Nowadays hacking common social networks such as Facebook, Twitter, Gmail has become a buzz word. So I was thinking to share this important information with you all. First start with a little experience of mine :
Once when I was surfing facebook with logged in, suddenly I was prompted with a facebook login script inside facebook!(attention, it was inside facebook!). But without entering my login information in that script, I looked arround my main facebook window and I found that I was still logged in! So what’s problem? If I am logged in, then why facebook is asking me to again log in? I was astonished. But I didn’t take too time to understand that, it’s nothing but a fake login page! Can you guess how I discovered it? I discovered it by checking my URL at the browser address bar. But that fake login page is inside the real facebook! How it possible? It was possible because it was a facebook application. So the URL was looked like “http://apps.facebook.com/*custom_app_name*” . I made a screenshot of the address bar. See the following:
Remember, all third party developed facebook apps are hosted at the http://apps.facebook.com/ directory and these apps can be developed with external functionality and custom HTML(in facebook is modified as FBML with some changes of coding). The attacker has made this script as third party facebook app to get usernames and passwords of victims. But I could defend myself because of consciousness.
This method of hacking login information is called Phishing. There are also other methods including Keylogging and advanced hacking techniques. Let’s discuss how Phishing works.
How an Attacker Will Steal/Hack your Facebook Password with Phishing :
1. First he will make a fake login script which will look exactly as real page. Here is a sample (link removed). This sample includes an HTML script script1.html and a PHP file write.php .
2. Now he will put the both script1.html and write.php on his own web hosting directory. The attacker is very tricky to give his paid or free website a confusing name such as http://facebooklogin007.com or http://logintofacebook.110mb.com or http://hackfb.110mb.com/facebook.html something like this so the fool users will not take care about the URL. (Here I used www.110mb.com as free hosting example. But there are other free web hostings available on the internet such as www.t35.com ect.)
3. Now suppose the fake login script is hosted at http://hackfb.110mb.com/facebook.html. Now the attacker(hacker) will send this URL(http://hackfb.110mb.com/facebook.html) to the victims or to the people those he want to hack.
4. Now if the victim come across this page he will have tend to enter his login information including password!
5. Then the password will automatically saved in a new file called passes.txt which was declared in write.php file’s source code .
6. The hacker will check the text file to get victim’s password.
That’s the basic way of hacking facebook account by many bad guys.
So now you can understand how you should protect yourself from this scam. When you are logging to a page (not only for facebook, but also for other accounts) , please check your URL.
Here are examples of real and fake URLS:
How to Protect Your Facebok Account from being Hacked by Attacker :
Security is not complete without you. So only your own consciousness will protect yourself.
2. Always try to check your URL(page address) at the address bar of your browser.
3. Make you PC secured. Keep your antivirus updated. I recommend Kaspersky, ESET-NOD32, AVG, Avira, Mcaffe, etc.
4. Always maintain an administrator account and another guest or user account on you PC. So your near enemy will not able to install hidden keylogger on your Computer from guest account.
5. Don’t click on suspicious links those are sent to your mail inbox, wall, char bar, etc. Try to check/authorize that first.
Warning : The information provided here should not be used for illegal purpose. If so, TechGainer or I myself will not responsible for that. We just want to make people more conscious.
I also have written other nice stuffs like “See your all pending friend requests in facebook“, “Best free folder locker software download“, “Download your facebook photo albums with one click“, “Backup your facebook data“, “Deal with Friend’s lists in facebook“. Be with TechGainer to become a gainer .
Latest posts by Jaber Al Nahian (see all)
- Prevent Certain Sites form Appearing in Google Search Results without any Browser Extension or Plugin - September 2, 2011
- How to Prevent Google From Saving your Search & Web History not to Get Personalized Search Results - September 2, 2011
- Air Playit – Free Audio & Video Streaming App for iPhone, iPad & Android over Wi-Fi, 3G/4G - August 26, 2011