DP Under PHISHING ATTACK, Protect Your Passwords ~ !!!!!!

Discussion in 'Support & Feedback' started by arpitagarwal82, Jan 18, 2008.

  1. lifetalk

    lifetalk Well-Known Member

    Messages:
    1,659
    Likes Received:
    44
    Best Answers:
    0
    Trophy Points:
    115
    #181
    Website is still up and accessible.
    Seems like hostgator never took it down in the first place.. eh? :D
     
    lifetalk, Jan 19, 2008 IP
  2. futhey

    futhey Peon

    Messages:
    389
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #182
    it is a phishing attack, as it submits the form via post to send.php.

    And if you'll check this link: http://forums.digitalpoint.com/send.php

    You can easily see that this isn't related to any vBulletin or DP Scripting.

    Also, very interesting is this piece of code:

    It's supposed to submit to http://forums.digitalpoint.com/login.php?do=login instead of http://forums-digitalpoint.com/send.php

    And something more interesting, I can't pull up a valid WHOIS on the domain. Has anyone successfully done this?

    Cameron: Have you checked the source of his site? Every time you load it, the images are loaded externally from DP. The only way I figure you'd be able to get his account flooded would be to count on a maximum number of simultaneous SQL connections, and keep submitting fake usernames and passwords, right? Or did you have something else in mind?

    I'm not too familliar with HostGator, so I'm not sure where their bottleneck would be on these sorts of things. I bet he's only using a few hundred K of storage and a few MB's in a DB really.
     
    futhey, Jan 19, 2008 IP
  3. wisdomtool

    wisdomtool Moderator Staff

    Messages:
    15,825
    Likes Received:
    1,367
    Best Answers:
    1
    Trophy Points:
    455
    #183
    I changed my password just in case because I received two such PMs, I guess those who receive better secure their passwords just for precautions.

     
    wisdomtool, Jan 19, 2008 IP
  4. jain

    jain Banned

    Messages:
    139
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #184
    great info son


    Thanks alot
     
    jain, Jan 19, 2008 IP
  5. The Emirates Gallastico

    The Emirates Gallastico Banned

    Messages:
    4,639
    Likes Received:
    182
    Best Answers:
    0
    Trophy Points:
    0
    #185
    Private WHOIS.
     
    The Emirates Gallastico, Jan 19, 2008 IP
  6. futhey

    futhey Peon

    Messages:
    389
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #186
    Great! Namecheap!

    Let's "Unprivatize" this person.

    We can just get Richard to spill on the billing data for whoever registered this domain.

    Edit:

    I'm pulling this from namecheap's whois:

    I know namecheap used to be an enom reseller, but they've recently been iCann accredited. Very odd, because my first theory was that it was a recently registered domain (Which it appears to be) but I thought recently registered Namecheap domains weren't through eNom anymore...

    Hmm...
     
    futhey, Jan 19, 2008 IP
  7. Napoleon

    Napoleon Peon

    Messages:
    732
    Likes Received:
    20
    Best Answers:
    0
    Trophy Points:
    0
    #187
    He can potentially make thousands through this attack. Lets hope it is solved soon.
     
    Napoleon, Jan 19, 2008 IP
  8. futhey

    futhey Peon

    Messages:
    389
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #188
    Hmm... I still don't get it though. What do you think the Phisher wants with these accounts? Do you seriously think he's waiting for a bunch of High iTrader accounts so that he can list his sites on the Buy/Sell/Trade forum and scam people?

    Seems like a lot of work to scam people if you ask me. DP users are usually pretty trusting of other users, unless you're dealing with a very large transaction, don't you think?
     
    futhey, Jan 19, 2008 IP
  9. wisdomtool

    wisdomtool Moderator Staff

    Messages:
    15,825
    Likes Received:
    1,367
    Best Answers:
    1
    Trophy Points:
    455
    #189
    Most likely someone who is banned and wanted to take revenge or something like that. But I think that person really spend a lot of efforts, imagine registering a new domain, making the domain look like DP.......programming etc

     
    wisdomtool, Jan 19, 2008 IP
  10. futhey

    futhey Peon

    Messages:
    389
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #190
    Exactly my point. Phishing for Forum Names just doesn't seem as profitable as say, phishing for Bank account logins, or credit card numbers.

    I've never really heard of Phishing for forum login information, except in specific circumstances, usually targeted at a certain member to steal their account and "get revenge" on them.

