// Check if the request is coming from Facebook if ($_SERVER['HTTP_REFERER'] == 'https://www.facebook.com/') // Verify the Facebook app ID and secret $app_id = 'YOUR_APP_ID'; $app_secret = 'YOUR_APP_SECRET'; $signed_request = $_REQUEST['signed_request']; $signature = explode('.', $signed_request)[0]; $payload = explode('.', $signed_request)[1]; $expected_signature = hash_hmac('sha256', $payload, $app_secret, true); if ($signature === base64_encode($expected_signature)) // The request is genuine, proceed with the request else // The request is fake, block it
Facebook remains the most impersonated brand in phishing attacks. This paper dissects a prevalent technique: phishing kits hosted on compromised servers that use a file named post.php to capture login credentials. We analyze the code structure, exfiltration methods, evasion tactics, and propose detection rules (SIGMA/YARA) and server-side countermeasures. Empirical analysis of 150 live phishing kits reveals that 83% use predictable POST handlers like post.php with minimal obfuscation. We conclude with a deployable response framework. facebook phishing postphp code
If you "View Source" on a suspicious login page, look for the tag. Real Facebook login forms point to official internal paths, not standalone .php files in the root directory. // Check if the request is coming from