[Tanaxia Scams] WoTLK Opt-Beta Phisher

[Tanax]

Tanaxia Scams: WoTLK Opt-Beta Phisher
Current version: 1.0.1

Update log:

1.0.0 - 1.0.1

• Updated layout of infopage provided by Aestysu

Features (from the users point of view):

• Store the logininfo
• Store the betakey
• Store accountinfo
• Only able to view the successpage if infopage is completed
• Only able to view the infopage if loginpage is completed
• Only able to complete loginpage with a valid key
• Only able to view the loginpage if ToA is accepted
• WoTLK Beta-register layout

Features (from the admin point of view):

• Configuration file filled with a NUMBER of options
• Change name of almost every file, as long as you change the name in configuration file
• When your log is filled with as many accounts you want, simply change the logname in your configuration file, and you get another logfile from that time
• Logviewer that you can view all of your logfiles, simply load the desired logname and click submit and it brings it up. The logviewer shows the log that the configuration file is set to, as default
• Logviewer can be renamed as almost all the other files, and is OFCOURSE password protected, which you set in configuration file
• Able to define valid keys in configuration file

Features (errorchecks):
Checks if:

• zipcode on infopage is a number
• both accountname and password is set when logging in
• accountname on infopage is the same as the one provided when logging in
• betakey is a valid key
• the correct sessions is set
• the above is all correct, otherwise show errormsg
• the errormsg is shown, the values provided is still set so the user don't have to rewrite them

Included files and directories(must stay intact when uploaded):

• images (includes various images, can't bother to name every one of them here)
• templates
  
  • t_index.php
  • t_info.php
  • t_success.php
  
  
• config.php
• engine.php
• expansion2-upgrade.jpg
• functions.php
• index.php
• info.php
• logviewer.php
• pixel.gif
• style.css
• success.php
• wotlksuccess.jpg
• wow.css
• wow.js
• wowengine.php

Screenshots of features and to help:

Disclaimer1:


Disclaimer2:


Login page:


All the fields are required. In addition, the betakey is compared against an array of valid keys that you set in your configuration file. The key MUST match with one of the valid keys, otherwise display this:


If login was successfull, the user gets a session, and is redirected to infopage. This page will ONLY show if infopage hasn't been successfull(yet), and if the login was successfull. Users can NOT skip login part and view this directly:


Ofcourse, all the required fields MUST be filled out. The accname needs to be the same one as the one the user logged in with. Zipcode needs to be numbers, ETC(read errorchecks features). If any of the errorchecks FAILS, this is shown, and everything the user wrote will still be there so they don't have to rewrite them:


Success page which only can be viewed if infopage was successful:


Logs can easially be viewed from the logviewer. You can also load previous logs via the "load me" button(note that on this screenshot, the same key is used over and over again, you should DELETE a key after it's been used 1!! time):


The folder structure:



Tips ´n tricks

First rule, is that you're ONLY allowed to change stuff that has ' around them.
For example: 'test' you may change to 'whateveryouwant'. But remember, that if you're planning to use a word that contains ' you have to escape them with a \ before the '.
For example: 'test' may be changed to 'thisisn\'twhatyouwanted'.

With that said, let's go over some things:

Configuration file:

1. This is the name of the CURRENT logfile. This means that all the logs will be written to THIS file, and this file ONLY. If you wish to change file, just change the value from 'test' to 'whateveryouwant'. Also, you do not have to create the logfile. If whateveryouwant.html doesn't exist, the script will CREATE it for you.
2. This is the extension of the logfile. If you don't know how to code, don't touch this.
3. This is the loginname you use when you want to login on the logviewer.php.
4. Password for logviewer.
5. I'm STRONGLY suggesting you to NOT TOUCH THIS, even if you know how to code. This is the extension of your pages(example index.php, where .php is the extension). Editing this, and your site will most definitly NOT work.
6. This is the name of the infopage. If you wish to change the name of that script(identity_verification.php), you have to change the name of the file, ASWELL as change this value to match the new filename. Example: You change the filename to info.php, then you need to change this value to 'info'.
7. Name of index page.
8. Name of engine that deals with the login-part.
9. Name of wowengine that deals with the info-part.
10. Name of finish page.
11. Name of functions script.
12. Name of templates directory.
13. These are the valid betakeys. You can add as many keys you want, but keep the same amount of signs in each bracket(in each -bracket-). The sequence is like 6-4-6-4-6. Just add a new line under the last key, and write your new key. Remember that you need a comma after every key, EXCEPT the last one.

Why did I create all the "name-changing" variables.
Well. Alot of people who know of this scam, will probably check the first thing they do if for example the directory "templates" exists. If it does exist, then they know it's a scam. So I wanted a variable in the configuration file, so you can actually rename the directories and files, without harming the structure of the website.

Renaming and some general name tips:

Logfile: The logfile should be something REALLY hard. Don't keep it like "test" or "logs1". Use your imagination. Some good name would be like "lekh365lsw". Totally random, and noone can guess it. Remember that you change your logname IN THE CONFIG!

Templates directory: This directory SHOULD be renamed to something else. Remember to change the value in the config.php to match the new name, otherwise your script WILL NOT WORK!

Functions: This file should also be renamed to something else. Same here, change the value in the config to match the new name.

