Phishing Attempt on Traderji - Pls read
- Thread starter DWeeP
- Start date
- Status
Friends if any of you receive any sort of pm's which you deem may be advertisements, spam, security threats or unsuitable please do inform Traderji this is a collective effort and it is up to senior members such as all of you to report such occurances. In the past there have been pm spammers but its difficult to find them as they generally don't pm Traderji. Also in case you find any post offensive or against the forum rules please do click on the "offensive post" icon to inform Traderji. I must say I think CV has done a great job in this respect, he immediately reports such posts and I hope all of us can emulate his example.
IT seems that the individual "saurabh_forever" registered online on the 13th at around 4pm. The IP seems to have originated from mantra online in AP through REALCONNECT.
The website used for this phising attempt is http://www.freeweb7.com/ a free website service provider.
Looks like a prank and I have banned the user and taken up the matter with freeweb7.com
The website used for this phising attempt is http://www.freeweb7.com/ a free website service provider.
Looks like a prank and I have banned the user and taken up the matter with freeweb7.com
I got the PM too 
And I thought only I was the official hacker on this forum
I request traderji to take legal waction, and request traderji to make this thread sticky for a few days.
And I thought only I was the official hacker on this forum
I request traderji to take legal waction, and request traderji to make this thread sticky for a few days.
If you do consider yourselves professional hackers, my ID is open!
Nothing can be done with the IP, except to find out in which city (very often, it is only state, not even city) the person resides.
I do not think phishing by itself is punishable under the Indian law (correct me). Only if a fraud arises from phishing, action can be taken. Legal action otherwise would be futile!
Firewall monitors only inbound and outbound network traffic and help prevent attacks from remote sources. It will not assist you if you are careless to give away your password and id. Unless the hacker has superior technology (which the amateur hackers, constituting significant % of the hacker population, don't usually have), it is not possible to hack your, provided of course that you don't leak it out by your carelessness.
Did some analysis.
1. The fake page uses the same login script as traderji.com. If this script is the same for all BB-driven sites, then the cracker did not have to try too hard. The name of the script is login.php and the location is
http://traderji.freeweb7.com/investors-grieviences/login.php
As soon as you open it, it redirects you to the original traderji login page.
2. The retard is a script kiddie, or a lame windows user. I say this because he did not account for the cookies. Example, when I visited the original site, it did not ask me for a passwd because I had not logged off. Then when I saw the privae message and clicked on the link, it asked me to enter the passwd. How can cookies be deleted just like that?
3. Phishing is illegal in India. Moreover, He has used the traderji logo. Thats further illegal.
4. Turning on the windows firewall won't prevent phishing attempts.
So, how to prevent phishing?
1. Read the URL carefully. It has to be the original website (like whatever.traderji.com or traderji.com/whatever. If its traderji.someothersite.com, or someothersite.com/traderji, then its malicious.
2. Look for the padlock sign on the bottom right of your browser when you are on a page that asks you for a passwd.
3. Use firefox. It highlights the URL in yellow if its a secure login. (dont know about IE)
Thats it. Please be careful.
1. The fake page uses the same login script as traderji.com. If this script is the same for all BB-driven sites, then the cracker did not have to try too hard. The name of the script is login.php and the location is
http://traderji.freeweb7.com/investors-grieviences/login.php
As soon as you open it, it redirects you to the original traderji login page.
2. The retard is a script kiddie, or a lame windows user. I say this because he did not account for the cookies. Example, when I visited the original site, it did not ask me for a passwd because I had not logged off. Then when I saw the privae message and clicked on the link, it asked me to enter the passwd. How can cookies be deleted just like that?
3. Phishing is illegal in India. Moreover, He has used the traderji logo. Thats further illegal.
4. Turning on the windows firewall won't prevent phishing attempts.
So, how to prevent phishing?
1. Read the URL carefully. It has to be the original website (like whatever.traderji.com or traderji.com/whatever. If its traderji.someothersite.com, or someothersite.com/traderji, then its malicious.
2. Look for the padlock sign on the bottom right of your browser when you are on a page that asks you for a passwd.
3. Use firefox. It highlights the URL in yellow if its a secure login. (dont know about IE)
Thats it. Please be careful.
Hey Traderji (Mod),
Complaining to freewebs will only result in his page being deleted. You need to get his Mantra IP from your apache access logs, and note the time. Convert the time to IST and ask Mantra who had that IP at that time of the day. You have to do this quick, since their logs might be rotated real fast.
I'm sure you have Manta's contact info from the whois lookup.
I'm sure the lame script kiddie is also reading this by logging in as another user. I just want to tell him that what he did is not cracking or hacking..its just social engineering. Thats pretty lame.
All the best.
Complaining to freewebs will only result in his page being deleted. You need to get his Mantra IP from your apache access logs, and note the time. Convert the time to IST and ask Mantra who had that IP at that time of the day. You have to do this quick, since their logs might be rotated real fast.
I'm sure you have Manta's contact info from the whois lookup.
I'm sure the lame script kiddie is also reading this by logging in as another user. I just want to tell him that what he did is not cracking or hacking..its just social engineering. Thats pretty lame.
All the best.
- Status
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| M | "attempted to add too many securities" error at metastock v11 | MetaStock | 0 | |
|
Crude oil scalping diary - Attempt 3 | Trading Diary | 11 | |
| S | Trading Challenge III : 300% in 5months. Attempt III. | Trading Diary | 97 | |
| O | My learning attempt of option in indian market | Members Discussion Forums | 13 | |
| R | Phishing Net Banking | General Chit Chat | 1 |
Similar threads
-
-
-
-
My learning attempt of option in indian market
- Started by oilman5
- Replies: 13
-