|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
08-03-2002, 04:43 PM
|
#1 |
|
So Fucking Banned
Join Date: Feb 2002
Posts: 1,371
|
Any hackers here?
This motherfucker is trying to steal people's PayPal login's.
They've done something very clever ... they send out this address: https://www.paypal.com/wf/f=ra But the actually href address is: http://www.paypal.com.wf63GDY3jha8n3...202/login.html It all appears to be PayPal but in fact you're entering your details at: 66.175.57.202/login.html I've done a reverse lookup and this is the info for that IP: 16 421 ms 250 ms 291 ms abac-gw.customer.alter.net [157.130.240.102] 17 201 ms 170 ms 180 ms core01.san-diego.abac.net [216.55.138.242] 18 171 ms 190 ms 180 ms milkersoft.com [66.175.57.202] I did a view source and basically when you submit form it runs http://66.175.57.202/pp.php But since that's server-side I can't view what it's doing. Does anyone know how to view this PHP code and see where these motherfuckers are sending the information? I know someone who got scammed. Let's shut them down. Cheers |
|
|
|
08-03-2002, 04:49 PM
|
#2 |
|
we'll miss you our friend. RIP
Industry Role:
Join Date: Sep 2001
Location: Fernie, BC
Posts: 25,115
|
i've seen this type of thing before. there was an article posted here month's ago - maybe someone has it in their bookmarks?
__________________
we'll miss you our friend. RIP |
|
|
|
|
08-03-2002, 04:51 PM
|
#3 |
|
OU812
Join Date: Feb 2001
Location: California
Posts: 12,651
|
The dam FBI will be knocking there door down... Or some other police Dept. in some fucked up country. Some ones is a real dumb ass to do this... Not smart at all... Stupid... And I might add, you would not want to hack that site... I would NOT even visit the dam thing if I were you...
__________________
Epic CashEpic Cash works for me Solar Cash Paysite Plugin Gallery of the day freesites,POTD,Gallery generator with free hosting |
|
|
|
|
08-03-2002, 04:53 PM
|
#4 |
|
Confirmed User
Join Date: Apr 2002
Location: Houston
Posts: 5,651
|
no way to view the php code itself but my guess would be they are storing all the login/passes in a database, logging in to the accounts, sending the money to another account.
|
|
|
|
|
08-03-2002, 05:01 PM
|
#5 | |
|
So Fucking Banned
Join Date: Feb 2002
Posts: 1,371
|
Quote:
we can always do loads of autosubmits with fake data to crash their server or find out if the php script is mailing the information somewhere, and bomb that address (if we can hack the php script that is ... there must be a way) They're spamming this like fuck ... so I mean this in all sincerity: let's protect the newbies! |
|
|
|
|
|
08-03-2002, 05:04 PM
|
#6 |
|
Confirmed User
Join Date: Dec 2001
Location: The Great USA
Posts: 1,632
|
Did you atleast forward the email and info to Pay Pal?? that would be a place to start.
 |
|
|
|
|
08-03-2002, 05:05 PM
|
#7 |
|
Confirmed User
Join Date: Feb 2001
Location: Puerto Del Carmen, Lanzarote, Canary Islands
Posts: 1,572
|
I get this
Official name: milkersoft.com IP address: 66.175.57.202 Registrant: Commercial top-level domain (COM-DOM) VeriSign Global Registry Services 21345 Ridgetop Circle Dulles, VA 20166 Domain Name: COM Administrative Contact, Technical Contact: Registry Customer Service (RC4583-ORG) [email protected] VeriSign Global Registry Services 21345 Ridgetop Circle Dulles, VA 20166 +1 703-925-6999 Fax- +1 703-421-5828 Record created on 01-Jan-1985. Database last updated on 3-Aug-2002 19:53:05 EDT. Domain servers in listed order: A.GTLD-SERVERS.NET 192.5.6.30 B.GTLD-SERVERS.NET 192.33.14.30 C.GTLD-SERVERS.NET 192.26.92.30 D.GTLD-SERVERS.NET 192.31.80.30 E.GTLD-SERVERS.NET 192.12.94.30 F.GTLD-SERVERS.NET 192.35.51.30 G.GTLD-SERVERS.NET 192.42.93.30 H.GTLD-SERVERS.NET 192.54.112.30 I.GTLD-SERVERS.NET 192.43.172.30 J.GTLD-SERVERS.NET 210.132.100.101 K.GTLD-SERVERS.NET 213.177.194.5 L.GTLD-SERVERS.NET 192.41.162.30 M.GTLD-SERVERS.NET 192.55.83.30 |
