Sign in with
Sign up | Sign in
Your question

Is it Possible to Fake a URL?

Tags:
  • Security
  • Paypal
  • Apps
Last response: in Antivirus / Security / Privacy
Share
December 30, 2010 9:18:34 PM

Hello, all.

Ok, I would like to know this: Is it possible to fake a URL?

For example, some random guy living in his little apartment wants PayPal information, so he sets up a site selling stuff. He then has a link on his site that goes to https://www.paypal.com/<insert random stuff here>, but is really his site where he collects paypal logins and goes on a shopping spree.

Is this possible? If so, is there really any way to tell if a website is legit?

Thanks!

More about : fake url

a b 8 Security
December 30, 2010 9:32:12 PM

A site can be hijacked. But the each site has a unique domain/URL. There won't be 2 www.paypal.com sites.
m
0
l
December 30, 2010 9:50:02 PM

What do you mean by "hijacked"?
m
0
l
Related resources
a b 8 Security
December 30, 2010 11:17:40 PM

For example, if a server that is hosting the website is infected, then information could be at risk, you could get redirected to another malware infected site, or a number of other things.
m
0
l
December 30, 2010 11:36:03 PM

you could also be redirected to a site with a url that looks legit at first glance.

back when i was using myspace, i was once redirected to a login page at rnyspace.com. the "r" and the "n" make it look like a "m".
m
0
l
December 31, 2010 12:52:24 AM

Ah, ok.... so there is no way for them to actually have the same url unless they hijack the server?
m
0
l
December 31, 2010 6:52:59 AM

Is it Possible to Fake a URL? Yes that is only one possibility - If your computer is infected it can redirect any sites even secured sites or if you go to blocklisted sites (sites that are known for malwares) definitely you will run to problems.

That's why microsoft, if your using windows, strongly suggest that we update windows often. Installing an antivirus software is one thing but your computing habits (the way you use your computer) makes a big impact on the way we deter any unwanted intrusion into our computer.
m
0
l
a b 8 Security
December 31, 2010 7:48:39 AM

The most effective way of "forging" a URL is by DNS poisining. In essence the records on a genuine DNS server, or in the cache on a client, are altered to point to another site. (Another possibility is that the DNS setting on the client is changed to point to a fake DNS server.)

So instead of returning "209.85.135.105" when queried for the address of "www.google.co.uk" the server would return "123.123.123.123" (that's just an example, so apologies if it's someone's real address!). The fake address would then run a server pretending to be "www.google.co.uk"; once you've done that the possibilities are endless.
m
0
l
!