The creator of Garry’s Mod has spoken.
“There’s been a lot of steam phishing sites being posted on the forums recently. Well it seems a lot, but it’s probably just one or two guys.
I was thinking how we could battle this.
Could we do something? Blocking users from posting links until they’ve been a member for a few days. It’d stop the spamming, but it’d also stop legit users posting links. And there’s nothing stopping them from setting up 10 accounts on Monday and then going on a spamming rampage on Friday. Could block the specific sites, but it’s not hard to make a new one at a different URL. Could make the site follow every link posted and scan it to work out whether it’s pretending to be the steampowered site, but that would take up too much resources. So, no.
Could Valve do something?
They could set up a layered log in system, so you needed to log in once, and it would show you some information specific to you, so you know it’s legit, then log in again properly.. but there’s nothing really stopping a hacker from getting the input and secretly logging in serverside and getting and displaying that info to you. So, no.
It boils down to two solutions I think.
1. Awareness. Make users aware that these are the legit sites, don’t log in to others.
2. Spam. Encourage users to try to log into the phishing sites using a fake, random username and password.. flooding their database with bullshit, making it harder for them to extract actual legittimately fooled accounts.
So I think that’s what we should all start doing. When you see one of these sites, just put a random username and password in and then leave it. Trying to log in more than a few times from the same IP will make it easy for them to detect and prune you from their database.”
Source: Garry’s Blog
What do you guys think about it? Feel free to leave a comment ;)
Leave a Reply