Phishfighthing developer responds

Last week, I blogged on a new site,  Phishfighting.com .  There was some concerned reaction from readers, as can be seen here.

Some of the comments:

“Uhm… no, sorry. This is a terrible service. This site does no checking whatsoever on the supposed “phishing source”. One could easily turn this into a denial of service against legitimate sites. A terrible idea, if you ask me.”

“That is the coolest thing I have seen all day. Brilliant idea! Some phishers are getting it right now.”

“Now if he had more servers/IP’s to do this from it would keep them from banning his IP address. Right now I know of several sites that are up, but don’t come up on his site. They must be banning his IP/domain

It is a great idea, but I do see the ramifications that could come out of it, Like a DOS attack against legit. BTW, he does do some checking, type in the real eBay sign-in address.”

Robin, the developer of the site, responds:

1. “Dos attack”: A DOS attack is by definition a denial of service attack. By adding a 20 second interval between entries, the site is specifically designed NOT to create a DOS attack, which is illegal. Three entries a minute (180/hr) is nowhere near enough entries to take down a website.

2. “Phishers blocking my IP”: The entries are actually coming from the browser, so the Phishers would need to block the users IP, not the servers. And if blocking IP’s creates more work for the Phishers then Cool.

3. “Attacking Legitimate sites”: As Eddie pointed out, I am blocking on the most common legitimate sites. Paypal, Ebay etc. I’m logging and watching the entries. As I find submissions against real sites, I’m adding them to the blocked list.

I have no illusions that this will solve the Phishing problem. But is sure does feel good to fight back and, as one user put it, add the Phishers needles to a haystack.

Please contact me at Support@PhishFighting.com if you have questions, tips, suggestions, or just to tell me I’m an idiot. :^)”