WebApp Sec mailing list archives

Re: Article - A solution to phishing

From: Rogan Dawes <discard () dawes za net>
Date: Wed, 22 Dec 2004 14:16:03 +0100

Joseph Miller wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 16 December 2004 11:47 am, exon wrote:

Ian wrote:

On 14 Dec 2004 at 13:43, Adam Tuliper wrote:

<snip>

Personally, I like stringing them on and giving them false information
and wasting their time. Its fun, I recommend all of you try it : )


You make have stumbled across a solution
here ;)

Why not code an automated system that fills
in their bogus log in screens with false
information?

There are only a limited number of banking
web sites around so a template could be
created for each.

If enough people join in these phishers
would get swamped with information and
wouldn't know the good from the bad.

Thoughts ?


This is known to be effective against spammers which use href-links in
email to verify 'live' email-addresses. It's usually highly effective if
you find something that looks like
www.some-site.com/remove_me.asp?m=email () somewhere org

I used to get around 400 spam emails a day, so I wrote a quick script to
connect to a couple of these urls a couple of million times with
auto-generated email-addresses. Sometime during the second night of
running I kept getting connection refused and spam dropped down to
around 40 / day.

>
> Exon,
> Would you happen to have that script available?  If many people had
> access to this script it could possibly cause DDoS and severely limit
> spammers.  I would, of course, not necessarily recommend this
> particular action because of the legal implications, so I must say,
> "We could use this as a possible threat to illegal spammers".
> Thanks for the info.
>
> - -Joseph
>

Also have a look at http://freshmeat.net/projects/formflood/

About:

Web Form Flooder is a Java console utility that will analyze a Web page,complete any forms present on the page with reasonable data, and submitthe data. The utility will also crawl links within the site in order toidentify and flood additional forms that may be present.


Regards,

Rogan
--
Rogan Dawes

*ALL* messages to discard () dawes za net will be dropped, and added
to my blacklist. Please respond to "lists AT dawes DOT za DOT net"

Current thread:

Re: Article - A solution to phishing, (continued)
- - - Re: Article - A solution to phishing Michael Silk (Nov 29)
    - Re: Article - A solution to phishing Rogan Dawes (Nov 30)
    - Re: Article - A solution to phishing Adam Shostack (Dec 01)
    - Re: Article - A solution to phishing Rogan Dawes (Dec 03)
    - Message not available
    - Re: Article - A solution to phishing Michael Silk (Dec 14)
    - Re: Article - A solution to phishing Adam Tuliper (Dec 15)
    - Re: Article - A solution to phishing Ian (Dec 16)
    - Re: Article - A solution to phishing exon (Dec 20)
    - Re: Article - A solution to phishing Joseph Miller (Dec 20)
    - Re: Article - A solution to phishing exon (Dec 22)
    - Re: Article - A solution to phishing Rogan Dawes (Dec 22)
  - RE: Article - A solution to phishing Christopher Canova (Dec 14)
- Re: Article - A solution to phishing focus (Nov 27)
  - RE: Article - A solution to phishing Mark Curphey (Nov 29)
    - RE: Article - A solution to phishing focus (Nov 29)
  - Re: Article - A solution to phishing Tran Viet Phuong (Nov 29)
  - Re: Article - A solution to phishing Saqib . N . Ali (Nov 29)
    - Re: Article - A solution to phishing Mark Burnett (Nov 29)
    - RE: Article - A solution to phishing WebAppSecurity [Technicalinfo.net] (Nov 29)
- Re: Article - A solution to phishing Michael Silk (Nov 29)
  - RE: Article - A solution to phishing WebAppSecurity [Technicalinfo.net] (Nov 29)

(Thread continues...)