Results 1 to 3 of 3
  1. #1
    Join Date
    Jun 2006

    Phishing on a smaller scale


    We've got a problem at our browser based game with a person who continuously signs up (different IP address, e-mail address etc) and spams players of the game asking them to login at an alternative URL. We censor the URL and he uses an alternative, we educate players but some still fall for the trap. At the end of the day this person is getting hold of user's passwords by tricking them into logging in at an alternative URL, which is a pain in the back for their gameplay but even worse when these people probably use the same password for e-mail accounts and so on.

    Where can we go from here to stop this? We're not a big website, it isn't online banking - so I guess we're not important?!

    The phishing sites are being hosted for free at - the people there seem to be idiots ( I didn't think they would be interested though ). I spoke on their live chat, was told to put in a support ticket by e-mailing [email protected] - I send an e-mail to the address and get an automated reply saying I must register to the support desk first... which I couldn't do without registered for free hosting. So eventually I track down an e-mail address for them but they just claim that they check for this sort of thing every now and again so will not take any immediate action... then have the nerve to say "in future please use the support desk".

    It doesn't bother me blocking this idiot from accessing the website every time he finds a new way to gain access, we get alot of that - what bothers me is that users are at risk no matter how much we educate them.

    So my question is - can anything be done about this? Fake login websites being setup for users so that someone can steal their username/password.

    Thank you for any replies. Apologies if this is posted in the wrong area, I wasn't really sure where to post it and haven't been around for a short while.

  2. #2
    Join Date
    May 2009

    Unfortunatley you seem to be doing all you can. Seems like the best way to prevent this would from the script side. Make a better warning of sort. Like before a user starts a game have him confirm he will not accept any links to login pages and so fourth in big red text, lol. Get the users attention better. It seems like you should harden the website.
    Good luck.

  3. #3
    Join Date
    Dec 2007
    Indiana, USA
    The only thing you can really do is educate your users to not use their username and password anywhere other than your site and not to share the password with any email accounts or anything else.

    Beyond that, it's a cat and mouse game.
    Michael Denney - MDDHosting LLC
    New shared plans for 2016! Check them out!
    Highly Available Shared, Premium, Reseller, and VPS

Similar Threads

  1. Replies: 3
    Last Post: 03-06-2008, 11:35 PM
  2. Small-scale VPS (Xen)
    By dotwaffle in forum VPS Hosting
    Replies: 9
    Last Post: 08-26-2005, 09:44 AM
  3. How do you know if a Database will scale?
    By jen66772 in forum Programming Discussion
    Replies: 2
    Last Post: 03-03-2005, 12:18 PM
  4. fixing MRTG scale
    By Lem0nHead in forum Hosting Security and Technology
    Replies: 1
    Last Post: 05-03-2004, 01:25 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts