searching google for postage gave results within the sciforums domain now..... http://www.nailartvideos.com/ http://www.theseductionsystem.com/ http://www.rewindhistory.com/ http://www.vintagemediashop.com/ ...those domains hosts the results of search
Sweetest Gusto, What does this mean to the lazy braindead layman, such as myself? Should I be freaked out? Should I be surprised that they are somehow associated with Google? WWJD?
This has already been pointed out to Plazma. The domains in question seem to be using a CNAME method of directing to sciforums, this means that on the face of it, no malicious attempts to gain session data have been done and it's just to gain domain positioning within the search engines. However this doesn't mean that a Rogue proxy couldn't be used in the future to session steal. (In fact it has been suggested that such methods potentially allow malforming of signups for bots etc) The simplest solutions for fixing this instance (And preventing future ones) are: Use full URL's links as opposed to relative ones. (Rather than ./showthread.php it should have the full URL including the Domain, while this can be stripped by a rogue proxy, in regards to just CNAME pointers it would force people to use the real site.) Add a HTTP_REFERER check to each page or via a webserver configuration. (If the page is being called by the wrong domain, don't serve it or point them somewhere else.) Optimally the best way to protect against this is actually going SSL (HTTPS), however this then generates other problems like an increase in server load and various fragmentation methods, although more secure for peoples accounts. (if only a little more) Edit: The whois for the domains is now outputting a registered name, however whether it's real or bogus is a different question altogether. Also where they pose to be is likely where they were initially from and not where they are now.
He told me once. It's a movie about a guy who refuses to eat or sleep. Or something. I made a "promise" to see it, but I forgot what it was. I don't even watch movies very often. I should be sued into non-existence. Anyhow, so Sciforums search results in Google show these sites as being hosts? That's what I'm getting. I'm really dumb, but it doesn't sound very cool.
The Machinist, Christian Bale concerned people while fullfilling the anorexic role, the weird thing was he did this film and Batman about the same time which meant he had to go from being so skinny to beefcake. (A skinny Batman wouldn't of worked)
I'm sure Plazma would let you off, well at least suggest watching the film. Basically the rogue domains were using a CNAME entry in their DNS which meant that when you typed in their domain it pointed to the sciforums server as being their domain. This could eventually be exploited if the person knew what they were doing but was likely done to just get their domains registered in the search engines, piggy backing sciforums popularity. The search engines will eventually pickup that the URL's are now 404'd (errorred)
