Admin Edit
I will add this here as it is an important matter. The problem has been resolved.
Problem
An unauthorized third party has set the domain name alltheseimages.com to resolve to the same IP number as BioStar. Due to a default setting on the server the Biostar the site allowed to be accessed via a different domain name.
Potential Implications
All traffic submitted via this domain was still handled by BioStar only that it happened under a different domain. No data was at any time transferred to this third party.
The only way to exploit this data by this third party site would be to first make users associate permissions via OpenID then create a new, different site that now also requires OpenID authentication. Only at that time could they access the OpenID information and even at that point only the content of the OpenID token would be visible to them. Notably these OpenID tokens are domain specific and cannot be transferred to another site nor do these allow someone to log you into a different site.
Solution
We believe that only a few users may be affected.
If you have attempted to log in via this third party domain: the symptom would be attempting to log in but the login would not succeed, visit your OpenID provider's token management interface and revoke the token for the alltheseimage.com site.
For example for Google this page is located at https://accounts.google.com/b/0/IssuedAuthSubToken
Original Message Below
Hi, I was searching for a user in google and got him on Biostars But I was not logged in, so I logged in using openID, after authentication, I wasn't signed up. Tried again but all in vain. Then, just looked at the url, it was http://alltheseimages.com/ . What is this, is it a mirror of Biostars or a scam.
http://alltheseimages.com/u/426
I am just worried, as my details might have been passed on to this.
Thanks
Seems it was made by this guy. I'm backing simple mistake.
hope it is just a mistake, however from the security side you should definitely more paranoid (like in my answer). It is extremely suspicious that "after authentication, I wasn't signed up". Given that the owner of the server has full control over what you get to see, they can as well have redirected you to their own fake openID provider page. One might not notice difference, except in the URL (e.g. for Google that would be https://accounts.google.com ) if that was instead something different, I would definitely change credentials immediately (that doesn't hurt anyway).
Yeah Michael, Thanks, I've changed my passphrase, just to be on a safe side. Lets wait and see what the reality of this domain.
It looks like Istvan fixed it so DNS won't point to BioStar IP.
My blog gets a few hits from BioStar regularly and I noticed this address redirecting to my blog: tampa-rb.r12.railsrumble.com. If you search for the address on google, you also get BioStar posts. I think that site perhaps also was pointing to BioStar. Seems like a bigger DNS issue
seems like the same source - the alltheseimages.com site was developed for a railsrumble competition. There is a also a bit of a facepalm experience with the webserver (see main post) - why would the default be to match every domain to the first listener no matter what the domain name is, but if it is listed as the second then strictly match the domain name ... cue Picard MEME