republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Spam, Scam and Phishbusters » [Phishing] ALERT!! New Vicious PAYPAL phishing
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Phish Tracker ·Anti-Phishing Work Group ·Avoid Phishing
[Spam] Spamcop »
« [Spam] It seems i all been getting spam from one domain all this  
AuthorAll Replies

tdumaine

join:2004-03-14
Redmond, WA
·Comcast

reply to MGD
Re: [Phishing] ALERT!! New Vicious PAYPAL phishing

Dude,

Say im runnin a paypal like service. Lets call it tompal.

Tompal has 2 servers that runs it. When you go to tompal, server #1 presents you with a login page. Server 1 checks your username/password with my server#2 wich contains all that.

Set server 2 up to not allow any connections other than from server 1.

Then the phishers in china wouldnt work cause server 2 wont auth to the outside world.

Why cant they set it up like this?
to forum · permalink · · 2006-05-08 16:24:39 · Reply to this

K Patterson
Premium,MVM
join:2006-03-12
Columbus, OH
·RoadRunner Cable

 Assuming that the Pay Pal system keeps the client database on a server different from their WWW server, that is exactly how it is set up.

The phisher does not access the database directly. It logs in to the WWW site just like any other PayPal member, using the user name and password which the yokel provides.

Until it bans the IP associated with the phisher, there is no way to separate this fake inquiry from a legitimate customer log-in.

I think it would have been better to have said "sceen scraper" in my earlier post.
to forum · permalink · · 2006-05-08 17:20:58 · Reply to this

MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL

 K Patterson See Profile is spot on, that is precisely how it works. A snippet of the source code confirms it. The phishers login.php script has a line: href="ht*tps://www.paypal.com/cgi-bin/webscr?cmd=_login-run

<html>
<head>
<title>PayPal - Log In</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="data.css" rel="stylesheet" type="text/css">
</head>

<body>
<TABLE width="620" height="68" border=0 align=center cellPadding=0 cellSpacing=0 class=main>
  <TBODY>
    <TR>
      <TD width="200" noWrap><A><IMG
      height=50 src="img/logo.gif" width=200
      border=0></A></TD>
      <TD>&nbsp;</TD>
      <TD width="161" align=right noWrap class=pptext><A href="https://www.paypal.com/cgi-bin/webscr?cmd=_registration-run"><strong>Sign&nbsp;Up</strong></A> | <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_login-run">Log&nbsp;In</a> | <A href="https://www.paypal.com/cgi-bin/webscr?cmd=_help-ext&source_page=p/gen/jobs-outside">Help</A></TD>
    </TR>
    <TR>
      <TD height="18" noWrap>&nbsp;</TD>
      <TD width="259">&nbsp;</TD>
      <TD class=pptext noWrap align=right>&nbsp;</TD>
    </TR>
  </TBODY>
</TABLE>
<table width="100%" height="63"  border="0" cellpadding="0" cellspacing="0" background="img/bg.gif">

Banning the IP would be an effective method to block this validation and retrieval process.

MGD
to forum · permalink · · 2006-05-08 19:40:33 · Reply to this
Forums » Up and Running » Security » Spam, Scam and Phishbusters[Spam] Spamcop »
« [Spam] It seems i all been getting spam from one domain all this  

Sunday, 08-Nov 19:33:47 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [156] Cable Uncapper Faces Criminal Charges
· [140] AT&T Sues Verizon Over 3G Ads
· [112] Why Run Fiber When You Can Run Ads That Pretend You Do?
· [108] Comcast Is Simply Getting Huge
· [93] Apple Cooking Up New $30 A Month TV Service?
· [83] Bits Of ACTA Agreement Leaking Out
· [80] Will 'Three Strikes' Come To The United States?
· [78] Verizon To Double Smartphone ETFs?
· [76] Verizon: Droid Tethering Will Cost $30 Extra
· [73] Comcast, NBC Deal Almost Complete
Most people now reading
· [Rant] Brand New 'Jasper' Xbox360 - RRoD Hardware Failure [Rants, Raves, and Praise]
· [Need Info] Looking for backup software... [Software]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· [WIN7] Which Services in Win 7 Have You Turned Off? [Microsoft Help]
· [NFL] Week 9 Games Thread [Sports Chat]
· Hit and run [General Questions]
· Connecting to Google Voice Via SIP [VOIP Tech Chat]
· Massive Slowdowns? [cover,1584]
· Why do they traumatize kids in Phys. Ed. in school? [Canadian Chat]