Just couple of days ago, we discovered a certain Maybank Phishing kit that limits access to only IP address from Malaysia. The phishing kit is hosted in a server in the US. This is basically done via the .htaccess file.
Directory of C:\temp\xyz\xyz\m2u\abc 07/04/2011 12:43 PM . 07/04/2011 12:43 PM .. 27/01/2011 01:12 AM 8,701 HTACCE~1 .htaccess 26/01/2011 03:44 PM 877 acc.php 27/01/2011 04:51 PM 870 favicon.jpg 15/01/2011 09:00 AM 16,372 M2ULOG~1.PHP M2ULogin.do.php 26/08/2010 11:21 AM 14,745 MAYBAN~1.PHP Maybanksecure.php 26/08/2010 11:50 AM 14,632 RE-ACT~1.PHP re-activate.php 04/10/2010 12:44 PM 518 SSLACT~1.PHP sslactivate.php 26/01/2011 03:41 PM 572 SSLVER~1.PHP sslverify.php 27/07/2010 09:32 PM 2,530 TACREQ~1.PHP tacrequested.php 26/01/2011 03:41 PM 543 VALIDA~1.PHP validating.php 26/01/2011 03:41 PM 21,301 VERIFY~1.PHP verifydetails.php 11 File(s) 81,661 bytes
There is about 300 network addresses listed in the .htaccess file and makes other anti-phishing researchers think that site does not exit.
On another note, do make use of our DontPhishMe plugin for Firefox and Chrome!