSH. E mafai ona e faia se upu fa'amalo malosi iinei: https://passwordsgenerator.net/
Ia mautinoa e teu lenei mea i se pule faʻaupuga e pei o LastPass mo faʻamatalaga i le lumanaʻi.
- Ia mautinoa o loʻo tuʻuina atu ia oe ia le itiiti ifo ma le tasi le tuatusi IP lautele!
8. E mafai ona e tu'u le fa'aletonu mo Addons ma le Tele o Auaunaga i Contabo.
- A mae'a lena e tatau ona e saini pe fai sau tala.
- O le taimi lava e te ulufale ai, totogi le totogi masina mo le auaunaga.
- A uma ona e totogi, e te mauaina se imeli fa'amaonia pe a fa'atulaga lau server.
- O le isi o le a matou ulufale i totonu i le 'auʻaunaga ma amata faʻapipiʻi lau SMTP server e faʻaaoga Poste.io.
E mana'omia lou fa'aogaina ole igoa ole igoa (a'a) ma le fa'aupuga na e fa'atupu muamua e saini ai ile server ile SSH.
13. E mafai ona e fa'afeso'ota'i ma lau kalani SSH mana'omia, pei ole MobaXTerm po'o PuTTY.
A maeʻa ona e saini i totonu o le 'auʻaunaga, e te manaʻo e faʻafeiloaʻi i Poste.io ma faʻataʻitaʻi laasaga nei:
- Faʻapipiʻi le Docker Engine i luga o lau 'auʻaunaga Ubuntu e faʻaaoga ai faʻatonuga ma le faʻamatalaga vave amata iinei:
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
- E mafai foʻi ona e faʻapipiʻi le Docker Engine e faʻaaoga ai tulafono nei pe a le aoga le faʻamatalaga vave mo lau tufatufa Ubuntu:
Suo le talafeagai-maua le faʻafouina
sudo apt-get install \
ca-tusipasi \
pipi'i \
gnupg \
lsb-fa'asa'oloto
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg –dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
si'uleo \
"deb [arch=$(dpkg –print-architecture) saini-e=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) mautu” | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
Suo le talafeagai-maua le faʻafouina
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin
- Faʻamaonia le Docker Engine o loʻo tamoe ma le faʻatonuga lea e tatau ona faʻaalia Hello World ona tapuni lea o le pusa Docker:
sudo docker tamoe hello-world
17. La’u mai ma fa’agasolo le Dockerfile mai le Poste.io mai https://poste.io/doc/getting-started fa'aaoga le poloaiga o lo'o i lalo.
$ taufetuli ta'avale \
–net= talimalo \
-e TZ=Amerika/ New_York \
-v / your-data-dir/data:/data \
–igoa “mailserver” \
-h “mail.yourphishdomain.com” \
-t analogic/poste.io
E iai ni nai suiga e te mana'o e fai i lenei fa'atonuga:
- -e TZ=Amerika/ New_York Seti le sone taimi mo le aso sa'o
- -v /lou-fa'amatalaga-dir/fa'amatalaga:/fa'amatalaga Fa'amauina fa'amaumauga fa'amaumauga mai le fa'atonuga. Fa'amaumauga a tagata fa'aoga, imeli, ogalaau, o le a fa'ai'u uma i totonu o lenei fa'amaumauga mo se fa'amaumauga faigofie.
- –igoa”melimeli" Tafe le poste.io e pei o se atigipusa ma le igoa faʻamalamalamaina
- -h "mail.yourphishdomain.com" Igoa talimalo mo lau su'ega meli su'ega phish
Poste.io o le a taulimaina le faʻatulagaina o faiga saogalemu aupito lata mai, TLS, SPF, DKIM, ma DMARC e fai ma ou sui.
- Fa'aoga se mea faigaluega fa'amafana IP mo le itiiti ifo i le 72 itula a'o le'i faia fa'ata'ita'iga su'ega phish.
Lemlist e $29/mo, ma WarmupInbox e $9/mo, fa'asino ile IP Warming SOP mo fa'amatalaga.
Fa'amolemole va'ai la matou ta'iala "E fa'afefea ona fa'amafanafanaina se IP" mo iloiloga fa'amafanafana IP.
SOP: Faʻafefea ona faʻamafanafanaina se IP mo se imeli imeli fou
- Su'e le ta'uleleia o le IP e fa'aaoga ai le poste.io/dnsbl, mxtoolbox.com/blacklists.aspx po'o le dnsbl.info.
20. Su'e meli meli ma fa'ata'ita'iga imeli e fa'aaoga ai le mail-tester.com e fa'aleleia atili ai le fa'aolaina.
Fa'afefea ona Fa'atūina Lau Laupapa Su'ega Phish
21. Fausia pe saini i lau AWS Account
22. Asiasi ile lisi ole maketi ole GoPhish
23. Amata se fa'ata'ita'iga fua fa'atasi ma le lisi o maketi
24. Talia aiaiga ma tu'uina atu se 'au'aunaga GoPhish i totonu o lau fa'amatalaga AWS. Afai o loʻo e fatuina se tala fou, Amazon o le a faʻamaonia lau faʻamatalaga ma auina atu ia oe le faʻamaoniga ile imeli.
25. Ulufale i lau GoPhish dashboard e fa'aoga ai lou igoa ole igoa ma le ID fa'ata'ita'i.
26. Fa'atulaga lau Fa'amatalaga Tuuina atu e fa'aoga ai lau Poste.io SMTP server fou ile Contabo.
SMTP So'oga Fa'amatalaga
- talimalo: mail.yourphishdomain.com
- taulaga: 465 (TLS manaʻomia), 587 i se isi itu (STARTTLS manaʻomia)
- mana'omia le fa'amaoni
- igoa ole igoa ole tuatusi imeli atoa username@example.com
- 27. Seti lau Fa'asalalauga muamua.
- 28. Auina atu lau Fa'asalalauga muamua
E iai ni fesili? E mafai ona e va'ai i matou GoPhish fa'amaumauga iinei, pe aapa mai ia i matou mo se fesoasoani ile support@hailbytes.com
FESILI FESILI TOE
- talimalo: mail.yourphishdomain.com
- taulaga: 465 (TLS manaʻomia), 587 i se isi itu (STARTTLS manaʻomia)
- mana'omia le fa'amaoni
- igoa ole igoa ole tuatusi imeli atoa username@example.com
- 27. Seti lau Fa'asalalauga muamua.
- 28. Auina atu lau Fa'asalalauga muamua
E iai ni fesili? E mafai ona e va'ai i matou GoPhish fa'amaumauga iinei, pe aapa mai ia i matou mo se fesoasoani ile support@hailbytes.com