| T O P I C R E V I E W |
| SiSL |
Posted - 13 December 2008 : 10:31:32
There is a new method for phishing for forum users. This often comes with in P.M's, however may as well work for normal threads, which may include Snitz as well.
This method uses putting an image link as with in [img]... It is method for asking for authentication on a server (such as password protected directories etc.) or password protected FTP's... Users who are not aware or familiar with web that much falls into this since they think it is their forum password/username. As they type it, it logs user/pass on attackers domain or IP.
I wonder if there is any solution for it. Ofcourse disabling images on boards might as well stop it but definitely not a solution.< |
| 15 L A T E S T R E P L I E S (Newest First) |
| SiSL |
Posted - 13 December 2008 : 18:35:35
Yes, so except Maxthon, all browsers fell into that...
Ofcourse users does not see any redirection and there is no need for that external image to be redirected as well. It is just users not to notice it is not "forum user and password" required. So had to do something for it.< |
| bobby131313 |
Posted - 13 December 2008 : 18:21:18
The method I posted is likely how this is happening. They redirect the image to a password protected page on their site and when their browser tries to retrieve it, the login box pops up. It's actually for the page the image is redirecting to, even though the user doesn't see any redirection.
< |
| SiSL |
Posted - 13 December 2008 : 18:05:52
You must be confusing malware with redirection or Cross Site Cookie exploits....
I'm just telling this scenerio does not work:
- I put an image to Snitz
- When I view that topic I posted my Image page I'm viewing will redirected to vBulletin page...
This just does not happen, unless I allow HTML or scripting in my forum or use somewhat buggy RTE...
What I pointed out is this:
http://www.chip.com.tr/testingimg/20081208234202.jpg (if you put this image into image tag, it will ask you a password and username (naturally) to show the image. It is confused by people as "forum asks for it"
I made a simple server-side php to check HTTP1.1 status (if OK) and check content-type, simply tunneling and redirecting images from there...
< |
| bobby131313 |
Posted - 13 December 2008 : 17:43:44
quote:
Does this image can redirect my entire browser page to any site?
Absolutely, the visitor just doesn't see it.
quote:
So what with the cookie?
What do you mean so what? These bastards stole thousands of dollars from me alone... that's so what.
eBay has litigation filed against some of these people and Digital Point forums over this crap. It's flat out theft.< |
| SiSL |
Posted - 13 December 2008 : 17:38:56
So what with the cookie? Does this image can redirect my entire browser page to any site?
< |
| bobby131313 |
Posted - 13 December 2008 : 17:31:07
quote:
with htaccess, you can redirect image to another image. Best example is doubleclick ads. However, no matter how redirection is made, they can't redirect entire web page if it is place on image tags. I do it on my server a lot for load balancing.
Like if it is <img src="x.jpg"> and if you redirect x.jpg to another html file or web page, people will just see an image placefolder, error that is not loading properly. Because browser will not able to render URL inside as an image.
if Image exists and if you can take image size and width on other server, that means you are not required authentication even it is redirected it IS an image and harmless...
You've just been eBay affiliate cookie stuffed using a broken image redirect using .htaccess to the eBay homepage. Check your cookies. 
<<redirection removed by bobby131313>>
Any redirection threat via a broken image is VERY real. Trust me.
quote:
This other fellow was saying that when his forum members clicked on a topic, that they were entirely removed from his site and landed on eBay for an auction different than the one which the post listed. Say, for instance, if one person posted an auction in the starting topic, and then someone posted a reply, but in the reply post, they had an image that wasn't there. He said that the replying member's .htaccess file redirected the unknowing visitor to the reply author's ebay auction.
No you misunderstood. The redirection happens invisibly to the visitor, other than the broken image graphic. Your server goes to fetch the image and the remote server .htaccess redirects where it's set to, in this case to the eBay home page with an affiliate tag. Every visitor that views the topic gets a 7 day eBay cookie stuffed.
< |
| SiSL |
Posted - 13 December 2008 : 12:11:39
Gotto love Maxthon, other browsers fell into that :p
Anyway, there is a solution for this ofcourse, getting headers by a priced product such ASP Tear 1.5 etc. AJAX seems only to work internal images and url's....
It is really easy with PHP fOpen command to check if file really exist. Doh, wish there is easier method with classic ASP< |
| Etymon |
Posted - 13 December 2008 : 11:17:00
E-mail sent.  < |
| Etymon |
Posted - 13 December 2008 : 11:13:30
OK, Let me contact him first. I'll send him the link to this thread and then let him take it from there.
< |
| SiSL |
Posted - 13 December 2008 : 11:07:05
Sure, and I'm looking ways to check images before loaded already...< |
| Etymon |
Posted - 13 December 2008 : 10:59:17
I can send you an e-mail of the fellow I am talking about. I really don't want his site to get bombarded by this issue if he doesn't have a resolve for it just yet.
< |
| SiSL |
Posted - 13 December 2008 : 10:57:16
quote:
Originally posted by Etymon
This other fellow was saying that when his forum members clicked on a topic, that they were entirely removed from his site and landed on eBay for an auction different than the one which the post listed. Say, for instance, if one person posted an auction in the starting topic, and then someone posted a reply, but in the reply post, they had an image that wasn't there. He said that the replying member's .htaccess file redirected the unknowing visitor to the reply author's ebay auction.
That's weird, cos I did a lot of tries with such thing. Currently I do redirection of images if "HotLinked" from other sites. So I tested redirection of images to another websites as well  It did not work. It may something else, like a Flash SWF? Embedded Object? Not sure if forum owner allowed such extensions (like Video extension etc.).< |
| Etymon |
Posted - 13 December 2008 : 10:53:37
This other fellow was saying that when his forum members clicked on a topic, that they were entirely removed from his site and landed on eBay for an auction different than the one which the post listed. Say, for instance, if one person posted an auction in the starting topic, and then someone posted a reply, but in the reply post, they had an image that wasn't there. He said that the replying member's .htaccess file redirected the unknowing visitor to the reply author's ebay auction.< |
| SiSL |
Posted - 13 December 2008 : 10:48:51
with htaccess, you can redirect image to another image. Best example is doubleclick ads. However, no matter how redirection is made, they can't redirect entire web page if it is place on image tags. I do it on my server a lot for load balancing.
Like if it is <img src="x.jpg"> and if you redirect x.jpg to another html file or web page, people will just see an image placefolder, error that is not loading properly. Because browser will not able to render URL inside as an image.
if Image exists and if you can take image size and width on other server, that means you are not required authentication even it is redirected it IS an image and harmless...< |
| Etymon |
Posted - 13 December 2008 : 10:46:41
I wonder that even if the image did exist on the other server, could their .htaccess file override the request for the file and still do the redirect?< |
