New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Coincidence or Something Nefarious?
MTUser2012
Member
Today I unknowingly mistyped the domain name (unusual name, not even an English word) for the VPS that hosts a reasonably popular music site that I own in my terminal client, and was greeted by a request for the password. At first I could not understand why my password would not work. After checking what I typed, I realized my error. A quick whois showed me that the DN owner is in Germany and this is recent registration.
I don't know what to make of this. Perhaps it is coincidence with a perfectly innocent explanation. Perhaps not. Any ideas on what I might do besides simply emailing the registrant? I did a reverse IP look up and the IP hosts two other domains.
Comments
Are you wishing to contact him with an offer to buy the domain off of him?
Change the password on any account you have that uses this particular password.
You HAVE to do that IMMEDIATELY !
I agree with other users, change your password ASAP. It's extremely probably that it's up purely to phish you in this way. It could be innocent and just locked to prevent people looking at the moment but trust me you don't want to take that chance.
@all. Thanks. That never occurred to me, but it makes perfect sense. A phishing site. I did as you all suggested and thankfully the last SSH login IP is my ip from my login this morning after my mistake.
I wouldn't buy the domain off of him. I'd rate it as worthless. I deliberately chose domain names that don't make sense to anyone but me so I can get short names that are phonetically easy to remember.
BTW, the domain names on the IP fit this pattern. They look like misspellings of other domains. There are no sites too. They resolve to "This works" pages.
@MTUser2012 if it helps for peace of mind, unless this was deliberately logging the pass I *believe default auth logs will only list username for failed logins. Now, of course, I have never ever accidentally type my pass in as my user name... Yeah... I never did that... :x
Now if you are logging all ssh connections you would really know, +1 for having alerts for any server
@MTUser2012 Change Your password, wherever You are using it, right away.
Logs can be tampered with, so last login may or may not be real.
If a box has been compromised, unless you are big white hat hacker with a lot of time on your hands, a reinstall is probably better.
Fortunately, I have 8 days of daily backups of the VPS on a storage VPS that I bought here, so if my site was hacked in the time it took me to change the password, getting my site back won't be too difficult.
I realize that I was stupid for making this mistake. What I have also learned is there seems no limit to the number of people would rather use their talents (considerable, here) to try to break, steal or destroy versus building there own sites. So much talent, wasted, it is so sad.