[NF] Web sites

Author: Michael Hawksworth

Posted: 2005-01-26 at 03:31:54

This is just a warning about something I have just come across. You may

know about this but then again you may not.

This relates to a third party organization that I am listed as contact

for on their tags.

Yesterday I received a call from a domain registration company that said

someone was about to register domain names that matched the companies

full name (they use only part of their name in their domain name). The

person who registered the sites is an ex employee who was on a student

training scheme. It is interesting that they had the decency to contact

me and for that I can only say thankyou.

Yesterday afternoon I received an email from ordb.org saying that their

mail server is an open relay. News to me but it has to do with a

default option in groupwise 6.5 (you live and learn). The registering

IP address is an EU ISP who doesn't appear to want to answer questions

as to why they checked our IP address.

Having failed the ordb test (it then adds the IP to the list) their

email got bounced from a couple of services that check for open relays

(including mine!) but other than that no damage and the flag has been

turned off and the relay retested and they are no longer in the relay

database (it never made it to any of the other databases).

Im quite pleased with the workings of ordb except that to test an IP

address with it you run the risk of it getting listed if it fails.

There are some others that don't such as MAPS.

A few other interesting points:

The students name was available from the web site until recently.

One of the reasons I knew about this is that the tags all have me as

contact for technical, billing etc following a problem with them

expiring a few years ago. If they still listed the ISP would we have known?

What this looks like to me is that someone was going to use the relay

for a very slick spam/fraud job using a domain name that would look

legit and only close scrutiny would show that it was someone else

sending the emails. Also because the listing name would appear to be a

member of staff it was likely to be overlooked by anyone checking the

domains. I am now waiting for the new domains to come up so I can get

some details and then its a call to the solicitors.

Why am I saying this? Because if I can nearly get caught then anyone

who is not web specific could (Im no genius but I've working in IT

management and consultancy for over 15 years so I'm no muppet either).

Spend five minutes and check your severs, it may be fine, but then again

it may save you some grief later in the day!

Another happy day in IT!

Regards

©2005 Michael Hawksworth