Stealing passwords phpbb - A fix

[zaros64]

what some people do is make a flash document, code it so when its opened it opens a new window..
the put in it their signature so when it opens a new window the copy the skin of the forum and say you have to login
User name:
Pass word:
when you type it in it emails them your password

how to keep your forum safe..
disable flash in signatures and in posts :D

 

[stscac]

Can you go a little more in depth, maybe an example?

-Steve

 

[Wybe]

What they do is have a sig that takes you (unknowingly) to a false page, that is actually out to steal your password. What they make you do is log-in to *that* instead of the safe and original phpBB

 

[zaros64]

Can you go a little more in depth, maybe an example?

-Steve

someone signs up.. downloads your layout then edits it to a page that says username and password in a form... but they host it on their own server(secretly that file doesn't log you in it steals your password).. then they make a flash document whichs opens that page in a new window, so everyone will be like.. hey ... then they get everyones password etc,etc

 

[stscac]

Yeah, sounds like a poor phishing attempt to me :td:

-Steve

 

[iNod]

Yeah, sounds like a poor phishing attempt to me :td:

-Steve

Pretty much :hehe:

But people fall for it.

iNod

 

[stscac]

Yep. They sure do. Look at those ebay scams :td:

-Steve

 

[dongan]

All that will be enough by securing Https and SSL.

 

[zaros64]

All that will be enough by securing Https and SSL.

whos gunna put a security certificate on a forum though.. best to disable flash on your forum.. its as simple as that

 

[dongan]

whos gunna put a security certificate on a forum though.. best to disable flash on your forum.. its as simple as that

might be true.