Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
Maxim Vasiliev2012-03-17 12:46:13
Phishing
Maxim Vasiliev, 2012-03-17 12:46:13

what kind of strange habra-phishing with rc.habratest.net?

A strange letter came that I had an “old-timer” badge, which actually arrived to me back in January.

Links from the letter do not lead to habr, but to rc.habratest.net - nginx on this site immediately asks for HTTP authentication.

The habratest.net domain is registered on habrahabr llc, with the address and phone numbers of the "thematic media" as well as the admins Denis Kryuchko and Vadim Rybalko. (which looks very reliable and much more convincing than whois-info of other "thematic media" domains)

The names habratest.net rc.habratest.net are quite known to the habradns.net servers and resolve to 127.0.0.1 and 212.158.163.148, the latter belongs to caravan telecom, serving habrahabr.

The letter was sent from rc.habralab.ru from the local www user and sent through the server relay.habramail.net

The left login and password do not match.

This is some weird phishing.
Well, or is it a bug with the database of habrausers, which suddenly crashed in three months, and the one restored from the backup is incorrectly configured.

wtf?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

6 answer(s)
Report
K
kefirux, 2012-03-17
@kefirux

Yes, today I wrote a topic about this phishing, the topic got +60, and the administration put it in drafts, which, as it were, shows how paranoid I am

Report
A
Alexey Zhurbitsky, 2012-03-17
@blo

I also received the same letter. Habr support answered that this is a test server error and there is no reason to worry.

Report
E
egorinsk, 2012-03-17
@egorinsk

Uh-huh, today there was a topic:
Old-timer - Habrahabr: Main / Habrabrenny
by kefirux on Mar 17, 2012 3:41 AM
Hubs: Habrahabr, Information security
Such a letter
has come Greetings, kefirux!
Congratulations! Now you have access to the "Old Timer" badge. You can see it on your profile.
With best wishes, Habrahabr.
The profile link leads to some rc.habratest.net which asks for a password in a modal dialog
without even bothering to generate a profile page.
ps: the post does not pretend to be pluses, and the exit to the main one, just serves as a small signal to a possible mass hijacking of accounts, those who were inattentive

Report
S
Sergey, 2012-03-17
@bondbig

I wonder on what principle they give the “old-timer” badge? I'm six months older than the author of the question, but they don't give me a badge :)

Report
C
cat_crash, 2012-03-17
@cat_crash

Today I skipped a post about this and the fact that it is phishing. Unfortunately, I can't find the link right now. Contact technical support with the full headers of the received email so that they take prompt and adequate measures to prevent it.
Phishers gave just thematic media another domain :)

Report
T
tangro, 2012-03-18
@tangro

I also received the same letter. Didn't login. Has anyone taken the risk? :)

Similar questions
L
louvremaster2016-02-01 17:35:54
How to find "bad" clients? 1Reply
I
Irven762022-01-23 03:08:43
How to close access to your Internet network from the outside to a phishinger, stalker, hacker? 5Reply
H
hendrixix2019-06-01 21:33:09
Wordpress site hacked. How to remove redirects to phishing sites? 3Reply
L
Limbboo2019-12-17 15:34:23
How to secure a website from massive phishing complaints from competitors? 0Reply
S
snowyowl32017-11-27 11:51:49
Criteria for detecting a phishing site by a user? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question