[WARNING: Scam site]Found a site which is looks just like SF site, and we are also its members??

Kittamaru said:
...this reeks of a database clone.
Click to expand...

Due to you'r chosen career you have much more expertise wit this type issue than the average Joe... so if it is a database clone... what risks (if any) coud that pose to Sciforums members... an what actions (if any) do you thank Sciforums members shoud take???
 
cluelusshusbund said:
what risks (if any) coud that pose to Sciforums members...
Click to expand...
anything that one submits-- i am telling everyone-- they have everything. i am saying this from the little experiments i have done with that site. but oh well, i have nothing on here that will hamper me in anyway.
an what actions (if any) do you thank Sciforums members shoud take???
Click to expand...
(LIM)--it will never matter since EVERYTHING is being transferred to it.
 
krash661 said:
anything that one submits-- i am telling everyone-- they have everything.

...but oh well, i have nothing on here that will hamper me in anyway.
Click to expand...

Nice for you... what about ME an my embrassin PM's that might get posted
Runaway.gif
 
1) Don't use that site.
2) Don't panic.

Based on the evidence at http://www.sarahdream.com/encyclopedia/index.php/Main_Page it LOOKS like nothing much more is going than a reverse caching proxy + rewrite of pages. Notice that the IP given at top of page is not your IP as one would expect from a fully-functional copy, but instead is the IP address of www.sarahdream.com.

Likewise, they don't gzip-compress the web traffic, and are nginx-based as opposed to Apache-based.

Thus there is no evidence that non-public content, including database access, has been accessed.

However... because it is a proxy, there is also no evidence that it is not harvesting your login information if you choose to log in at that site.

Also, there is an ad inserted on the main page, which may try and load malware just by viewing the image, so do not click and do not go to the page.
<br><p align="center"><a href="http://www.anrdoezrs.net/click-8029162-10641872-1440771929000" target="_top"> <img src="http://www.awltovhc.com/image-8029162-10641872-1440771929000" width="120" height="240" alt="AVG Internet Security " border="0"/></a></p><br>

Both URLs are registered by markmonitor.com which is its own registrar (!!) and claims to be anti-phishing -- so it MAY be a bad actor or it MAY be part of a pitch to demonstrated phishing. The serial redirects suggest the former -- the fact that all URLs point to domains registered to ValueClick or https://en.wikipedia.org/wiki/Conversant suggest the latter. No reason it can't be both.

Don't use that site.
 
Last edited:
cluelusshusbund said:
Well... at least i can try an mitigate damages.!!!
To whome it may concern:::

In the PM whare i called someone "creepy"... i was just expressin my true feelins.!!!

HTH <------
Click to expand...
No one cares, dude.

You keep going on about your PM's. No one really cares what you have to say about them in your PM's. Just as I am sure you don't care about what others have to say about you in their PM's. :)
 
Information is so wild and unruly.
Bells said:
No one cares, dude.

You keep going on about your PM's. No one really cares what you have to say about them in your PM's. Just as I am sure you don't care about what others have to say about you in their PM's. :)
Click to expand...

I care. I think it's hilarious. I wanna know what he said about who!
 
cluelusshusbund said:
Due to you'r chosen career you have much more expertise wit this type issue than the average Joe... so if it is a database clone... what risks (if any) coud that pose to Sciforums members... an what actions (if any) do you thank Sciforums members shoud take???
Click to expand...

Hard to say without the ability to really dig into it... I would suggest acting as though they were able to get a full image of Sciforums.com (ergo, change your password here, if you use the same password or username elsewhere, change that password as well). and obviously do not attempt to log into that site.

It is interesting... it is updating every so often, but not in real time (or even every few minutes - my guess is once an hour or so?) - certain bits of info, like the online users, the profile post sidebar, etc suggest exactly what rpenner said - a simple "catch and display" of what is happening here. To what end... well, that is anyone's guess.
 
Kittamaru said:
Hard to say without the ability to really dig into it... I would suggest acting as though they were able to get a full image of Sciforums.com (ergo, change your password here, if you use the same password or username elsewhere, change that password as well). and obviously do not attempt to log into that site.

It is interesting... it is updating every so often, but not in real time (or even every few minutes - my guess is once an hour or so?) - certain bits of info, like the online users, the profile post sidebar, etc suggest exactly what rpenner said - a simple "catch and display" of what is happening here. To what end... well, that is anyone's guess.
Click to expand...

Thanks.!!!
That its prolly a simple "catch and display" is a relief... an at least this issue is a good reminder not to use the same password for other sites... especialy important sites.!!!
 
cluelusshusbund said:
Thanks... i thank we all feel beter after readin Kitts last reply :)
Click to expand...

Just bare in mind - this is all speculation on my part. Plazma Inferno or someone with access to the back-end servers would be the ones best able to make sure nothing more malicious is at play :)

EDIT - Actually... I just thought of something. I have registered a second account here, a throwaway account, to a throwaway email address and a generic password not associated with any of my other accounts.

Going to try and sign in on that spoof site and see if it works - that should tell me if they are somehow able to get account information (it obviously won't tell me if they have been able to get it in the past, but it's the best I got). If that account works over there... well, we'll know we have a problem :)

I'll report my findings tomorrow, probably around 6pm or so (once I'm back from work)
 
Last edited:
Kittamaru said:
EDIT - Actually... I just thought of something. I have registered a second account here, a throwaway account, to a throwaway email address and a generic password not associated with any of my other accounts.

Going to try and sign in on that spoof site and see if it works - that should tell me if they are somehow able to get account information (it obviously won't tell me if they have been able to get it in the past, but it's the best I got). If that account works over there... well, we'll know we have a problem :)
Click to expand...

I consider3d doin that but didnt want any "sock" issues... shoud be interistin.!!!

Edit:::

I went to the other site right after i posted here an my post was thar also.!!!

Ive done this twice... so if its just makin "cache copies" of this site its doin it perty often.!!!
 
Last edited:
cluelusshusbund said:
I consider3d doin that but didnt want any "sock" issues... shoud be interistin.!!!

Edit:::

I went to the other site right after i posted here an my post was thar also.!!!

Ive done this twice... so if its just makin "cache copies" of this site its doin it perty often.!!!
Click to expand...

A simple web-crawler bot can trawl the site and update every few minutes (such as Google's spider-bot)
 
Well... shit... I guess I can't test my theory lol... the registration email for the throwaway account never came...
 
Kittamaru said:
Well... shit... I guess I can't test my theory lol... the registration email for the throwaway account never came...
Click to expand...

Bummer... signin up for an email acount can be hard... an besides... the answr you'r experiment provided might have been scary anyhow.!!!

In the meantime... to the owner of the fake Sci forums:::

If you do have my private information... contact me an i will offer money not to publish my embrassin stuff.!!!
 
Last edited:
You must log in or register to reply here.
Back
Top