Whats this??????

Jump to latest Follow Reply
Status
Not open for further replies.
Sort by date Sort by reaction score
nerak

nerak

ECF Guru
ECF Veteran
Verified Member
Feb 12, 2011
25,335
60,415
Fairfield Township, OH, USA
www.facebook.com
rolygate said:
OK what the site does is hack your browser, steal your ECF cookie, and show you the ECF website in an iframe. It shows you what you see if you go to ECF. Everyone sees something different.

This is an attack site, your browser is being hacked - not ECF.
Click to expand...

I don't quite understand. If you scroll to the bottom of the page, not the inserted ECF forum, you will see lots of information. One link titled "Why ECF rocks" when clicked will take you to a post from New Members forum.

So it seems like the whole site is ECF.
 
rolygate

rolygate

Vaping Master
Supporting Member
ECF Veteran
Verified Member
Sep 24, 2009
8,354
12,405
ECF Towers
What the site does is simply to redirect you to ECF in an iframe, a box on their front page that displays ECF. So whatever you would see on ECF, you see there.

Don't go there. If you want to view that site, go there in a 'spare' browser with no logins or passwords, then wipe the browser afterwards. But I don't advise it. You've no idea what sites like that can try to get onto your PC.

It's quite a good joke because it makes people worry if they or ECF have been hacked. Technically it is a clever joke. All that happens is you see ECF but on another site. ECF is not affected in any way, only your browser.

However sites like that can be used for other purposes like attempting to steal your passwords and so on. We've censored that site name out so that people don't go there, there is a danger the site could be used to get their personal info.
 
Last edited:
Freddie

Freddie

Super Member
ECF Veteran
Verified Member
Mar 19, 2012
809
530
The NETWORK
rolygate said:
What the site does is simply to redirect you to ECF in an iframe, a box on their front page that displays ECF. So whatever you would see on ECF, you see there.

Don't go there. If you want to view that site, go there in a 'spare' browser with no logins or passwords, then wipe the browser afterwards. But I don't advise it. You've no idea what sites like that can try to get onto your PC.

It's quite a good joke because it makes people worry if they or ECF have been hacked. Technically it is a clever joke. All that happens is you see ECF but on another site. ECF is not affected in any way, only your browser.

However sites like that can be used for other purposes like attempting to steal your passwords and so on. We've censored that site name out so that people don't go there, there is a danger the site could be used to get their personal info.
Click to expand...
Actually Roly it is NOT a good joke! We are talking about members personal INFO here! This matter is SERIOUS! There are some members who have already clicked on the link to check it out amd who knows what transpired when doing so! HOWEVER, as you say and stated that you have RESOLVED this matter, I will take your word for it and NOTE of this thread!
 
Last edited:
rolygate

rolygate

Vaping Master
Supporting Member
ECF Veteran
Verified Member
Sep 24, 2009
8,354
12,405
ECF Towers
@Freddie
Careful - it is nothing to do with ECF in any way.

Any website in the world can do this - it is called an iframe.

If you feel that you have been personally attacked then you should complain to the domain registrars and the website hosting of the attack site. We will also be doing this.

All we did is fix it so they couldn't use our front page on their site for a redirect. There is nothing we or any other website can do to stop people setting up an iframe attck of this type - all anyone can do is complain to the domain registrars and website hosts.

I'll explain how it is done, then you can see it is nothing to do with us. You just put some code on a page of your website that says, "in this block, display website XXX". That's all it does. And of course if you are logged into website XXX, then you will see your personal pages there.

The main thing the spammer does is to publicize the link. Whoever posted the link up on to the web first is the owner of the spam site. Note that they can also add code to their site to get your personal info, if they want to. However, this sort of person is a spammer and general troublemaker, who is not clever enough to be a hacker.
 
Freddie

Freddie

Super Member
ECF Veteran
Verified Member
Mar 19, 2012
809
530
The NETWORK
rolygate said:
@Freddie
Careful - it is nothing to do with ECF in any way.

Any website in the world can do this - it is called an iframe.

If you feel that you have been personally attacked then you should complain to the domain registrars and the website hosting of the attack site. We will also be doing this.

All we did is fix it so they couldn't use our front page on their site for a redirect. There is nothing we or any other website can do to stop people setting up an iframe attck of this type - all anyone can do is complain to the domain registrars and website hosts.

I'll explain how it is done, then you can see it is nothing to do with us. You just put some code on a page of your website that says, "in this block, display website XXX". That's all it does. And of course if you are logged into website XXX, then you will see your personal pages there.

The main thing the spammer does is to publicize the link. Whoever posted the link up on to the web first is the owner of the spam site. Note that they can also add code to their site to get your personal info, if they want to. However, this sort of person is a spammer and general troublemaker, who is not clever enough to be a hacker.
Click to expand...
OK, THANK YOU! Now you took a BIG LOAD off my shoulders! Thanks Roly! :D
 
oldsoldier

oldsoldier

Retired ECF Forum Manager
ECF Veteran
Verified Member
Dec 17, 2010
12,503
8,000
Lurking in the shadows
www.reboot-n.com
Just to reiterate what Roly said above, using an iFrame to display content in itself is not nefarious though it can be done unethically and for blackhat SEO reasons.


The biggest concern about your personal information comes from using an iFrame to "phish". A clever attacker could do this in a way to lure the less savvy internet users into entering his login credentials or personal information, much like the email phishing scams that 99.9% of internet users are aware of and just delete. Phishing scams understand this and make their margin by exploiting the .01%

I'm not saying this was the intent of that site, because it probably wasn't. I'm just giving you an example :)
 
kenetix

kenetix

Super Member
ECF Veteran
Verified Member
Nov 17, 2009
470
137
47
Illinois
This is easily something that ECF could fix. All ECF has to so is place a small bit of code in the <header> to stop it from being loaded in <iframe> either as javascript giving a warning that the page is loaded via an iframe and not officially ecf or php to stop it period. The code is all over the web. This would of been the first rational action to be done.

I will make your job easy for you....

http://en.wikipedia.org/wiki/Framekiller
 
Last edited:
Status
Not open for further replies.

Similar threads

kevbow
  • Locked
Black Friday Sale
Replies
5
Views
1K
General Vaping Discussion
kevbow
kevbow
CES
  • Locked
NPR marketplace piece
Replies
0
Views
720
E-Cigarette News
CES
CES
A
  • Locked
Evolution-X Kits with 2 Mega Atomziers
Replies
0
Views
540
E Cigarette Suppliers Forum
Alpine77
A
AlmightyGod
  • Locked
The Vaping Evolution with AG: Special Guest Tonight: Faceless of iHybrid Mods
Replies
1
Views
1K
Vaping TV and Radio
AlmightyGod
AlmightyGod
A
  • Locked
Evolution-X Now in Stock
Replies
0
Views
636
E Cigarette Suppliers Forum
Alpine77
A

Users who are viewing this thread

Total: 2 (members: 0, guests: 2)
Top Bottom
Jump to latest Follow Reply
Jump to latest Follow Reply
Forums
Products
Vaping.com
Star Suppliers
Blogs
Menu