    But I can't think of a reason why someone would just blindly go after DP members.
     
    futhey, Jan 19, 2008 IP
  11. The Emirates Gallastico

    The Emirates Gallastico Banned

    Messages:
    4,639
    Likes Received:
    182
    Best Answers:
    0
    Trophy Points:
    0
    #191
    Because if they get account details of reputable members (high rep + iTrader) then they can scam for thousands of dollars.
     
    The Emirates Gallastico, Jan 19, 2008 IP
  12. wisdomtool

    wisdomtool Moderator Staff

    Messages:
    15,825
    Likes Received:
    1,367
    Best Answers:
    1
    Trophy Points:
    455
    #192
    Not quite, even I receive two such PMs and my ITrader = 0
    They seem to target everyone they can find

     
    wisdomtool, Jan 19, 2008 IP
  13. *Mayank*

    *Mayank* Notable Member

    Messages:
    2,154
    Likes Received:
    187
    Best Answers:
    0
    Trophy Points:
    280
    #193
    Just Make Sure. Any link to a thread in DP will not ask you to login. If asks you to login, there is something fishy........ :)
     
    *Mayank*, Jan 19, 2008 IP
  14. Scriptona

    Scriptona Notable Member

    Messages:
    4,957
    Likes Received:
    265
    Best Answers:
    0
    Trophy Points:
    280
    #194
    Well, the freak and panic that is happening now is a loss to DP somehow and this is something that he might wanted.

    Beside the fact that if few of the reputable members of this forum lose their accounts then the forum will not be as warm as it is :)

    I mean there are names that you used to see everyday and some of them might be gone by tomorrow
     
    Scriptona, Jan 19, 2008 IP
  15. Cameron [NetXHosting]

    Cameron [NetXHosting] Peon

    Messages:
    3,710
    Likes Received:
    81
    Best Answers:
    0
    Trophy Points:
    0
    #195
    They are no longer at HostGator, They moved companies... I emailed hostgator, They took the site down so they moved hosts.
     
    Cameron [NetXHosting], Jan 19, 2008 IP
  16. wisdomtool

    wisdomtool Moderator Staff

    Messages:
    15,825
    Likes Received:
    1,367
    Best Answers:
    1
    Trophy Points:
    455
    #196
    Frankly it does cause some uncertainty, I had initially requested some info from a few members, but when they send to me I deleted the PMs instead of clicking the links, just to be safe. This situation isn't good for the forum overall.
     
    wisdomtool, Jan 19, 2008 IP
  17. *Mayank*

    *Mayank* Notable Member

    Messages:
    2,154
    Likes Received:
    187
    Best Answers:
    0
    Trophy Points:
    280
    #197

    Whois the domain. It still points to Host Gator Nameservers.
     
    *Mayank*, Jan 19, 2008 IP
  18. futhey

    futhey Peon

    Messages:
    389
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #198
    Exactly what I was thinking. I think we're dealing with someone who is just generally miffed at the entire DP Community, maybe got banned or modded or scammed, or who knows what, and wants "revenge". Haha. I don't think they put a lot of thought into the fact that most everyone on the Buy/Sell/Trade forums is a web developer, who can spot a phishing attempt quick. Especially high iTrader users, who can only get high iTrader by buying and selling web developer related services, right? Is it unreasonable to say DP users with high iTrader are going to be hard to scam in this sense?

    I wouldn't be afraid of the PM's being in your inbox. As a matter of fact, I would go as far as saying that you shouldn't delete them. I assume moderators will want to review the questionable PM's sent by these users before they ban anyone, right?

    Whois records are rarely "Up to the minute", hence the reason I had so much trouble finding a record in the first place, and why domains can't be "instantly" updated. If the user has switched somewhere else though, I can attest I am still pulling up this page from a hostgator server (IP). We probably wouldn't know for sure how quickly we would even see the DNS update, and I guess the domain name (Which seems to be a great typo domain as well) is something the Phisher won't let go quietly. He'll probably try to transfer it to as many hosts as he need to to keep this up.

    I find it ironic that he's making his efforts with a domain that, just valued as a typo alone, would probably sell for $xxx here on DP, and maybe even sitepoint.

    Under different circumstances, I might have even bought that domain, just for the redirect traffic.
     
    futhey, Jan 19, 2008 IP
  19. massiva

    massiva Active Member

    Messages:
    699
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    78
    #199
    or for their emails
     
    massiva, Jan 19, 2008 IP
  20. Sunny

    Sunny Well-Known Member

    Messages:
    734
    Likes Received:
    21
    Best Answers:
    0
    Trophy Points:
    130
    #200
    Sunny, Jan 19, 2008 IP