Friday, July 17, 2009

RapidShare Anti phishing Tech Tutorial

This time, I'm going to go over something that's absolutely rampant on today's warez forums:RapidShare account phishing.

So this is what happens. You're just browsing through your usual favorite forums, downloading as you please, and then suddenly, on one of the topics, someone points out that a post has phishing links, and then a moderator closes it. Well, that's great for them and all, but how about you? How do YOU know it's a phishing link? How do you protect your account in the future when there's no one else to say if it's a phishing link or not?

Fear not!. I have few guides to find whether its a phishing link or gentle link. After you read this guide I can promise will make sure you don't get your account stolen/phished, and I guarantee a 100% success rate. Ok guys now lets war with phishing witch.

So first off. Let's analyze what exactly phishing is. Phishing (pronounced "fishing") is the process by which someone makes a complete visual copy of a website and puts it up on a different server( anyone can access it like a regular website), so that unsuspecting users not paying close attention will input their personal data, which gets sent to the scammer. This is commonly used on banking/credit card/PayPal-like sites, in which someone logs into to what they think is the real site, but their details are sent to the scammer. These people don't suspect anything, because once the scammer has the login credentials, he can have his phished website redirect the person to the real site, and have them automatically logged in using the credentials he just stole. It's an ingenious idea, but is utterly dangerous and very angering to us unsuspecting users. The biggest flaw of RS that scammers exploit is the ability to be logged into an account from multiple computers. I'll explain more as to how this related to RapidShareas we go on.So, now that you know what phishing is, here's the ways you can successfully fight it.

Phishing Techniques:


  • Social engineering -It is so pervasive that even corporate and government sites are actively informing their users on the issue
  • Link manipulation -By the way of fake links. (like RapidShare)
  • Filter evasion -Phishers have used images instead of text to make it harder for anti-phishing filters to detect text commonly used in phishing e-mails
  • Website forgery- By javascripts shows you to same asorigina website (like RS)

These are the 4 comman way of phishing in internet. Most of the RS accounts get stolen by Link manipulation & WebsiteForgery

To avoid:


1. Lock Your Account (Not, Really):

RapidShare recently launched a new safety feature called the Security Lock, which is giving account stealers quite a headache . Essentially, what this does, when you enable it from your online RapidShare account, is lock down your account to unauthorized use. It sends the email account registered to your account a confirmation number, which locks the account. What does this do? This prevents from anyone changing the password/email address, or using your hard earned RapidShare Points. This essentially locks down the ONLINE account (the one you login to through RapidShare.com). If it locks them out, how can you change those details and use your Points? Easy. All you have to do is log in to your account through the web site, click Unlock, and another confirmation code is sent to your email, which allows you to change those details or use your points. My suggestion? Use it! You won't notice a thing when you're downloading, and it's really easy to do!
softwareroxer.blogspot.com

This will do

* Stops intruders who have compromised your account from changing the password, or the registered email address
* Stops intruders from using up your hard earned RapidShare Points to create themselves a free account
* Intruders cannot Unlock the account themselves without access to your email account (which they of course don't)
* Doesn't stop an intruder who's already compromised your account from blowing through your daily bandwidth.

2. Set Your Account Up To Directly Download:


What
does this mean? It essentially means that you don't go through the screen that asks you if you'd like to download as a Free or a Premium user. This shows up by default, whether or not you're logged in as a Premium user. You've all seen it, but here's a quick screenshot of what it looks like, just so you know which page I'm talking about:
find fake links
This is so that you can thank people by downloading a small file (uploaded by them) as a free user to earn them points. As good-natured as it is for you to do that, it poses a security threat. The most common form of roping people into giving away their account details is to use a "Link Protector" to mask their phishing URL so that you don't suspect anything. the so called link-protectors actually don't do shit to stop people from leeching other people's RapidShare links for forum posts. There is nothing stopping me from copying and pasting your links just because you used a "link-protector". Because a phishing site obviously cannot have the same URL as the original site it's phishing, it poses a problem for scammers as to how to get your login details without you suspecting anything. So under the pretense of a "link-protector" the URL of the phishing link is hidden, and it will take you to the Free or Premium download page, at which even if you're logged into RapidShare, clicking the Premium download page will ask you to enter your login/password, just like the official site would do if you weren't logged in. Don't fall for this! So what are my suggestions? First, go into your account settings for RapidShare and enable Direct Download. It's under settings, as shown here:

phishing protection
This eliminates that Free or Premium Download page, and always downloads premium the instant it's clicked. This way you can be sure you're clicking on a genuine RS link because the moment you click on it, it will initiate the download, since you are inititating a direct download. Second, if that page DOES show up, even after turning on Direct Downloading, then something is definately up. Check the URL of the link you clicked on. If it says ANYTHING other than

Where the *'s are numbers and a file extension, it's a phishing link.

