| Author |
 Topic  |
|
SiSL
Average Member
Turkey
671 Posts |
 Posted - 13 December 2008 : 10:31:32
|
There is a new method for phishing for forum users. This often comes with in P.M's, however may as well work for normal threads, which may include Snitz as well.
This method uses putting an image link as with in [img]... It is method for asking for authentication on a server (such as password protected directories etc.) or password protected FTP's... Users who are not aware or familiar with web that much falls into this since they think it is their forum password/username. As they type it, it logs user/pass on attackers domain or IP.
I wonder if there is any solution for it. Ofcourse disabling images on boards might as well stop it but definitely not a solution.< |
CHIP Online Forum
My Mods
Select All Code | Fix a vulnerability for your private messages | Avatar Categories W/ Avatar Gallery Mod | Complaint Manager
Admin Level Revisited | Merge Forums | No More Nested Quotes Mod
|
Edited by - SiSL on 13 December 2008 10:33:05 |
|
|
Etymon
Advanced Member
United States
2385 Posts |
Posted - 13 December 2008 : 10:41:27
|
Another member here on Snitz educated me on another issue ... again with images.
He said that someone can post a bogus link to an image that is supposed to be on the server that the link says the image is on but is not. Beforehand, they have programmed their .htaccess file to intercept all requests for that image. When your forum member clicks on the link to that post, your server goes to their server looking for the image, and their .htaccess redirects you to a new url on another site. It all happens seemlessly, so the person who clicks on the link doesn't even know what has happened.
I suppose the same thing could happen in your situation where they could do the same but redirect the person to a mock up of the site that they are using at the time, and then require a username and password for access. After "logging in" they are redirected back to the site they are supposed to be on, and they never know anything different. Yet, the perp now has their credentials.
I'm looking into disabling images for my sites.< |
Edited by - Etymon on 13 December 2008 10:45:22 |
 |
|
|
SiSL
Average Member
Turkey
671 Posts |
|
|
Etymon
Advanced Member
United States
2385 Posts |
Posted - 13 December 2008 : 10:46:41
|
| I wonder that even if the image did exist on the other server, could their .htaccess file override the request for the file and still do the redirect?< |
Edited by - Etymon on 13 December 2008 10:47:06 |
|
|
|
SiSL
Average Member
Turkey
671 Posts |
|
|
Etymon
Advanced Member
United States
2385 Posts |
Posted - 13 December 2008 : 10:53:37
|
| This other fellow was saying that when his forum members clicked on a topic, that they were entirely removed from his site and landed on eBay for an auction different than the one which the post listed. Say, for instance, if one person posted an auction in the starting topic, and then someone posted a reply, but in the reply post, they had an image that wasn't there. He said that the replying member's .htaccess file redirected the unknowing visitor to the reply author's ebay auction.< |
|
|
|
SiSL
Average Member
Turkey
671 Posts |
Posted - 13 December 2008 : 10:57:16
|
quote:
Originally posted by Etymon
This other fellow was saying that when his forum members clicked on a topic, that they were entirely removed from his site and landed on eBay for an auction different than the one which the post listed. Say, for instance, if one person posted an auction in the starting topic, and then someone posted a reply, but in the reply post, they had an image that wasn't there. He said that the replying member's .htaccess file redirected the unknowing visitor to the reply author's ebay auction.
That's weird, cos I did a lot of tries with such thing. Currently I do redirection of images if "HotLinked" from other sites. So I tested redirection of images to another websites as well  It did not work. It may something else, like a Flash SWF? Embedded Object? Not sure if forum owner allowed such extensions (like Video extension etc.).< |
CHIP Online Forum
My Mods
Select All Code | Fix a vulnerability for your private messages | Avatar Categories W/ Avatar Gallery Mod | Complaint Manager
Admin Level Revisited | Merge Forums | No More Nested Quotes Mod
|
Edited by - SiSL on 13 December 2008 10:58:25 |
|
|
|
Etymon
Advanced Member
United States
2385 Posts |
Posted - 13 December 2008 : 10:59:17
|
I can send you an e-mail of the fellow I am talking about. I really don't want his site to get bombarded by this issue if he doesn't have a resolve for it just yet.
< |
|
|
|
SiSL
Average Member
Turkey
671 Posts |
|
|
Etymon
Advanced Member
United States
2385 Posts |
Posted - 13 December 2008 : 11:13:30
|
OK, Let me contact him first. I'll send him the link to this thread and then let him take it from there.
< |
|
|
|
Etymon
Advanced Member
United States
2385 Posts |
Posted - 13 December 2008 : 11:17:00
|
E-mail sent.  < |
|
|
|
SiSL
Average Member
Turkey
671 Posts |
|
|
bobby131313
Senior Member
USA
1163 Posts |
Posted - 13 December 2008 : 17:31:07
|
quote:
with htaccess, you can redirect image to another image. Best example is doubleclick ads. However, no matter how redirection is made, they can't redirect entire web page if it is place on image tags. I do it on my server a lot for load balancing.
Like if it is <img src="x.jpg"> and if you redirect x.jpg to another html file or web page, people will just see an image placefolder, error that is not loading properly. Because browser will not able to render URL inside as an image.
if Image exists and if you can take image size and width on other server, that means you are not required authentication even it is redirected it IS an image and harmless...
You've just been eBay affiliate cookie stuffed using a broken image redirect using .htaccess to the eBay homepage. Check your cookies. 
<<redirection removed by bobby131313>>
Any redirection threat via a broken image is VERY real. Trust me.
quote:
This other fellow was saying that when his forum members clicked on a topic, that they were entirely removed from his site and landed on eBay for an auction different than the one which the post listed. Say, for instance, if one person posted an auction in the starting topic, and then someone posted a reply, but in the reply post, they had an image that wasn't there. He said that the replying member's .htaccess file redirected the unknowing visitor to the reply author's ebay auction.
No you misunderstood. The redirection happens invisibly to the visitor, other than the broken image graphic. Your server goes to fetch the image and the remote server .htaccess redirects where it's set to, in this case to the eBay home page with an affiliate tag. Every visitor that views the topic gets a 7 day eBay cookie stuffed.
< |
Switch the order of your title tags |
Edited by - bobby131313 on 13 December 2008 18:21:53 |
|
|
|
SiSL
Average Member
Turkey
671 Posts |
|
|
bobby131313
Senior Member
USA
1163 Posts |
Posted - 13 December 2008 : 17:43:44
|
quote:
Does this image can redirect my entire browser page to any site?
Absolutely, the visitor just doesn't see it.
quote:
So what with the cookie?
What do you mean so what? These bastards stole thousands of dollars from me alone... that's so what.
eBay has litigation filed against some of these people and Digital Point forums over this crap. It's flat out theft.< |
Switch the order of your title tags |
Edited by - bobby131313 on 13 December 2008 17:45:09 |
|
|
|
SiSL
Average Member
Turkey
671 Posts |
|
|
Topic |
|
New Threat of forum phishing
