DP Under PHISHING ATTACK, Protect Your Passwords ~ !!!!!!

Website is still up and accessible.
Seems like hostgator never took it down in the first place.. eh?

 

it is a phishing attack, as it submits the form via post to send.php.

And if you'll check this link: http://forums.digitalpoint.com/send.php

You can easily see that this isn't related to any vBulletin or DP Scripting.

Also, very interesting is this piece of code:

It's supposed to submit to http://forums.digitalpoint.com/login.php?do=login instead of http://forums-digitalpoint.com/send.php

And something more interesting, I can't pull up a valid WHOIS on the domain. Has anyone successfully done this?

Cameron: Have you checked the source of his site? Every time you load it, the images are loaded externally from DP. The only way I figure you'd be able to get his account flooded would be to count on a maximum number of simultaneous SQL connections, and keep submitting fake usernames and passwords, right? Or did you have something else in mind?

I'm not too familliar with HostGator, so I'm not sure where their bottleneck would be on these sorts of things. I bet he's only using a few hundred K of storage and a few MB's in a DB really.

 

great info son


Thanks alot

 

Private WHOIS.

 

Great! Namecheap!

Let's "Unprivatize" this person.

We can just get Richard to spill on the billing data for whoever registered this domain.

Edit:

I'm pulling this from namecheap's whois:

I know namecheap used to be an enom reseller, but they've recently been iCann accredited. Very odd, because my first theory was that it was a recently registered domain (Which it appears to be) but I thought recently registered Namecheap domains weren't through eNom anymore...

Hmm...

 

He can potentially make thousands through this attack. Lets hope it is solved soon.

 

Hmm... I still don't get it though. What do you think the Phisher wants with these accounts? Do you seriously think he's waiting for a bunch of High iTrader accounts so that he can list his sites on the Buy/Sell/Trade forum and scam people?

Seems like a lot of work to scam people if you ask me. DP users are usually pretty trusting of other users, unless you're dealing with a very large transaction, don't you think?

 

Exactly my point. Phishing for Forum Names just doesn't seem as profitable as say, phishing for Bank account logins, or credit card numbers.

I've never really heard of Phishing for forum login information, except in specific circumstances, usually targeted at a certain member to steal their account and "get revenge" on them.

But I can't think of a reason why someone would just blindly go after DP members.

 

Because if they get account details of reputable members (high rep + iTrader) then they can scam for thousands of dollars.

 

Just Make Sure. Any link to a thread in DP will not ask you to login. If asks you to login, there is something fishy........

 

Well, the freak and panic that is happening now is a loss to DP somehow and this is something that he might wanted.

Beside the fact that if few of the reputable members of this forum lose their accounts then the forum will not be as warm as it is

I mean there are names that you used to see everyday and some of them might be gone by tomorrow

 

They are no longer at HostGator, They moved companies... I emailed hostgator, They took the site down so they moved hosts.

 

Whois the domain. It still points to Host Gator Nameservers.

 

Exactly what I was thinking. I think we're dealing with someone who is just generally miffed at the entire DP Community, maybe got banned or modded or scammed, or who knows what, and wants "revenge". Haha. I don't think they put a lot of thought into the fact that most everyone on the Buy/Sell/Trade forums is a web developer, who can spot a phishing attempt quick. Especially high iTrader users, who can only get high iTrader by buying and selling web developer related services, right? Is it unreasonable to say DP users with high iTrader are going to be hard to scam in this sense?

I wouldn't be afraid of the PM's being in your inbox. As a matter of fact, I would go as far as saying that you shouldn't delete them. I assume moderators will want to review the questionable PM's sent by these users before they ban anyone, right?

Whois records are rarely "Up to the minute", hence the reason I had so much trouble finding a record in the first place, and why domains can't be "instantly" updated. If the user has switched somewhere else though, I can attest I am still pulling up this page from a hostgator server (IP). We probably wouldn't know for sure how quickly we would even see the DNS update, and I guess the domain name (Which seems to be a great typo domain as well) is something the Phisher won't let go quietly. He'll probably try to transfer it to as many hosts as he need to to keep this up.

I find it ironic that he's making his efforts with a domain that, just valued as a typo alone, would probably sell for $xxx here on DP, and maybe even sitepoint.

Under different circumstances, I might have even bought that domain, just for the redirect traffic.

 

or for their emails

 

Looks like Dolin has created a new account on DP as Dolin8. [ http://forums.digitalpoint.com/showthread.php?t=661586 ]