GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Hacked Passwords Are Over, Let the Spoofs Begin (https://gfy.com/showthread.php?t=109784)

nevermind 02-20-2003 06:25 AM
Hacked Passwords Are Over, Let the Spoofs Begin
 
About a year ago I noticed this pirate program called Zspoof, which basically fakes the referring url on htaccess and gives total access to a site.

Well, it's all over the pirate boards now, and they love it because the spoofs last a lot longer than hacked passwords which, with a few exceptions, tend to die pretty quickly.

The scariest thing is --- as far as I know --- there is no fix for Zspoof whatsoever, except dumping htaccess. A real nightmare for the content providers, among others.

DarkJedi 02-20-2003 06:28 AM
woo hoo !! free porn !!

nevermind 02-20-2003 06:30 AM
Quote:
Originally posted by DarkJedi
woo hoo !! free porn !!
Figures. Smart Ass. I'll delete the link then. Just thought some legit webmasters might want to check to see if their site is being spoofed.

But I forgot there are so many thieves here. Fuck it.

DarkJedi 02-20-2003 06:41 AM
Nigga don't hate

http://users.pandora.be/R4v3n/spoofs...of/spoofs3.txt

BigFrog 02-20-2003 06:43 AM
spoofing and the progs to do it have been around for a while....and yes there is a way to prevent it.

basically someone needs to know their target in order to spoof....if you dont publish the target then you've made it a bit harder for anyone to spoof you.
if you publish a members login on the web then dont use a members location that is easy to guess.
eventually though, if someone really wants in they will get in....most likely by carding your site and finding your members url.

J B 02-20-2003 06:45 AM
Programs like this have been out there for years... it's really easy to fake the referral URL...

nevermind 02-20-2003 06:48 AM
Quote:
Originally posted by J B
Programs like this have been out there for years... it's really easy to fake the referral URL...
Yeah, I know. But I've been seeing the average Joe Blow using it more and more lately. They hardly bother with hacked passwords anymore. That was my only point.

nevermind 02-20-2003 06:50 AM
Edit

nevermind 02-20-2003 07:12 AM
Quote:
Originally posted by BigFrog
spoofing and the progs to do it have been around for a while....and yes there is a way to prevent it.

basically someone needs to know their target in order to spoof....if you dont publish the target then you've made it a bit harder for anyone to spoof you.
if you publish a members login on the web then dont use a members location that is easy to guess.
eventually though, if someone really wants in they will get in....most likely by carding your site and finding your members url.


It probably helps a little, but not much. I've seen pirates use a hacked password to get the members' location. Then, once they have the location for the spoof, it doesn't matter if the password dies quickly.

And, of course, once they post the spoof, no one needs to bother with a password again.

Aus 02-20-2003 07:19 AM
Protecting on referer is a bad idea anyway imho.
Because the referer is sent from the client side, the client will always be able to spoof it.
You also saw this with formmail being abused by spammers, it only relied on the referer :(

I suggest content providers to move to some other form of authentication, unless the amount of spoofers is low enough to still make a good profit, however with this 'teqnique' getting more and more known the amount of spoofers will rise..


All times are GMT -7. The time now is 11:07 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123