Stats page not tracking clicks or opens

This is most likely because your Application Site URL is not properly configured within the Global Settings menu. Ensure you add the HTTP or HTTPS of your Phishing Frenzy server. Ensure your Phishing Frenzy box can resolve the FQDN within the Application Site URL field and save these settings.

The Application Site URL needs to be configured with a FQDN of the Phishing Frenzy server. If an existing campaign is active, you will need to make it inactive then reactivate it. This is because the PHP tags inserted to the top of every phishing website is old and outdated. It contains an inaccurate Application Site URL and therefor you will never generate statistics.

To test if the stats are working properly you can try to manually invoke each event.

In order to manually invoke and simulate the "email opened" event navigate to:


:uid is simply a placeholder for the actual 8 digit UID string that is generated by Phishing Frenzy upon target import. You can look at the targets within campaign settings to find a UID to test with.

If the URL is entered correctly and the UID exists within Phishing Frenzy's target database a 1x1 pixel will be rendered in the web interface. If :uid.png does not exist you will see a generic error message from rails.

To manually invoke and simulate the "email clicked" event navigate to:


for example it should look this when you enter a string for the :uid parameter


Now when you go back to your reports page you should see that email has been opened and clicked because you simulated those event manually.

If you encounter any errors caused by rails, you can debug the details in the rails application log files located in approot/logs/*

Forgot Admin Account Password

So you somehow managed to lock yourself out of the PF interface. No worries, we can simply change the password for the default admin account with a couple commands:

rails console

Once you are in the rails console find the first Admin record and store it in a variable.

> admin = Admin.first

Now that the first Admin account with the database is loaded into the admin variable, lets change the password. Change the "NewPassword!" to any new password you would like.

> admin.password = "NewPassword!"

Now that we have stored the new password within the admin variable, we just need to save the transaction to the database.


If no errors were thrown in this process you should be able to log back into your PF interface with the newly defined password.

PF interface will not load and shows directories

This is most likely caused by Passenger not properly running and handling the rails application. Ensure that you added the following lines in your /etc/apache2/apache.conf. The passenger installation should have stated the exact lines needed so your required syntax may be different.

LoadModule passenger_module /usr/local/rvm/gems/ruby-2.0.0-p247/gems/passenger-4.0.20/buildout/apache2/
PassengerRoot /usr/local/rvm/gems/ruby-2.0.0-p247/gems/passenger-4.0.20
PassengerDefaultRuby /usr/local/rvm/wrappers/ruby-2.0.0-p247/ruby

Error: Incomplete response received from application

Your RAILS_ENV production does not have required set up and likely missing secret_key_base. located within /var/www/phishing-frenzy/config/secrets.yml

Error: rails no such file tmp/cache/assets/*

If you receive an error im the browser such as "rails no such file tmp/cache/assets/*".

# rake tmp:pids:clear
# rake tmp:sessions:clear
# rake tmp:sockets:clear
# rake tmp:cache:clear

534-5.7.14 Gmail Sending Error

If you're having issues sending emails through Gmail it could be due to some security settings configured on the account. Login to your Gmail account through the web interface. Inside your Gmail account go to Settings > Forwarding and POP/IMAP and enable the protocols that you wish to use.

Another option is to Enable access of less secure applications:

Application Site URL on arbitrary port causes Link Clicked and Password Seen To Not Work

Phishing Frenzy stats work best when the Web interface is run on standard web ports such as 80/tcp and 443/tcp.

Ticket Details