republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsJob BoardISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Spam, Scam and Phishbusters » [Phishing] ALERT!! New Vicious PAYPAL phishing
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Phish Tracker ·Anti-Phishing Work Group ·Avoid Phishing
[Spam] Spamcop »
« [Spam] It seems i all been getting spam from one domain all this  
AuthorAll Replies

tdumaine

join:2004-03-14
Redmond, WA
·Comcast

reply to MGD
Re: [Phishing] ALERT!! New Vicious PAYPAL phishing

Dude,

Say im runnin a paypal like service. Lets call it tompal.

Tompal has 2 servers that runs it. When you go to tompal, server #1 presents you with a login page. Server 1 checks your username/password with my server#2 wich contains all that.

Set server 2 up to not allow any connections other than from server 1.

Then the phishers in china wouldnt work cause server 2 wont auth to the outside world.

Why cant they set it up like this?
to forum · permalink · · 2006-05-08 16:24:39 · Reply to this

K Patterson
Premium,MVM
join:2006-03-12
Columbus, OH
·RoadRunner Cable

 Assuming that the Pay Pal system keeps the client database on a server different from their WWW server, that is exactly how it is set up.

The phisher does not access the database directly. It logs in to the WWW site just like any other PayPal member, using the user name and password which the yokel provides.

Until it bans the IP associated with the phisher, there is no way to separate this fake inquiry from a legitimate customer log-in.

I think it would have been better to have said "sceen scraper" in my earlier post.
to forum · permalink · · 2006-05-08 17:20:58 · Reply to this

MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL

 K Patterson See Profile is spot on, that is precisely how it works. A snippet of the source code confirms it. The phishers login.php script has a line: href="ht*tps://www.paypal.com/cgi-bin/webscr?cmd=_login-run

<html>
<head>
<title>PayPal - Log In</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="data.css" rel="stylesheet" type="text/css">
</head>

<body>
<TABLE width="620" height="68" border=0 align=center cellPadding=0 cellSpacing=0 class=main>
  <TBODY>
    <TR>
      <TD width="200" noWrap><A><IMG
      height=50 src="img/logo.gif" width=200
      border=0></A></TD>
      <TD>&nbsp;</TD>
      <TD width="161" align=right noWrap class=pptext><A href="https://www.paypal.com/cgi-bin/webscr?cmd=_registration-run"><strong>Sign&nbsp;Up</strong></A> | <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_login-run">Log&nbsp;In</a> | <A href="https://www.paypal.com/cgi-bin/webscr?cmd=_help-ext&source_page=p/gen/jobs-outside">Help</A></TD>
    </TR>
    <TR>
      <TD height="18" noWrap>&nbsp;</TD>
      <TD width="259">&nbsp;</TD>
      <TD class=pptext noWrap align=right>&nbsp;</TD>
    </TR>
  </TBODY>
</TABLE>
<table width="100%" height="63"  border="0" cellpadding="0" cellspacing="0" background="img/bg.gif">

Banning the IP would be an effective method to block this validation and retrieval process.

MGD
to forum · permalink · · 2006-05-08 19:40:33 · Reply to this
Forums » Up and Running » Security » Spam, Scam and Phishbusters[Spam] Spamcop »
« [Spam] It seems i all been getting spam from one domain all this  

Friday, 05-Dec 01:05:55 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 9 years online! © 1999-2008 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [125] AT&T Metered Billing Trial Hits Second Market
· [97] UDP BitTorrent Will Destroy The Interwebs!
· [94] Exclusive Screens Of Comcast's New Bandwidth Meter
· [93] AT&T Cutting 12,000 Jobs
· [90] EFF Challenges Telecom Immunity
· [83] Firefox Extension Leads Amazon Customers To Pirated Alternatives
· [70] Scott Cleland: Google Using 21x The Bandwidth They Pay For
· [63] Apple: Who Believes Our Ads Anyway?
· [62] Comcast Tries To Slow Verizon's Philly Entry
· [61] Comcast To Offer Bandwidth Use Tracker In January
Most people now reading
· IRS email scam - sooo close ;) [Security]
· Digital Transport Adapter Unboxing Photos [Comcast Cable TV]
· Always leave the Windows Firewall on? [Security]
· Nearly all Windows PCs are security risk [Security]
· [southeast] Will the tech install Fios where I want it? [Verizon Fiber Optics]
· Extjs grid combo box. [Webmasters and Developers]
· [WotLK] Starting the Rep Grind [World of Warcraft]
· [Update] Adobe Shockwave Player [Software]
· Setting up TIVO - Please Help ASAP. Thanks! [Verizon FIOS TV]
· Notice, new uTorrent Alpha may be able to evade throttling [TekSavvy]