Suspicious forum notifications/ website

Have something to say about forums.debian.net itself?

Suspicious forum notifications/ website

Postby sunrat » 2016-09-03 02:21

I got an email notification of topic reply which asked me to log in when I clicked the link. I did so and it took me to the forum. However shortly afterward I noticed the actual address was shown as IP address in the URL bar, not "forums.debian.net" as usual. Is this suspicious?
The address is http://217.196.43.138/viewtopic.php?f=7&t=12131.... etc.

It resolves to
IP Address : 217.196.43.138
Location : Netherlands (95% accuracy)
Host Name : tartini.debian.net

whereas debian.net is
Host Name : debian.net
IP Address : 5.153.231.4 and 128.31.0.62 and 130.89.148.14 and 140.211.15.34 and 149.20.20.22
Location : United States


I guess it's just a mirror but just wondering why it doesn't resolve the IP address. Another topic notification email I got at the same time resolved normally.
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ”
Remember to BACKUP!
User avatar
sunrat
 
Posts: 1866
Joined: 2006-08-29 09:12
Location: Melbourne, Australia

Re: Suspicious forum notifications/ website

Postby GarryRicketson » 2016-09-03 02:47

I got an email notification of topic reply which asked me to log in when I clicked the link. I did so and it took me to the forum.


I hope you didn't login, ?


Well one thing, there has been no replies since 2007, :

Postby ghostdawg » 2007-02-09 06:37


Here is the real thread on this forum :
http://forums.debian.net/viewtopic.php?f=5&t=12131
And there have been no recent posts to it.

Is this suspicious?

To me it is, but maybe some of the forum admins know more about this.
User avatar
GarryRicketson
 
Posts: 3758
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: Suspicious forum notifications/ website

Postby dasein » 2016-09-03 03:09

sunrat wrote:Is this suspicious?

Nope. That's the correct IP address.

Code: Select all
$dig forums.debian.net

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> forums.debian.net
[snip]

;; ANSWER SECTION:
forums.debian.net.      3246    IN      A       217.196.43.138

The forums are hosted on their own server, whose name is indeed tartini (and has been for as long as I can remember):

Code: Select all
$ dig  -x 217.196.43.138

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -x 217.196.43.138
[snip]
;; ANSWER SECTION:
138.43.196.217.in-addr.arpa. 27703 IN   PTR     tartini.debian.net.

I'm not 100% sure of the country in which tartini resides, though I have a very strong recollection of it being somewhere in the general area of northwest Europe.

Good catch, though. :cool: Better safe, and all that.

Edit: Downgraded what sounded like firsthand knowledge to something slightly less certain.
Last edited by dasein on 2016-09-03 06:13, edited 1 time in total.
User avatar
dasein
 
Posts: 7261
Joined: 2011-03-04 01:06
Location: Terra Incantationum

Re: Suspicious forum notifications/ website

Postby sunrat » 2016-09-03 04:34

dasein wrote:I'm not 100% sure of the country in which tartini resides, though I know it's somewhere in the general area of northwest Europe.
whois says Netherlands
Good catch, though. :cool: Better safe, and all that.

I thought it was probably legit after doing lookups, but worth a mention. Wondering more why it didn't resolve to hostname as it always had in the past.
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ”
Remember to BACKUP!
User avatar
sunrat
 
Posts: 1866
Joined: 2006-08-29 09:12
Location: Melbourne, Australia

Re: Suspicious forum notifications/ website

Postby dasein » 2016-09-03 06:02

sunrat wrote:I thought it was probably legit after doing lookups, but worth a mention.

Absolutely.

sunrat wrote:Wondering more why it didn't resolve to hostname as it always had in the past.

DNS gremlins, mebbe. Or possible browser bug. Invisible Pink Unicorns possible, but unproved.
User avatar
dasein
 
Posts: 7261
Joined: 2011-03-04 01:06
Location: Terra Incantationum


Return to Forum stuff & feedback

Who is online

Users browsing this forum: No registered users and 1 guest

fashionable