Author: Michael Hawksworth
Posted: 2005-01-26 at 03:31:54
This is just a warning about something I have just come across. You may
know about this but then again you may not.
This relates to a third party organization that I am listed as contact
for on their tags.
Yesterday I received a call from a domain registration company that said
someone was about to register domain names that matched the companies
full name (they use only part of their name in their domain name). The
person who registered the sites is an ex employee who was on a student
training scheme. It is interesting that they had the decency to contact
me and for that I can only say thankyou.
Yesterday afternoon I received an email from ordb.org saying that their
mail server is an open relay. News to me but it has to do with a
default option in groupwise 6.5 (you live and learn). The registering
IP address is an EU ISP who doesn't appear to want to answer questions
as to why they checked our IP address.
Having failed the ordb test (it then adds the IP to the list) their
email got bounced from a couple of services that check for open relays
(including mine!) but other than that no damage and the flag has been
turned off and the relay retested and they are no longer in the relay
database (it never made it to any of the other databases).
Im quite pleased with the workings of ordb except that to test an IP
address with it you run the risk of it getting listed if it fails.
There are some others that don't such as MAPS.
A few other interesting points:
The students name was available from the web site until recently.
One of the reasons I knew about this is that the tags all have me as
contact for technical, billing etc following a problem with them
expiring a few years ago. If they still listed the ISP would we have known?
What this looks like to me is that someone was going to use the relay
for a very slick spam/fraud job using a domain name that would look
legit and only close scrutiny would show that it was someone else
sending the emails. Also because the listing name would appear to be a
member of staff it was likely to be overlooked by anyone checking the
domains. I am now waiting for the new domains to come up so I can get
some details and then its a call to the solicitors.
Why am I saying this? Because if I can nearly get caught then anyone
who is not web specific could (Im no genius but I've working in IT
management and consultancy for over 15 years so I'm no muppet either).
Spend five minutes and check your severs, it may be fine, but then again
it may save you some grief later in the day!
Another happy day in IT!
Regards