|
Title: Fanbitcoin.com - Mirror or phishing? Post by: Karartma1 on September 16, 2015, 10:55:36 AM I searched something about Bitcoin in Google and I found https://fanbitcoin.com in search results. It looks like another mirror site like bitcointa.lk.
Don't try to login from that site! Title: Re: Fanbitcoin.com - Mirror or phishing? Post by: 21coin on September 16, 2015, 10:59:12 AM Hmm it seems so, seems to be daily updated as well. Warning well given.
Title: Re: Fanbitcoin.com - Mirror or phishing? Post by: Jake-R on November 18, 2015, 10:48:35 PM I almost signed in there after a Google search took me there instead of here today.
Title: Re: Fanbitcoin.com - Mirror or phishing? Post by: Zeroxal on November 20, 2015, 09:41:04 AM Tried to log in with some random characters. The site just went blank.
Title: Re: Fanbitcoin.com - Mirror or phishing? Post by: MathewCNichols on December 04, 2015, 02:13:06 AM I just attempted a login.
The site pulled up in a Google search for the Avalon 6. I saw it was using HTTPS, I assumed a secure signed TLS certificate was secure enough, and I entered my credentials. I was redirected to a cloudflare error page: "The page you are looking for cannot be found": http://screencast.com/t/UiyyTuRFH Does anyone know if the PHP POST for "hash_passwrd" on the submit button could have passed the password to the phisher man?: http://screencast.com/t/8de4RZt4S I'm guessing if it did there would have been some sort of confirmation of the submission (and Chrome password manager would have prompted to save it for the site.) Thanks guys. Title: Re: Fanbitcoin.com - Mirror or phishing? Post by: theymos on December 04, 2015, 03:31:48 AM I wish that Google was smart enough to notice this copying and ban the copycat sites.
I just attempted a login. You should change your password here just in case. Title: Re: Fanbitcoin.com - Mirror or phishing? Post by: MathewCNichols on December 04, 2015, 12:37:44 PM I wish that Google was smart enough to notice this copying and ban the copycat sites. I just attempted a login. You should change your password here just in case. Thanks for the reply, Theymos! Will do! Title: Re: Fanbitcoin.com - Mirror or phishing? Post by: Quickseller on December 04, 2015, 02:51:20 PM There really needs to be a sticky that says the only domain is bitcointalk.org and any other one is a phishing site.
Title: Re: Fanbitcoin.com - Mirror or phishing? Post by: Decoded on December 04, 2015, 10:14:03 PM Pretty much all mirrors are also phishing. They can get your bitcointalk password, so one way or another it's risky. Bitcointalk is easier to remember anyway, why would you use something as dodgy as fanbitcoin?
Title: Re: Fanbitcoin.com - Mirror or phishing? Post by: Sir_lagsalot on December 05, 2015, 10:59:43 AM Probably phishing. Why would you make a mirror, when everyone can use the official site? :-/
One way or another, stay well away. Seems phishy (Geddit) Title: Re: Fanbitcoin.com - Mirror or phishing? Post by: MathewCNichols on December 05, 2015, 05:01:05 PM Probably phishing. Why would you make a mirror, when everyone can use the official site? :-/ One way or another, stay well away. Seems phishy (Geddit) I'm guessing the domain name or IP for bitcointalk.org is banned in other countries and this mirror provides a portal for foreign readers. I'm investigating whether my original password was possibly stolen for different reasons. I have changed my initial password BTW. The mirror is hosted on cloudflare out of California and using their SSL cert. Although the domain owner is hidden, it's someone out of Panama. From what I can tell so far, it looks like they mirrored this site but did not take any of the PHP forms with it. They also don't use any javascript beside a Shopify stat counter at the bottom of every page: • The login form from the home page uses PHP to POST a "user" and "passwrd" value to fanbitcoin.com/index.php?action=login2, the same behavior as bitcointalk.org/index.php?action=login2 • Bitcointalk then uses javascript to process the "user" value "frmLogin" See http://screencast.com/t/mvVDGvbaA • Fanbitcoin lacks the javascript to process any value "frmLogin" See http://screencast.com/t/P1fDKgQ6Zs2L *Links removed for safety. *I'm a complete noob. Title: Re: Fanbitcoin.com - Mirror or phishing? Post by: MathewCNichols on December 08, 2015, 12:16:20 AM I've recreated a test site using fanbitcoin.com's copied source code, exploited the php to capture the "user" and "passwrd" fields, then I've attempted to return a server 404 like their host cloudflare.com does. It's not possible. Once the php script begins to process, you either land on a blank page or get redirected to whatever page is specified in the "header('Location: http://site.com');" It's not possible to have the webserver display it's internal 404 (notice the URL doesn't change on cloudflare) since php is responsible for serving the header and the specific 404 page URL once it begins processing. This is the best explanation I've found: http://stackoverflow.com/questions/437256/why-wont-my-php-app-send-a-404-error I created a test site and setup the cloudflare CDN. With "smarterrors" enabled, I can pass a "header("HTTP/1.1 404 Not Found");" at the bottom of the php code, after intercepting the username password, and cloudflare will throw it's 404 page. Fair warning: CHANGE YOUR PASSWORD! Title: Re: Fanbitcoin.com - Mirror or phishing? Post by: Eisenhower34 on March 15, 2016, 09:27:44 AM Wow! I don't know who or what linked it, but I'd like to consider myself pretty savvy as far as phishing goes. Gave me a heartache when I realized what I had done. Thank goodness for lastpass and for not keeping identical passes. I should've known something was screwy when it wasn't offering to fill in my login details.
So please everyone, beware. The link is on the forum somewhere that directs you to this fanbitcoin.com. I was casually surfing Bitcointalk as usual and nearly got took myself. |