Forum:Mirror Of Biostars.Org (Resolved)!!
3
3
Entering edit mode
11.8 years ago

Admin Edit

I will add this here as it is an important matter. The problem has been resolved.

Problem

An unauthorized third party has set the domain name alltheseimages.com to resolve to the same IP number as BioStar. Due to a default setting on the server the Biostar the site allowed to be accessed via a different domain name.

Potential Implications

All traffic submitted via this domain was still handled by BioStar only that it happened under a different domain. No data was at any time transferred to this third party.

The only way to exploit this data by this third party site would be to first make users associate permissions via OpenID then create a new, different site that now also requires OpenID authentication. Only at that time could they access the OpenID information and even at that point only the content of the OpenID token would be visible to them. Notably these OpenID tokens are domain specific and cannot be transferred to another site nor do these allow someone to log you into a different site.

Solution

We believe that only a few users may be affected.

If you have attempted to log in via this third party domain: the symptom would be attempting to log in but the login would not succeed, visit your OpenID provider's token management interface and revoke the token for the alltheseimage.com site.

For example for Google this page is located at https://accounts.google.com/b/0/IssuedAuthSubToken


Original Message Below

Hi, I was searching for a user in google and got him on Biostars But I was not logged in, so I logged in using openID, after authentication, I wasn't signed up. Tried again but all in vain. Then, just looked at the url, it was http://alltheseimages.com/ . What is this, is it a mirror of Biostars or a scam.

http://alltheseimages.com/u/426

I am just worried, as my details might have been passed on to this.

Thanks

biostars • 3.4k views
ADD COMMENT
2
Entering edit mode

Seems it was made by this guy. I'm backing simple mistake.

ADD REPLY
0
Entering edit mode

hope it is just a mistake, however from the security side you should definitely more paranoid (like in my answer). It is extremely suspicious that "after authentication, I wasn't signed up". Given that the owner of the server has full control over what you get to see, they can as well have redirected you to their own fake openID provider page. One might not notice difference, except in the URL (e.g. for Google that would be https://accounts.google.com ) if that was instead something different, I would definitely change credentials immediately (that doesn't hurt anyway).

ADD REPLY
0
Entering edit mode

Yeah Michael, Thanks, I've changed my passphrase, just to be on a safe side. Lets wait and see what the reality of this domain.

ADD REPLY
0
Entering edit mode

It looks like Istvan fixed it so DNS won't point to BioStar IP.

My blog gets a few hits from BioStar regularly and I noticed this address redirecting to my blog: tampa-rb.r12.railsrumble.com. If you search for the address on google, you also get BioStar posts. I think that site perhaps also was pointing to BioStar. Seems like a bigger DNS issue

ADD REPLY
0
Entering edit mode

seems like the same source - the alltheseimages.com site was developed for a railsrumble competition. There is a also a bit of a facepalm experience with the webserver (see main post) - why would the default be to match every domain to the first listener no matter what the domain name is, but if it is listed as the second then strictly match the domain name ... cue Picard MEME

ADD REPLY
1
Entering edit mode
11.8 years ago

Ok that's really strange - it is not a mirror - someone just set the DNS name to resolve to to our IP. Basically what you see is the same BioStar via a different domain name.

Could be malicious or just a mistake somewhere (mistyped IP number. I can also change the settings to not allow it.

I will look into it.

ADD COMMENT
0
Entering edit mode

Yes, Waiting for you give a final call/announcement!!

ADD REPLY
0
Entering edit mode
11.8 years ago

A whois of domain registrar revealed the owner of the domain to be: New Dream Network LLC.

http://www.networksolutions.com/whois/results.jsp?domain=alltheseimages.com

They offer web hosting apparently:

http://dreamhost.com/

http://en.wikipedia.org/wiki/DreamHost

I have no idea why they are mirring BioStar.

edit

I misread. The webhost does not own the domain. A private customer utilizing the webhost owns it.

ADD COMMENT
0
Entering edit mode

According to my fav. tracker, it says

Results of IP Tracking for 198.74.58.207
IP address    198.74.58.207
Hostname    li549-207.members.linode.com
ISP    Linode
Country    United States

which leads to here, http://www.linode.com/

ADD REPLY

Login before adding your answer.

Traffic: 2313 users visited in the last hour
Help About
FAQ
Access RSS
API
Stats

Use of this site constitutes acceptance of our User Agreement and Privacy Policy.

Powered by the version 2.3.6