Different websites use different algorithms + user-agents + IPs to detect phishing. If they found similarities to original login pages then they simply block the phishing URL and also report it to host provider. And thus your account suspended.
What if we detect and allow only users with a user-agent?
It displays phishing page to only those who have human user-agents. For example, if a person has this type of user-gent (Mozilla/5.0 (Linux; U; Android 4.3; en-us; SM-N900T Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30) then phishing page will load, Else it will be directed to phishing_info folder. It helps prevent detected by facebook & other crawlers.
- Don't share links frequently. It is considered as spam by bots.
- Share the link only to the victim, not to whole planet.
- Don't use domains that are already restricted or banned(e.g sitename.000webhostapp.com, sitename.htmlpasta.com, etc).
- Use hosting providers that provides valid SSL certificate(https:// not http://).
- Shorten URL before sending link.
- Not just share. Convince the victim in your native language and catch victim by his interests.
Phishing pages never harm anyone nor it benefits script kiddies. Instead, they expose the website's mistakes and give developers a golden opportunity to make websites more secure. What if we use this knowledge secretly? Why we public this knowledge?
We publicized this knowledge to make developers acknowledged of their vulnerabilities + to make new programmers more clever.
Don't use this source code for illegal purposes. But if you do, this will on to you, I will not/never take any responsibility for your crime.
https://github.com/graysuit/grayfish/blob/master/LICENSE