Learlimited.com

bloodyghost

Bug: Learlimited.com IGN: bloodyghost Date of Bug: 12/27/17 Summary of Bug: The site learlimited.com looks to be a direct mirror of meepcraft.com. If I had to guess I'd say this is a phishing site or something else dangerous. Evidence of Bug: Additional information:

lanekids40

yea no kidding. how did you find this?

LordInateur

how did you find this?
~ @lanekids40

^this

kwagscraft

this is really funny

minetifa

been up since august, not sure if it was always a meep clone

SpongeyStar

been up since august, not sure if it was always a meep clone
~ @minetifa

nice sonya

Trexy

This is very strange..

FamousZAmos

I assume it isn't recommended to "log in" or enter any other information on this website?

bloodyghost

how did you find this?
~ @lanekids40

If you google certain Meepcraft posts or users it may show up several results down.

Sonya has a nice little house.

lanekids40

I assume it isn't recommended to "log in" or enter any other information on this website?
~ @FamousZAmos

yea i wouldnt

riri30

Maybe it’s simply a storage website so that if something happens to this one, there’s backup.
Let’s be realistic; who would want to copy and minecraft website.

jrs25872

Maybe it’s simply a storage website so that if something happens to this one, there’s backup.
Let’s be realistic; who would want to copy and minecraft website.
~ @riri30

to phish out passwords

ekjhgekuie

Maybe it’s simply a storage website so that if something happens to this one, there’s backup.
Let’s be realistic; who would want to copy and minecraft website.
~ @riri30

A backup site would not be hosted on the web; hosting (usually) costs money. Backup site would likely be stored offline. Phishing is a possibility.

FamousZAmos

Maybe it’s simply a storage website so that if something happens to this one, there’s backup.
~ @riri30

Wouldn't @LordInateur at least be aware it existed?

SpongeyStar

to phish out passwords
~ @jrs25872

to phish out passwords and use those passwords to create random posts and comments on a minecraft forum page filled with 12-60 year olds yes

ekjhgekuie

to phish out passwords and use those passwords to create random posts and comments on a minecraft forum page filled with 12-60 year olds yes
~ @SpongeyStar

People do other things with the email linked to their forums account. It's not uncommon for people to use the same password across all accounts.

Forums account -> personal email
Personal email -> online banking, etc.

Email is the back door to all accounts. When you forget your password to any site it's likely they will send a reset message over email.

riri30

Personal email -> online banking
~ @ekjhgekuie

Transactions require more than just an email and it’s password - or the American system is messed up as can be.
The only thing they could do is subscribe to shady websites, or for Apple users who always use the same email, log onto their account (and even, I think there are some security questions) without being able to purchase anything (when you log onto another device, you have to re-enter your banking credentials).
So I still believe this is a backup website. Would someone really go through the hassle? And even then, would they phish passwords and email on a minecraft website with less than 700 active members?
Just imagine that you were a phisher, what website would you use?
Let’s be realistic here.

ekjhgekuie

Transactions require more than just an email and it’s password - or the American system is messed up as can be.
The only thing they could do is subscribe to shady websites, or for Apple users who always use the same email, log onto their account (and even, I think there are some security questions) without being able to purchase anything (when you log onto another device, you have to re-enter your banking credentials).
So I still believe this is a backup website. Would someone really go through the hassle? And even then, would they phish passwords and email on a minecraft website with less than 700 active members?
Just imagine that you were a phisher, what website would you use?
Let’s be realistic here.
~ @riri30

Yes, let's be realistic here.
The purpose of a backup (in this case) is to ensure file integrity during and after an unexpected loss or damage of data stored on a web server. If this web server were hacked, the data could be unexpectedly lost or damaged. To prevent the loss of files stored on a web server (on the internet), backed up files are kept offline and not connected to the internet. It's also important to recognize that hosting a website requires you to pay a monthly fee. An offline backup does not.
If this really is a "backup", MeepCraft has failed miserably at their attempt.

What website would you use if you were a phisher?

I would attack a website where diverse groups of people least expect me to be. As illustrated by multiple responses in this thread, nobody ever expected phishing attempts to come in the form of Minecraft forum duplicates.
Bigger website and community correlates positively with user protection and security.

Let me direct the question back to you: what website would you use if you were a phisher?

riri30

Let me direct the question back to you: what website would you use if you were a phisher?
~ @ekjhgekuie

I’m not a phisher, I wouldn’t know, but definitely not a forum which is, for the most part, used by minors who do not possess bank accounts, and I’d be rather focusing on things where users actually need to enter their personal information every time, not just stay logged in, for a maximum of information - Last time I checked, twelve year old have pocket money, not banking information.
I’d also not have a completely different domain name, but rather use a similar name with only a slight difference.
Let’s end this here, this is a bug report; not a debate, and I am not interested enough to go any further. PM if you have any comment please regarding our discussion.

LordInateur

We are looking into this. Thank you for the report.