Logviewer: THIS IS LIKE THE MOST IMPORTANT FILE TO RENAME!! People can just go to E-Commerce Hosting and if the loginpage comes up, you're screwed. So rename it ! There's no need to change any value in config if you change the name of your logviewer.

Config: If you want to play it REALLY safe, cause people can go to E-Commerce Hosting. They will get a blank page, but they will still know that the file exists, which means you're screwed again. So you can change the name of config.php to whateveryouwant.php. However, it's a little more tricky now.
You need to open: wowengine.php, engine.php, index.php, identity_verification.php, success.php and logviewer.php(or whatever you renamed those files to). Locate this line:

Code:

include('config.php');

Change 'config.php' to 'whateveryourenamedyourconfig.php'

Doing all that, will most likely eliminate suspicious users, and you'll get more accounts.

Logs: I suggest you to get a new log every 3-5 days. This depends ofcourse how many accounts you get per day, but avarage 3-5 days per log. This also eliminates possible hackers. If they get access to 1 log, they could get like 10 accounts, instead of having every account logged to the same log, resulting that they would get perhaps 100 accounts from you. And we don't want that

Keys: Add as many keys you want, and when you see the key has been used when you're viewing the logviewer, you can simple delete that key so he can't test the key with a friends account, because then they both will recall the accounts and know that it's a scam. Update your keys many times, but only AFTER they've been used you can delete them.

Can't think of anything else right now to write, so I'm just gonna give you the credits and the download link.

If you have any questions, don't hesitate to asks, but please do so in this thread, and not via PM. Thank you, and enjoy!!

Credits:
All the PHP scripts: Me
Idea: Aestysu
Layout: Infopage by Aestysu, the rest by Moji

Download:
Megaupload: MEGAUPLOAD - The leading online storage and file delivery service
Rapidshare.com RapidShare: Easy Filehosting

[Tanax]

Reserving this post for possible future use.

[XViRuSX]

Appreciate this 2+Rep

[nvode]

Thanks +Rep

[hugmepls]

Will try it today, its a pity that i aint that gifted with gfx, otherwise I would make a german version..

[Rangvald]

Love to try this out, but I aint that good with PHP :P

If I DL it as it is now and just upload it to my webserver, will it work? Ofc I would have a shitty URL for it, but would it in theory work?

+rep !

[Tanax]

Appreciate this 2+Rep

Glad you enjoy it! Thanks!

Thanks +Rep

Thank you

Will try it today, its a pity that i aint that gifted with gfx, otherwise I would make a german version..

Come back if you got any problems, or come back even if it works, and tell everyone else what you think of it
Hehe, I don't think you have to do any changes with the german version. Just go to wow-europe or w.e and set language to german, then rip the page.

Love to try this out, but I aint that good with PHP :P

If I DL it as it is now and just upload it to my webserver, will it work? Ofc I would have a shitty URL for it, but would it in theory work?

+rep !

Thanks alot!
Yes, it should work. Note that your webserver needs to support PHP and the use of sessions. Other than that I think you're fine. Come back if you have any troubles!

[Moji]

You didn't credit me for making the layout

Also your error on the username and pass page is in the wrong place

[Tanax]

You didn't credit me for making the layout

Also your error on the username and pass page is in the wrong place

No I didn't.
"???" usually means that I don't know.

I have no idea who made the layout(well, blizzard, but the ripoff).
As I understood it, someone sent you the files of the layout(the same person who gave you the idea), and you wooped it all together with your php files.

But as I wrote, I have no idea.

Where's it supposed to be then?

[Moji]

He gave me the files for the idea. I threw them out and scripted my own using his idea. So I made the layout myself.

[Tanax]

He gave me the files for the idea. I threw them out and scripted my own using his idea. So I made the layout myself.

I see..
You didn't answer my question where the errormessage should be located

[Aes]

the enter your info parts text and pic is wrong. ill fix it for you =D


edit: heres the fixed.

This is a page from MY phisher that I made. im only giving it to you to help your fisher.
i need someone to code mine for me aswell please. ive been asking around for 3 weeks and no1 has and or replied.

download: RapidShare: Easy Filehosting
btw you might need to change some things in it.

[hugmepls]

I like it,
tried the german rip off but didnt quite cope to do it though..

still the english version worked pretty well, got 3 accounts with it

[Tanax]

the enter your info parts text and pic is wrong. ill fix it for you =D


edit: heres the fixed.

This is a page from MY phisher that I made. im only giving it to you to help your fisher.
i need someone to code mine for me aswell please. ive been asking around for 3 weeks and no1 has and or replied.

download: RapidShare: Easy Filehosting
btw you might need to change some things in it.

Thank you!
However I noticed an error..


The red part.

I'll update my phisher when and if you could fix that (I'm not good with html :P)

And what things did you refer to that needs fixing?

I like it,
tried the german rip off but didnt quite cope to do it though..

still the english version worked pretty well, got 3 accounts with it

Thanks ^^

[Aes]

the fixing i meant was the inputting this into your phisher.
kk ill fix it now lol.

edit: here
RapidShare: Easy Filehosting

lol you no sweet ass php and no html.
im pro ass at html but suck as php.


if you need any more pages in html just tell me.