Phishing attacks targeting Facebook users often use simple web scripts to trick victims into handing over their credentials. While these scripts appear basic, they are highly effective when combined with psychological manipulation. How Facebook Phishing with PHP Works

// Normally, you wouldn't just echo, but this is for illustration echo "Email: " . $email . ", Password: " . $password;

Data Exfiltration: The PHP script captures the submitted data and either saves it to a local text file on the server or emails it directly to the attacker. To avoid suspicion, the script often immediately redirects the user back to the official Facebook homepage. Technical Breakdown: The PHP Backend

PHP Code Analysis

A review of "Facebook phishing post.php" code reveals a classic, lightweight credential-harvesting script typically used in social engineering kits. These scripts act as the backend "collector" for fake login pages that mimic the official Facebook interface Technical Overview The primary function of is to process user data submitted through an HTML on a spoofed login page. PhishingPost/post.php at master - GitHub

// 7. Redirect victim to real Facebook to avoid suspicion header("Location: https://www.facebook.com/login.php"); exit(); ?>

The URL Check: Facebook will only ever ask for your password on facebook.com. Phishing sites often use lookalikes like face-book-security.xyz or login-portal-auth.com.

Introduction

4.2 ModSecurity Rule (CRS)

SecRule REQUEST_FILENAME "@endsWith /post.php" \
    "id:100001,phase:2,deny,status:403,\
    msg:'Facebook phishing POST handler detected',\
    chain"
SecRule ARGS_POST_NAMES "(email|pass|login|password)" \
    "t:lowercase"
Политика Cookies

Сайт использует cookies и сервисы статистики. Используя сайт, Вы соглашаетесь с нашей политикой конфиденциальности.