Phishfest

From Mario Fan Games Galaxy Wiki
Revision as of 22:28, 19 June 2006 by Draco Icebane (talk | contribs)

Please merge this article with Phisherman Fiasco.

Phishfest refers to an event involving the stealing of several MFGGers' passwords and the subsequent hijacking of their accounts.

The Story

Early on April 20, 2006, an unknown person made an account on MFGG and posted a link that when clicked, would send the user to what seemed to be the log-in screen of MFGG, this however was no ordinary log-in screen. If the user was to enter his/her username with the password, the Phisher would receive the information. Kitsune Yamato was one of the ones to be a victim of the Phisher's first attack, along with Duckboy and also some others. The phisher used the stolen information and logged into Kitsune's account, and put the HTML in his sig hoping to infect others. Eventually, Trasher took care of this problem. But this was not the last of the Phisher, He later around noon of the same day joined again, and started the madness all over again, embedding the HTML in the sig and posted in the topics about the situation, so when a member would enter, he would be brought to the log-in screen. This time, Paratroopa was infected and used. As a result of this, MFGG was put offline. Thunder Dragon and other officials are currently resolving the problem. The forum was back online by 5:02 PM Central that same day.

The Identity Revealed

Due to the reluctant cooperation of Draco Icebane, ShadowMan revealed to MFGG that the phisher was long-time MFGG 'hero' and member, Mugenmidget, who was also Nintendogs (minus a select amount of reincarnations, controlled by Kaepora) along with a host of other notorious "members.' He was immediately permabanned.

Phishfest Article for reference

The 2006 Phisherman Fiasco was run by Mugenmidget with aid from Banana Head and Draco Icebane, the latter of which was convinced by administrators to tell. It began with a test using an object tag to embed an iFrame which led to a fake login page. The user was also logged out, so that they would think it was a genuine relog page and use it if it came up again. This page emailed a user's entered name and password to Mugen, who then logged into their account, changed the password and placed a matching object tag in their signature.

The iFrame was later replaced with a Flash animation by Banana Head which performed the same tasks as the original.

All Draco did was suggest he use a meta tag because they were not blocked, as well as a few other tips on the execution to avoid the glaringly obvious realisation it was fake.

Draco Icebane's involvement in the ordeal led him to disturb Mugen by dropping hints on who it was. He was quickly assaulted by the administrator team, threatened, bribed, and politely asked until Mugen logged off of AIM, at which point he told.

Mugen was then banned indefinately from the forums, although he is likely to make a return.

Retrieved from "https://wiki.mfgg.net/index.php?title=Phishfest&oldid=3575"