WebApp Sec mailing list archives
Re: Article - A solution to phishing
From: Rogan Dawes <discard () dawes za net>
Date: Wed, 22 Dec 2004 14:16:03 +0100
Joseph Miller wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 16 December 2004 11:47 am, exon wrote:Ian wrote:On 14 Dec 2004 at 13:43, Adam Tuliper wrote: <snip>Personally, I like stringing them on and giving them false information and wasting their time. Its fun, I recommend all of you try it : )You make have stumbled across a solution here ;) Why not code an automated system that fills in their bogus log in screens with false information? There are only a limited number of banking web sites around so a template could be created for each. If enough people join in these phishers would get swamped with information and wouldn't know the good from the bad. Thoughts ?This is known to be effective against spammers which use href-links in email to verify 'live' email-addresses. It's usually highly effective if you find something that looks like www.some-site.com/remove_me.asp?m=email () somewhere org I used to get around 400 spam emails a day, so I wrote a quick script to connect to a couple of these urls a couple of million times with auto-generated email-addresses. Sometime during the second night of running I kept getting connection refused and spam dropped down to around 40 / day.
> > Exon, > Would you happen to have that script available? If many people had > access to this script it could possibly cause DDoS and severely limit > spammers. I would, of course, not necessarily recommend this > particular action because of the legal implications, so I must say, > "We could use this as a possible threat to illegal spammers". > Thanks for the info. > > - -Joseph > Also have a look at http://freshmeat.net/projects/formflood/ About:Web Form Flooder is a Java console utility that will analyze a Web page, complete any forms present on the page with reasonable data, and submit the data. The utility will also crawl links within the site in order to identify and flood additional forms that may be present.
Regards, Rogan -- Rogan Dawes *ALL* messages to discard () dawes za net will be dropped, and added to my blacklist. Please respond to "lists AT dawes DOT za DOT net"
Current thread:
- Re: Article - A solution to phishing, (continued)
- Re: Article - A solution to phishing Michael Silk (Nov 29)
- Re: Article - A solution to phishing Rogan Dawes (Nov 30)
- Re: Article - A solution to phishing Adam Shostack (Dec 01)
- Re: Article - A solution to phishing Rogan Dawes (Dec 03)
- Message not available
- Re: Article - A solution to phishing Michael Silk (Dec 14)
- Re: Article - A solution to phishing Adam Tuliper (Dec 15)
- Re: Article - A solution to phishing Ian (Dec 16)
- Re: Article - A solution to phishing exon (Dec 20)
- Re: Article - A solution to phishing Joseph Miller (Dec 20)
- Re: Article - A solution to phishing exon (Dec 22)
- Re: Article - A solution to phishing Rogan Dawes (Dec 22)
- RE: Article - A solution to phishing Mark Curphey (Nov 29)
- RE: Article - A solution to phishing focus (Nov 29)
- Re: Article - A solution to phishing Tran Viet Phuong (Nov 29)
- Re: Article - A solution to phishing Saqib . N . Ali (Nov 29)
- Re: Article - A solution to phishing Mark Burnett (Nov 29)
- RE: Article - A solution to phishing WebAppSecurity [Technicalinfo.net] (Nov 29)
- RE: Article - A solution to phishing WebAppSecurity [Technicalinfo.net] (Nov 29)