Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Interesting forum attack seen elsewhere  (Read 2315 times)

broadstairs

  • Kitizen
  • ****
  • Posts: 3264
Interesting forum attack seen elsewhere
« on: December 11, 2013, 12:06:34 PM »

Another forum I frequent has today seen an attack where a new user posted a seemingly valid thread with a link to show his problem, when you clicked on this link it displayed an identical page to the standard forum requesting you logged in again attempting to trick the user into thinking they had been logged out, if you entered a user/password and hit enter it took you back to the genuine forum start page. Needless to say if you did check the url it was not the correct one but I wonder how many folks actually always check this at login time. Not sure if they wanted to hijack the forum in some way or merely harvest user/password combinations which may have been used for say a banking application or the like.

Stuart
Logged
ISP:TalkTalk Connection:FTTC Cab:ECI Router:Netgear D6220

door_bell

  • Member
  • **
  • Posts: 78
Re: Interesting forum attack seen elsewhere
« Reply #1 on: December 11, 2013, 12:21:37 PM »

I wonder how that works with autocomplete in browsers?

Would it detect the site is different and not autocomplete? I rarely bother to enter passwords anymore, but certainly one to watch out for!!
Logged

roseway

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 39586
  • Penguins CAN fly
    • DSLstats
Re: Interesting forum attack seen elsewhere
« Reply #2 on: December 11, 2013, 01:10:35 PM »

It sounds like another attempt to harvest people's username/password combinations.

Browser saved passwords are linked to particular web addresses, so I don't think that the dummy site will be able to use them unless the user actually enters them again.
Logged
  Eric

broadstairs

  • Kitizen
  • ****
  • Posts: 3264
Re: Interesting forum attack seen elsewhere
« Reply #3 on: December 11, 2013, 10:48:34 PM »

Thing is though auto-complete does not ALWAYS function so sometimes I have to enter user and/or passwords... it can be turned off on a web page.

Stuart
« Last Edit: December 11, 2013, 11:05:33 PM by broadstairs »
Logged
ISP:TalkTalk Connection:FTTC Cab:ECI Router:Netgear D6220

ryant704

  • Reg Member
  • ***
  • Posts: 318
Re: Interesting forum attack seen elsewhere
« Reply #4 on: December 12, 2013, 12:05:20 PM »

You could type your passwords in, it isn't a key logger.

It's phishing website as you click 'Login' your Username and Email will be emailed to a email address the phisher has specified. Alternatively it will add a string into his .html file on his FTP server.
Logged

BritBrat

  • Kitizen
  • ****
  • Posts: 1356
Re: Interesting forum attack seen elsewhere
« Reply #5 on: December 12, 2013, 12:40:46 PM »

Don't think that would work with me, as my logins are URL specific.
Logged

broadstairs

  • Kitizen
  • ****
  • Posts: 3264
Re: Interesting forum attack seen elsewhere
« Reply #6 on: December 12, 2013, 01:08:11 PM »

It wont work with any auto complete unless they spoof the address in the url bar some way, however it is possible for a website to stop any automatic filling in of user and password combinations and in this case people can be fooled into doing it manually. The particular forum it happened on does not prevent auto completion so in that case it might raise an eyebrow to the user. I suspect the reason was to harvest user/password combinations which might work elsewhere as so many folks on the net user the same combinations for all their logins.

Stuart
Logged
ISP:TalkTalk Connection:FTTC Cab:ECI Router:Netgear D6220
 

anything