That's a very good question, that's why I did that, to study how the whole think is working. So far I can see that I can login in this clone, I don't know however is my server received the password ... It might be encrypted by the client ....
I am sure this issue has been studied ... but now that we have the code we can check all that ....
You are viewing a single comment's thread from:
@wisehammer, @artakan:
Phishing?
Since all files are hosted on your end you can simply try to obtain sensitive information such as usernames, passwords etc by creating a fake steemit site. e.g. steemlt.com :-)
@dantheman:
Just so you know, steemlt.com is available for registration.
Just for the fun, I did it
http://steemlt.com:3002/
I just need to clean the port and get some https ... and warn everybody!
That is not why I am doing that ....and there must be a protection mecanism, otherwise we are all doomed ...
No worries @artakan, I'm not saying that you are doing it :-) What I'm saying is that anyone can do it. The only way to protect Steemit users from Phishing is to increase the public awareness e.g. by convincing people to pay attention regarding which site they are using for login to steemit etc :-)
No any more https://steemlt.com ;-) I couldn't resist ...