That’s not an issue if the bad guys have cloned the site but are operating it at a different web address (URL) than the real thing (which they are)… and they’d have to hack SDMB’s domain registration to redirect the real SDMB URL to their website for that to happen.*
It’s like if someone constructs a fake bank looking to copy everyone’s safe deposit box key patterns… if it’s not at the address of the real bank, I don’t know how anyone would wind up at the fake bank. Unless they’re dim enough to come upon a copy of their bank in the middle of a cornfield and go “Derp, hey, look, it’s my bank; I think I’ll check my safe deposit box!”
*There are variations on the theme: they could register look-alike addresses that capitalize on common typos and have them redirect to the fake website, but I don’t know if there’s any evidence of that.
I did think of another way the phishers could expect to attract logins: manipulate Google to put their website at the top for SDMB-related searches. Which, going back to the bank analogy, would be like if people routinely ask a stranger for directions to get to their bank, and the bad guys co-opt the “ask a stranger for directions” process to get the strangers to give directions to the fake bank.
Not going to happen. It only looks like an SD site, it doesn’t have any access to the SD database and your autologin info will not recognize the site as the real thing.
It’s like somebody printed out a photo of George Clooney and made a paper mask, then walked around pretending to be George Clooney. The face looks right, but you know something’s wrong when his body is 500 lbs.
This could coincide with finding email address for Dopers and sending them a phishing email that says “Your account has been compromised! Please log in here (fake website url) to change your password immediately!”
Most people won’t fall for it, but a small percentage might.
According to the first link in post #6, the actual servers are in China and the same email behind remortgagebestdeals has been behind a scrape of Bioware and a scrape of Gamespot. The search Duckster ran returned several more websites associated with that email. Seems to me that all this lends credence to the idea that someone’s been deliberately going around making sites for scrapers.
Not at all. That only lends credence to the idea that the same one customer registered several domains, maybe with big plans for the future, but left them all sitting dormant with the same unpatched vulnerabilities just waiting to be hacked.
The first link you provided discusses something similar that happened to another forum, and the cloned version of that forum is hosted at 108.162.198.245, a different webserver also hosted by CloudFlare in San Franciso. Someone in that thread says they did some investigating and the server is in China, but they offer no basis for that incorrect conclusion. It could be that if one dissects the source code of the cloned pages there are some links that send data to china if someone tries to log in or something like that, but at a glance I don’t see anything like that. Either way the pages are hosted from San Francisco and the person who can shut them down works at CloudFlare.
The two domain names that point to those two servers happen to be registered by the same customer. That doesn’t make it any more likely that they are aware their sites were hacked in order to host phishing scams.
The second link provided is a discussion on another forum about a clone that is hosted at 77.95.228.234 which is owned by Ghesi in the Netherlands. The domain that points to that IP address is registered by someone other than the person above.
Across the internet there are thousands of these and in no case will you ever find identifying information about the hackers by doing a “whois” on the domain name. Posting the registrants info here only serves to invite possible emails and calls to them for years into the future, long after their site is shut down or repaired.
I had no clue such things existed :eek:
When I opened the thread, I assumed it would be refering to a site posting the column’s content, for instance, and adding a lot of ads. Not a all a copy of the message board.
FYI only: GD at least was scraped less than 10 minutes ago, so their bots are still whirring. I was able to access a post of mine written that long ago (without logging in of course).
I don’t remember*, but I don’t think I use my Dope password for anything else. Hah!
*I have a cookie, Chrome is saving the password, and I use KeePass
Yeah, I double up on a couple of sites I rarely use or where no one can use my account for their own benefit (like, the utility company) but everything important or where someone logging in as me can affect my finances or reputation has a unique password (and in one case, username).
I’m not kidding. I think you’re drawing an incorrect conclusion.
The idea that someone registered bunches of domains with big ideas about making millions in advertising or remortgaging or whatever and then didn’t, so left the sites unpatched and vulnerable, only makes it all the more likely they were hacked by whoever is actually scraping the site.
Don’t you think if they registered domains with the intent of scraping the SDMB and stealing passwords they might choose something more like “straighdope.com” instead of “remortgagebestdeals.com”?
There are 2 scraped sites that we know of linked to that person’s domains, and about 2 million linked to other people’s domains. The odds are strongly supportive of the notion that you’re not on to something here with this pattern of 2 that you have detected.
