MyBB Community Forums
Phishing Website - Possible Cookie Theft? - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: Community Archive (https://community.mybb.com/forum-106.html)
+--- Forum: Archived Forums (https://community.mybb.com/forum-143.html)
+---- Forum: Archived Development and Support (https://community.mybb.com/forum-155.html)
+----- Forum: MyBB 1.6 (https://community.mybb.com/forum-138.html)
+------ Forum: 1.6 Security Management and Support (https://community.mybb.com/forum-153.html)
+------ Thread: Phishing Website - Possible Cookie Theft? (/thread-156013.html)



Phishing Website - Possible Cookie Theft? - Jabberwock - 2014-07-13

It has come to my attention that there is an impostor website linking to my website through a frame tag.

For example, blabla.XXX which is the imposter site will link to my legitimate blabla.YYY site.
And a GET data is extended with ?referrer=NUM.
Now I obviously undertand that they want to get many referrals, because I provide rewards for referrers.
BUT they also have a javascript with Google Analytics? It seems...

Question is, will they be able to obtain the cookies from the child frame?


RE: Phishing Website - Possible Cookie Theft? - StefanT - 2014-07-13

(2014-07-13, 11:48 AM)Jabberwock Wrote: Question is, will they be able to obtain the cookies from the child frame?
No.

You can prevent your website from being embedded in a frame: https://en.wikipedia.org/wiki/Clickjacking#Prevention


RE: Phishing Website - Possible Cookie Theft? - VoIP - 2014-07-13

(2014-07-13, 12:44 PM)StefanT Wrote:
(2014-07-13, 11:48 AM)Jabberwock Wrote: Question is, will they be able to obtain the cookies from the child frame?
No.

You can prevent your website from being embedded in a frame: https://en.wikipedia.org/wiki/Clickjacking#Prevention

As Stefan said their are couple of ways to block it.

One of them being Noscript(Client Side) and the other being Noframe(server side)

Goodluck Op.


RE: Phishing Website - Possible Cookie Theft? - Jabberwock - 2014-07-14

I took the server side route, it's working great.


RE: Phishing Website - Possible Cookie Theft? - Dannymh - 2014-07-14

Jabberwock,

how did you identify that someone was doing this?


RE: Phishing Website - Possible Cookie Theft? - VoIP - 2014-07-14

(2014-07-14, 12:49 PM)Dannymh Wrote: Jabberwock,

how did you identify that someone was doing this?

I think he's saying a parameter was holding it.

?refer=script here.