Here's a few visual examples of real and fake links. Fake (These were taken from actual phishing links. Although the URL's are obviously wrong, don't scoff at people for falling for it. The screen they saw at this URL was the exact same as the Free or Premium Download page above. Would you have spotted the difference if you weren't looking at the URL? Source for links: KATZFORUMS Recycle Bin)(Image source katzforum)

softwareroxer.blogspot.com
Fake links Example
Photobucket
A REAL Genuine RapidShare URL:
Photobucket

If it still shows the screen but it's a genuine RapidShare link, then it's a possibility that you logged out. Log back in. When you log in, RS saves a cookie on your computer to tell the site that you don't need to log in as you've already provided the correct credentials. So your login informaton is saved every time you login into you account. This can be danger so you should logout your account and make sure your cookie is deleted. Now a days many browsers gives option "show cookie" so you can find your rapidshare account cookie whether deleted or not.

This will:

* 100% absolute fool-proof way to avoid being phished

* Makes it even easier to download from RapidShare by removing that intermediate step of having to pick which download type

* If you'd like to thank someone by download a file as a free user, you cannot do that in this scenario. You need to log out of RS first, then download it, and log back in, or go into your settings and uncheck the Direct Download each time you want to thank somebody. It's not quite a bad thing, it's just a lot of steps.


3. Keep an Eye on Your Traffic Logs!


RapidShare has given you many tools to watch for abusive activity on your account. One tool is an IP Logger found in "Premium Zone>View Logs", which logs the IP Address of the downloader each time a file was download on your account. So how can this help you? It's all numbers to you, right? Doesn't make sense? Fear not! Essentially, what an IP Address is a household-specific address that identifies your internet connection. It's kind of like a family name that identifies who you are. Each computer has their own IP provided by their ISP. All you have to do is use a free web service to find out what your IP Address is. I personally prefer

www.WhoIS.com

Write that down, and compare it to your traffic log. Each time you see that same number on your log, it means the download came from your computer. If you see an IP that doesn't match the number you wrote down, it can mean one of two things. One, it could mean you downloaded something yourself from a different computer in someone else's house/work. Two, it could also mean somebody has already compromised your account and has been using it to download for themselves. How can you tell the difference? Use the site mentioned above, and paste the unknown person's IP into the box. and click "Lookup IP Address". You'll get a pretty decent explanation as to where the person's IP is based, such as Country/State/City, so if it's at someone's house you know or is at work, you know it was you. If it isn't either and is from some place you know you've never even been too, it means your account has been compromised and is being used. Use that information as well as the information from the IP Lookup to report it to RapidShare for fraudulent
use
.

This will

* Another foolproof way to check to make sure you're the only one using your account
* I don't know, I suppose the concept of IP Addresses can be confusing to some people at first? Well, that's it for prevention. Like I said, use all those methods, and I promise your account will be clean and safe.

Do Get Maximum Projection

  • Don't Save Cookies Of Any Premium Accounts In Ur Browsers.(that is "save password" in browsers) Because some throjan horse programs can get your browser data's so becarefull
  • Dont get hurry up to download games! first check url before click on it.this takes few moments.
  • If the link is look like subdomian's don't use that link.Always keep distance this type of links
  • If you dont like download managers for downloadings, keep two browsers one for downloading another for browsing.
  • Every time you finish your downloading dont forget to clear your private browsing

What do you think about this post?

Comments are welcome…

3 comments:

  1. awesome guide thanks

    ReplyDelete
  2. wat about javascript phishing...
    do you know java script can do phishing easily!

    ReplyDelete
  3. Yeah java script can make fake address bar and status bars also.
    But you have an option "disable javascript in major browser" (like safari) in internet browser make your security level to medium-high or high to disable javascript on browser

    Use two browser one for Browsing another for rapidshare(java disabled browser).

    ReplyDelete