There is a new method for phishing for forum users. This often comes with in P.M's, however may as well work for normal threads, which may include Snitz as well.
This method uses putting an image link as with in [img]... It is method for asking for authentication on a server (such as password protected directories etc.) or password protected FTP's... Users who are not aware or familiar with web that much falls into this since they think it is their forum password/username. As they type it, it logs user/pass on attackers domain or IP.

I wonder if there is any solution for it. Ofcourse disabling images on boards might as well stop it but definitely not a solution.<

Another member here on Snitz educated me on another issue ... again with images.
He said that someone can post a bogus link to an image that is supposed to be on the server that the link says the image is on but is not. Beforehand, they have programmed their .htaccess file to intercept all requests for that image. When your forum member clicks on the link to that post, your server goes to their server looking for the image, and their .htaccess redirects you to a new url on another site. It all happens seemlessly, so the person who clicks on the link doesn't even know what has happened.
I suppose the same thing could happen in your situation where they could do the same but redirect the person to a mock up of the site that they are using at the time, and then require a username and password for access. After "logging in" they are redirected back to the site they are supposed to be on, and they never know anything different. Yet, the perp now has their credentials.
I'm looking into disabling images for my sites.<

Good method fighting against this, would be checking image width and size before showing it to user. But I don't know any fast way for doing that. May be server to check images after every post? Would be easy with client side javascript but not that sure with server-side.
Normally, with .htaccess, you can't redirect pages if link is with in "<img src=" code though.<

I wonder that even if the image did exist on the other server, could their .htaccess file override the request for the file and still do the redirect?<

with htaccess, you can redirect image to another image. Best example is doubleclick ads. However, no matter how redirection is made, they can't redirect entire web page if it is place on image tags. I do it on my server a lot for load balancing.
Like if it is <img src="x.jpg"> and if you redirect x.jpg to another html file or web page, people will just see an image placefolder, error that is not loading properly. Because browser will not able to render URL inside as an image.
if Image exists and if you can take image size and width on other server, that means you are not required authentication even it is redirected it IS an image and harmless...<

This other fellow was saying that when his forum members clicked on a topic, that they were entirely removed from his site and landed on eBay for an auction different than the one which the post listed. Say, for instance, if one person posted an auction in the starting topic, and then someone posted a reply, but in the reply post, they had an image that wasn't there. He said that the replying member's .htaccess file redirected the unknowing visitor to the reply author's ebay auction.<

Originally posted by Etymon
This other fellow was saying that when his forum members clicked on a topic, that they were entirely removed from his site and landed on eBay for an auction different than the one which the post listed. Say, for instance, if one person posted an auction in the starting topic, and then someone posted a reply, but in the reply post, they had an image that wasn't there. He said that the replying member's .htaccess file redirected the unknowing visitor to the reply author's ebay auction.

That's weird, cos I did a lot of tries with such thing. Currently I do redirection of images if "HotLinked" from other sites. So I tested redirection of images to another websites as well It did not work. It may something else, like a Flash SWF? Embedded Object? Not sure if forum owner allowed such extensions (like Video extension etc.).<

I can send you an e-mail of the fellow I am talking about. I really don't want his site to get bombarded by this issue if he doesn't have a resolve for it just yet. <

Sure, and I'm looking ways to check images before loaded already...<

OK, Let me contact him first. I'll send him the link to this thread and then let him take it from there. <

E-mail sent. <

Gotto love Maxthon, other browsers fell into that :p

Anyway, there is a solution for this ofcourse, getting headers by a priced product such ASP Tear 1.5 etc. AJAX seems only to work internal images and url's....
It is really easy with PHP fOpen command to check if file really exist. Doh, wish there is easier method with classic ASP<

This other fellow was saying that when his forum members clicked on a topic, that they were entirely removed from his site and landed on eBay for an auction different than the one which the post listed. Say, for instance, if one person posted an auction in the starting topic, and then someone posted a reply, but in the reply post, they had an image that wasn't there. He said that the replying member's .htaccess file redirected the unknowing visitor to the reply author's ebay auction.

No you misunderstood. The redirection happens invisibly to the visitor, other than the broken image graphic. Your server goes to fetch the image and the remote server .htaccess redirects where it's set to, in this case to the eBay home page with an affiliate tag. Every visitor that views the topic gets a 7 day eBay cookie stuffed. <

So what with the cookie? Does this image can redirect my entire browser page to any site?
<

So what with the cookie?

What do you mean so what? These bastards stole thousands of dollars from me alone... that's so what.
eBay has litigation filed against some of these people and Digital Point forums over this crap. It's flat out theft.<

You must be confusing malware with redirection or Cross Site Cookie exploits....
I'm just telling this scenerio does not work:

- I put an image to Snitz
- When I view that topic I posted my Image page I'm viewing will redirected to vBulletin page...
This just does not happen, unless I allow HTML or scripting in my forum or use somewhat buggy RTE...
What I pointed out is this:
http://www.chip.com.tr/testingimg/20081208234202.jpg (if you put this image into image tag, it will ask you a password and username (naturally) to show the image. It is confused by people as "forum asks for it"

I made a simple server-side php to check HTTP1.1 status (if OK) and check content-type, simply tunneling and redirecting images from there...




<

The method I posted is likely how this is happening. They redirect the image to a password protected page on their site and when their browser tries to retrieve it, the login box pops up. It's actually for the page the image is redirecting to, even though the user doesn't see any redirection.
<

Yes, so except Maxthon, all browsers fell into that... Ofcourse users does not see any redirection and there is no need for that external image to be redirected as well. It is just users not to notice it is not "forum user and password" required. So had to do something for it.<