Any creative solution to make it harder for hackers to copy your IdP login page?

Wessel, Keith kwessel at
Mon Mar 26 16:05:30 EDT 2018

I had considered this, too, Liam. Not only is referrer not terribly reliable, but there’s nothing stopping the hacker from grabbing the images and CSS when they grab the page course and hosting it, too.


From: users <users-bounces at> On Behalf Of Liam Hoekenga
Sent: Monday, March 26, 2018 2:52 PM
To: Shib Users <users at>
Subject: Re: Any creative solution to make it harder for hackers to copy your IdP login page?

We had played with the idea of replacing all of the images or css files for the login page if the referrer wasn't the login page.. but referrer isn't the most reliable data.

On Mon, Mar 26, 2018 at 2:47 PM, Wessel, Keith <kwessel at<mailto:kwessel at>> wrote:
Hi, all,

We've had a couple recent phishing attempts where hackers have hosted their own stolen copy of our IdP login page in order to trick users into giving them their usernames and passwords. Our move toward MFA is going to make this much more difficult (I'm not naive enough to say impossible), but we're hoping to make it harder for this trick to work in the meantime. Our security folks asked if we could add some javascript that would bring up an impossible-to-close pop-up if the hostname didn't match what it should be. This is, of course, possible but also easy for a hacker to remove.

We already have text at the bottom of our IdP login page stating what the hostname should be in the address bar, but nobody reads that part. Amusingly, the hackers didn't even change that part in their login page knock-offs. But our security folks didn't even notice that text until I pointed it out to them.

I'm wondering if anyone has come up with creative solutions to slow down hackers from doing this kind of thing.

Thanks for any thoughts,

For Consortium Member technical support, see
To unsubscribe from this list send an email to users-unsubscribe at<mailto:users-unsubscribe at>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list