|
|
|
|
08-03-2002, 05:07 PM
|
#8 | |
|
So Fucking Banned
Join Date: Feb 2002
Posts: 1,371
|
Quote:
|
|
|
|
|
|
08-03-2002, 05:12 PM
|
#9 | |
|
OU812
Join Date: Feb 2001
Location: California
Posts: 12,651
|
Quote:
__________________
Epic CashEpic Cash works for me Solar Cash Paysite Plugin Gallery of the day freesites,POTD,Gallery generator with free hosting |
|
|
|
|
|
08-03-2002, 05:12 PM
|
#10 | |
|
So Fucking Banned
Join Date: Feb 2002
Posts: 1,371
|
Quote:
I did a whois at netsol for milkersoft.com and it says the domain is available??! |
|
|
|
|
|
08-03-2002, 05:14 PM
|
#11 | |
|
So Fucking Banned
Join Date: Feb 2002
Posts: 1,371
|
Quote:
it just makes me mad that they've scammed people I know (as well as everyone else they scammed too) at the very least I want these fuckers mail bombed into the next century!! |
|
|
|
|
|
08-03-2002, 05:15 PM
|
#12 |
|
Confirmed User
Join Date: Apr 2002
Location: Houston
Posts: 5,651
|
No match for "MILKERSOFT.COM".
|
|
|
|
|
08-03-2002, 05:16 PM
|
#13 |
|
Confirmed User
Join Date: Apr 2002
Location: Houston
Posts: 5,651
|
there is no way to 'hack' the php script, give it up.. unless you root the box its on and either fuck up the httpd config or just download the script itself.
|
|
|
|
|
08-03-2002, 05:18 PM
|
#14 | |
|
So Fucking Banned
Join Date: Feb 2002
Posts: 1,371
|
Quote:
how is that possible? |
|
|
|
|
|
08-03-2002, 05:19 PM
|
#15 |
|
Confirmed User
Join Date: Feb 2001
Location: Puerto Del Carmen, Lanzarote, Canary Islands
Posts: 1,572
|
The more shit entered at the form the better I would guess.
|
|
|
|
|
08-03-2002, 06:44 PM
|
#16 |
|
Confirmed User
Join Date: Apr 2002
Location: Houston
Posts: 5,651
|
jesus christ, i said you cant, what else is there to understand?
the script is processes server side, then output is sent to the browser. YOU CANNOT GET THE SCRIPT. |
|
|
|
|
08-03-2002, 06:45 PM
|
#17 |
|
Confirmed User
Join Date: Apr 2002
Location: Houston
Posts: 5,651
|
when i say download the script, i meant after you root the machine.
|
|
|
|
|
08-03-2002, 06:57 PM
|
#18 |
|
Confirmed User
Join Date: Jan 2002
Location: Toronto, ON, Canada
Posts: 1,081
|
I bet 90% that the machine itself (66.175.57.202) is hacked. They might be sending the info to some free email and then accessing it with 50 proxies (proxy loop).
You just need to get the uplink provider to null-route that IP or whatever.
__________________
<a href="http://www2.famoushost.com/home.php" target="_blank"><b><FONT COLOR="FFFF00">www.FamousHost.com</font></b></a><br>Free Hosting With No Headers, Real FTP, <u>Get listed on the biggest TGP's with us!</u> |
|
|
|
|
08-03-2002, 06:59 PM
|
#19 |
|
Confirmed User
Join Date: Jan 2002
Location: Toronto, ON, Canada
Posts: 1,081
|
That box is hosted at http://www.abac.com/
The hostname of that box is cedant8.abac.com So you might as well send an email to abac.com for faster response. Maybe the box is indeed owner by that scammer. Then his ass can be nailed really easily.
__________________
<a href="http://www2.famoushost.com/home.php" target="_blank"><b><FONT COLOR="FFFF00">www.FamousHost.com</font></b></a><br>Free Hosting With No Headers, Real FTP, <u>Get listed on the biggest TGP's with us!</u> |
|
|
|
|
08-03-2002, 06:59 PM
|
#20 |
|
So Fucking Banned
Join Date: Aug 2002
Posts: 357
|
once they have the guts to do that they knew they'll never get caught. my pp was taken over and i wasn't able to take it back, the fucker even withdrew money from my bank too. I have to call my bank to dispute and blablabla......fuck paypal jackers.
|
|
|
|
