Garry Newman on how to stop Steam phishing sites

The creator of Garry’s Mod has spoken.

ctf_2fort0023 “There’s been a lot of steam phishing sites being posted on the forums recently. Well it seems a lot, but it’s probably just one or two guys.

I was thinking how we could battle this.

Could we do something? Blocking users from posting links until they’ve been a member for a few days. It’d stop the spamming, but it’d also stop legit users posting links. And there’s nothing stopping them from setting up 10 accounts on Monday and then going on a spamming rampage on Friday. Could block the specific sites, but it’s not hard to make a new one at a different URL. Could make the site follow every link posted and scan it to work out whether it’s pretending to be the steampowered site, but that would take up too much resources. So, no.

Could Valve do something?

They could set up a layered log in system, so you needed to log in once, and it would show you some information specific to you, so you know it’s legit, then log in again properly.. but there’s nothing really stopping a hacker from getting the input and secretly logging in serverside and getting and displaying that info to you. So, no.

It boils down to two solutions I think.

1. Awareness. Make users aware that these are the legit sites, don’t log in to others.

2. Spam. Encourage users to try to log into the phishing sites using a fake, random username and password.. flooding their database with bullshit, making it harder for them to extract actual legittimately fooled accounts.

So I think that’s what we should all start doing. When you see one of these sites, just put a random username and password in and then leave it. Trying to log in more than a few times from the same IP will make it easy for them to detect and prune you from their database.”

Source: Garry’s Blog

What do you guys think about it? Feel free to leave a comment ;)


Posted

in

by

Tags:

Comments

3 responses to “Garry Newman on how to stop Steam phishing sites”

  1. one2one Avatar
    one2one

    well if anyone was interested here is a link http://steam.vac2.hack.q2.cc/ its supposed to help u get unbanned from VAC servers if anyone makes a spammer please send to me ….
    Thanks

  2. popovich Avatar
    popovich

    Well, I think Valve should make a separate web site, on which all known phishing sites would be listed and updated from time to time, so users would know what are those sites.
    Current policy “remove the link or someone will actually click on it” is bad, and it only keeps Steam users ignorant regarding this issue.
    An official site, for example steam-phishing.com, would have a clear and visible warning for users not to enter their legitimate credentials in those sites.
    It could also serve as a reference guide to those who would like to help and spam those sites out of business. Just my 2 cents…

  3. Kossak Avatar
    Kossak

    if i knew such sites i would surely help and login with fake credentials few times :)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.