Phishing once again… solution?

GENERAL CHAT
Author
janjanjan
Good Poster
Added: Dec 04, 2008 1:16 pm
Phishing must be a real pain in the ass for the mods. I’m pretty sure lots of RS account holders get their logins stolen. The preview pic looks good…click, click… login stolen… It looks endless. Maybe this could help the phishing problem, or at least make it more controllable. Since most of the time the phishing assholes post their links in their very first posts (=threads), it could help to limit new members posting rights. Lets say a member must have at least 10/20 posts before being able to start a thread. This way the mods get an idea of what new members are about and it makes it less attractive for them to post their links here. They have to make an effort to get posting rights.
I don’t see any technical problems in the application of this posting limit. Solution or just another idea?
andylo
Godfather of Forumophilia
Added: Dec 04, 2008 2:29 pm
Rapidshare now offers to their premium account holders a very effective tool to prevent that phisings ... the SECURITY LOCK.

Wink
janjanjan
Good Poster
Added: Dec 04, 2008 2:40 pm
I know. But does this lock prevents logins to be stolen...
Monkey D. Ruffy
Very Respected VIP club member
Added: Dec 04, 2008 2:45 pm
andylo wrote:
Rapidshare now offers to their premium account holders a very effective tool to prevent that phisings ... the SECURITY LOCK.

Wink


Yup.
Once activated the phishers can't do anything with the hijacked account.

janjanjan wrote:
Since most of the time the phishing assholes post their links in their very first posts (=threads), it could help to limit new members posting rights. Lets say a member must have at least 10/20 posts before being able to start a thread.


Was discussed with the staff earlier, but won't help. They will post their faked rs links in other threads and/or post 10/20 meaningless thanks and start posting their threads afterwards.

Monkey D. Ruffy
janjanjan
Good Poster
Added: Dec 04, 2008 3:05 pm
To bad. I hoped this could make the problem a little less. So in the end its up to RS account holders. Be carefull what you do, check the links and make sure to be signed in before downloading.
Monkey D. Ruffy
Very Respected VIP club member
Added: Dec 04, 2008 3:15 pm
janjanjan wrote:
To bad. I hoped this could make the problem a little less. So in the end its up to RS account holders. Be carefull what you do, check the links and make sure to be signed in before downloading.


I'll edit my guide to rs soon (have to do new screenshots).

https://www.forumophilia.com/topic51528.html

If you follow these tips you should be safe (or at least, with an activated lock, the phishers can't do anything with your hijacked account).

Monkey D. Ruffy
Monkey D. Ruffy
Very Respected VIP club member
Added: Dec 04, 2008 3:47 pm
Found that one minutes ago (thanks to the member who reported it).

See pic 1: Lousy coded fake, nobody should fall for it.

Pic 2 shows the real rs login (German language, cause RS redirects me to the German login page; so it's really easy for me to identify phishing links: If I get an English login = Phishing).

Monkey D. Ruffy
janjanjan
Good Poster
Added: Dec 04, 2008 4:44 pm
Well done Monkey D. Ruffy, very good info. I suggested this before and do it again. Why not use this info as a sticky? Right now members have to search for this info, it should be visible on every section on the forum.
humlan
Respected Poster
Added: Dec 04, 2008 5:29 pm
Monkey D. Ruffy wrote:
andylo wrote:
Rapidshare now offers to their premium account holders a very effective tool to prevent that phisings ... the SECURITY LOCK.

Wink


Yup.
Once activated the phishers can't do anything with the hijacked account.

True!

janjanjan wrote:
I know. But does this lock prevents logins to be stolen...

No, if your login details are stolen they still have access to your RS account!

Monkey D. Ruffy wrote:
janjanjan wrote:
Since most of the time the phishing assholes post their links in their very first posts (=threads), it could help to limit new members posting rights. Lets say a member must have at least 10/20 posts before being able to start a thread.


Was discussed with the staff earlier, but won't help. They will post their faked rs links in other threads and/or post 10/20 meaningless thanks and start posting their threads afterwards.

Monkey D. Ruffy


How about disable new members right to post at all? Wink

I've reported phishers a few times - if I'm logged in and see an obvious phishing attempt it takes five seconds to do so. The mods are usually very quick to ban the user and remove the post. So far so good!

BUT, a few minutes later the phisher logs in with a different username and starts posting the same crap - and so it continues over and over again... Rolling Eyes

I don't know how well prepared they are, but would it make any difference if they can't post anything at all for the first 2-3 days from registration?
Monkey D. Ruffy
Very Respected VIP club member
Added: Dec 04, 2008 5:30 pm
janjanjan wrote:
Well done Monkey D. Ruffy, very good info. I suggested this before and do it again. Why not use this info as a sticky? Right now members have to search for this info, it should be visible on every section on the forum.


See my sig?!?

There's a link to my rapidshare guide (sure old version, but will be renewed soon).

But I can't force members to read it.
And stickies won't help. Some members (mostly new ones, but few old stagers as well) here haven't read the rules about image hoster yet (and get warnings for using non-allowed ones).

Monkey D. Ruffy
Monkey D. Ruffy
Very Respected VIP club member
Added: Dec 04, 2008 5:46 pm
humlan wrote:

How about disable new members right to post at all? Wink

I've reported phishers a few times - if I'm logged in and see an obvious phishing attempt it takes five seconds to do so. The mods are usually very quick to ban the user and remove the post. So far so good!

BUT, a few minutes later the phisher logs in with a different username and starts posting the same crap - and so it continues over and over again... Rolling Eyes

I don't know how well prepared they are, but would it make any difference if they can't post anything at all for the first 2-3 days from registration?


I know.
Banned a stupid phisher five times today (was the same moron as yesterday; he posted between 8:00 and 10:00 GMT).
And I've reported his fake site to the webmasters of the hosting site as well (the one of yesterday is already dead, the one of today will die soon; ripway is very cooperative deleting phishing sites Smile).

But if they can't post for one or two days, they will create accounts, let them rest for the waiting period, and then start posting.

Was spying on a hacker board and they know, most of the premium rs users are active on file-sharing boards (irrelevant if moviez, music or adult).
So they won't stop phishing here (one of the largest boards of the web). It's nearly the same as IRL.

You will only go fishing where the fish is.

That's all.

Monkey D. Ruffy
janjanjan
Good Poster
Added: Dec 04, 2008 5:51 pm
So in conclusion there's nothing that can be done except being carefull Confused
Monkey D. Ruffy
Very Respected VIP club member
Added: Dec 04, 2008 6:00 pm
janjanjan wrote:
So in conclusion there's nothing that can be done except being carefull Confused


Yup. It's the same, when you cross the road: Look left - right - and left again (UK and Japanese vice versa of course Wink).

One simple rule: Don't enter any login information if you aren't as safe as houses that it is the real one.

No more, no less.

Monkey D. Ruffy
blackcoyote
I'm probably spamming
Added: Dec 04, 2008 7:46 pm
Best advise is to ONLY login directly at the RS site, before you start downloading anything and set your preferences to automatic downloads.
Once that is done, you will only see "Download as Free or Premium user" page if it is a phishing scam.