GM Phishing

PirahSet · June 9, 2022, 7:21pm

A bunch of guys have lately been stealing players’ passwords in gms, through websites promising bytes. I assume they’re using the accounts they steal to advertise them further in gms, as some of the player gming had pretty high lvls (One even had lvl 161).

The websites are not using .com domains and instead are going for cheaper, and even free options, as I predicted a long time ago.

(Ik this info isn’t really useful, but I wanna share it cuz I feel cool from predicting that)

Now onto the suggestion. Block the entire list of TLDs. Also parse every gm to remove spaces before checking (To prevent “. com” from passing). This could be a temporary, or a permanent measure, I’m voting for permanent. If I’m right about them using the stolen accounts to gm, then lots of accounts have already been stolen, action needs to be taken immediately.

Here’s a pic I took of the website.

PlN · June 9, 2022, 7:24pm

Plot Twist: You made this website…

Ondrashek06 · June 9, 2022, 7:27pm

This actually made me laugh out loud. Literally just outright asking for the password without any sort of a facade…

PirahSet · June 9, 2022, 7:28pm

1c3

Ondrashek06 · June 9, 2022, 7:30pm

Also the “legal / privacy policy / manage consent / do not sell my data” buttons are not even working…

PirahSet · June 9, 2022, 7:30pm

Yes, they don’t, you checked the website out too?

Ondrashek06 · June 9, 2022, 7:32pm

Yep, I did. The link to the website is in the screenshot, btw.

PirahSet · June 9, 2022, 7:32pm

Oh, I thought it said “Pixelworlds”.

Ondrashek06 · June 9, 2022, 7:37pm

Also filters are like a cat-and-mouse game, there are so many methods to bypass them and when one is patched, another emerges.

It could be simple “. com” using spaces, but also…

.c0m
.(0|/|
./c/o/m
.corn
scamwebsite[.]com

And now do that for hundreds of TLDs. After the “big TLD bang”, it’s even harder because stupid TLDs like “.pizza” or “.club” were also added.

PirahSet · June 9, 2022, 7:39pm

.tk domains are notorious for being taken away when the site’s traffic gets high, and redirected to some questionable websites, so don’t be surprised when that domain starts leading you to the darkest places of the internet…

PirahSet · June 9, 2022, 7:42pm

Yes but the filter is going to decrease the traffic, as less people will realize that ./c/o/m is actually .com.

Especially people that are dumb enough to buy that scam, which is the target audience of the filter.

mrdeath · June 9, 2022, 8:23pm

People trying to break the rule getting scammed by veteran rule breakers.
Newbies dont stand a chance to the big shots here
Its a war

Gargoyle · June 9, 2022, 8:39pm

This would probably lead to massive overblocking, as there are many TLDs that are just regular words. Having multiple sentences in one message then makes it very likely something will get censored wrongfully.

La-Unalise · June 9, 2022, 8:46pm

Seems normal, nothing wrong with it if it’s not advertised, it’s not found.

Bluvox · June 9, 2022, 9:06pm

PirahSet · June 9, 2022, 9:22pm

?

It is advertised, I said that multiple times.

PirahSet · June 9, 2022, 9:24pm

Then just do that with every free domain at least.

Something needs to be done, those aren’t just noob accounts, they are people who probably played for years already.

They could also just completely remove punctuation for now, can’t type any links that way.

Edit: Just checked, they do it for every free domain already. Just need to parse the spaces off and probably check for a space after the TLD, to ensure it isn’t just a part of a word.

PlN · June 9, 2022, 11:11pm

Of course black is the one in the middle…

PirahSet · June 10, 2022, 9:01am

Another one bites the dust

20220610_095944
20220610_100014

R0T0R · June 10, 2022, 9:20am

moderators need tool prevent publish global messages and have autoban feature on those.