« previous next »
Pages: 1 2 3 4 5 [6] 7

Author Topic: Website Asking For Key Going Around  (Read 9005 times)

Mr Queeba

June 17, 2014, 05:16:40 PM
I sent him a fake BL key, which was IDI0T-SPENC-ERALT-DUMBASS

Also, I reported the form for phishing.

Ad Bot

Advertisement

Vovka5545

June 18, 2014, 03:48:39 AM
Gold? Blockland has got gold?

Starzy

June 18, 2014, 04:10:33 AM
Quote from: Vovka5545 on June 18, 2014, 03:48:39 AM
Gold? Blockland has got gold?
Even if you're joking, I'll still warn you about it. It's a complete scam, this user Spencer2015 has been doing it for ages now. A real problem user. I suggest you don't enter your key in anywhere except blockland.

ßlöükfáce

June 18, 2014, 04:54:57 AM
seriously spencer if you're going to steal keys use something better than a google doc

Steve5451²

June 18, 2014, 05:41:11 AM
http://pastebin.com/anNNZfT3

I made a little flooder userscript that generates a convincing key. Just save the userscript, open the page, and enjoy. Adjust the interval as you wish.

Scriode

June 18, 2014, 01:31:27 PM
Quote from: Steve5451² on June 18, 2014, 05:41:11 AM
http://pastebin.com/anNNZfT3

I made a little flooder userscript that generates a convincing key. Just save the userscript, open the page, and enjoy. Adjust the interval as you wish.


Little late the the party. My flooder already did that

Headcrab Zombie

June 18, 2014, 02:10:17 PM
Personally I'd just make a console application that just sends POST requests, instead of bothering to render the web page and everything

Deve

June 18, 2014, 02:14:03 PM
why are we still spamming it lol
not like he'll check it and actually snoop all of the posts out to find a working key

Scriode

June 18, 2014, 03:26:46 PM
Quote from: Headcrab Zombie on June 18, 2014, 02:10:17 PM
Personally I'd just make a console application that just sends POST requests, instead of bothering to render the web page and everything
You can turn the webpage off too

/Pacha

June 18, 2014, 03:34:34 PM
Quote from: Headcrab Zombie on June 18, 2014, 02:10:17 PM
Personally I'd just make a console application that just sends POST requests, instead of bothering to render the web page and everything
pretty sure someone already made a batch script that does this with cURL

Starzy

June 19, 2014, 12:14:23 AM
Quote from: /Pacha on June 18, 2014, 03:34:34 PM
pretty sure someone already made a batch script that does this with cURL
Look a little further back rofl.

Also you cannot filter the real keys out. It sends to a google docs and then lists them down in order.
I just want to ask you guys, if you see anymore of this phishing send us the google docs link so we can protect people who fall for it and enter their key by us flooding it with fake keys. We can stop Spencer by doing this.

Steve5451²

June 19, 2014, 03:33:21 AM
Quote from: Starzy on June 19, 2014, 12:14:23 AM
Look a little further back rofl.

Also you cannot filter the real keys out. It sends to a google docs and then lists them down in order.
I just want to ask you guys, if you see anymore of this phishing send us the google docs link so we can protect people who fall for it and enter their key by us flooding it with fake keys. We can stop Spencer by doing this.

^^

Zeblote

June 19, 2014, 01:20:20 PM
Quote from: Scriode on June 18, 2014, 01:31:27 PM
Little late the the party. My flooder already did that
Not to mention that his keys miss a segment.

Quote from: Starzy on June 19, 2014, 12:14:23 AM
I just want to ask you guys, if you see anymore of this phishing send us the google docs link so we can protect people who fall for it and enter their key by us flooding it with fake keys. We can stop Spencer by doing this.
Only if those keys pass the basic check. Generating random letters is not enough.

Starzy

June 20, 2014, 12:08:06 AM
Quote from: Zeblote on June 19, 2014, 01:20:20 PM
Not to mention that his keys miss a segment.
Only if those keys pass the basic check. Generating random letters is not enough.

So he's going to enter all the thousands of keys we've flooded in just to find one that works.
uh k.
The point of flooding in realistic looking ones is to hide the real ones. Thus saving people who fall for this.

Headcrab Zombie

June 20, 2014, 10:28:19 AM
Quote from: Starzy on June 20, 2014, 12:08:06 AM
So he's going to enter all the thousands of keys we've flooded in just to find one that works.
uh k.
The point of flooding in realistic looking ones is to hide the real ones. Thus saving people who fall for this.
No.
Valid keys follow a certain numbering scheme. For example, in a valid credit card number, all the digits add up to a certain number. This makes it very easy to check if a number is valid without having to authenticate it with a server
I don't know the numbering scheme with keys, but if you do, you can just write a script that will go through all the keys and throw away any that don't conform to this scheme, making spamming the form with completely random keys pointless
Conversely, if you do know the scheme, you can generate random keys according to this scheme that couldn't be thrown out by an automated script
Pages: 1 2 3 4 5 [6] 7
« previous next »