Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Suspicious forum notifications/ website

Code of conduct, suggestions, and information on forums.debian.net.
Post Reply
Message
Author
User avatar
sunrat
Administrator
Administrator
Posts: 6412
Joined: 2006-08-29 09:12
Location: Melbourne, Australia
Has thanked: 116 times
Been thanked: 462 times

Suspicious forum notifications/ website

#1 Post by sunrat »

I got an email notification of topic reply which asked me to log in when I clicked the link. I did so and it took me to the forum. However shortly afterward I noticed the actual address was shown as IP address in the URL bar, not "forums.debian.net" as usual. Is this suspicious?
The address is http://217.196.43.138/viewtopic.php?f=7&t=12131.... etc.

It resolves to
IP Address : 217.196.43.138
Location : Netherlands (95% accuracy)
Host Name : tartini.debian.net
whereas debian.net is
Host Name : debian.net
IP Address : 5.153.231.4 and 128.31.0.62 and 130.89.148.14 and 140.211.15.34 and 149.20.20.22
Location : United States
I guess it's just a mirror but just wondering why it doesn't resolve the IP address. Another topic notification email I got at the same time resolved normally.
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ”
Remember to BACKUP!

User avatar
GarryRicketson
Posts: 5644
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: Suspicious forum notifications/ website

#2 Post by GarryRicketson »

I got an email notification of topic reply which asked me to log in when I clicked the link. I did so and it took me to the forum.
I hope you didn't login, ?


Well one thing, there has been no replies since 2007, :

Postby ghostdawg » 2007-02-09 06:37
Here is the real thread on this forum :
http://forums.debian.net/viewtopic.php?f=5&t=12131
And there have been no recent posts to it.
Is this suspicious?
To me it is, but maybe some of the forum admins know more about this.

User avatar
dasein
Posts: 7680
Joined: 2011-03-04 01:06
Location: Terra Incantationum

Re: Suspicious forum notifications/ website

#3 Post by dasein »

sunrat wrote:Is this suspicious?
Nope. That's the correct IP address.

Code: Select all

$dig forums.debian.net

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> forums.debian.net
[snip]

;; ANSWER SECTION:
forums.debian.net.      3246    IN      A       217.196.43.138
The forums are hosted on their own server, whose name is indeed tartini (and has been for as long as I can remember):

Code: Select all

$ dig  -x 217.196.43.138

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -x 217.196.43.138
[snip]
;; ANSWER SECTION:
138.43.196.217.in-addr.arpa. 27703 IN   PTR     tartini.debian.net.
I'm not 100% sure of the country in which tartini resides, though I have a very strong recollection of it being somewhere in the general area of northwest Europe.

Good catch, though. :cool: Better safe, and all that.

Edit: Downgraded what sounded like firsthand knowledge to something slightly less certain.
Last edited by dasein on 2016-09-03 06:13, edited 1 time in total.

User avatar
sunrat
Administrator
Administrator
Posts: 6412
Joined: 2006-08-29 09:12
Location: Melbourne, Australia
Has thanked: 116 times
Been thanked: 462 times

Re: Suspicious forum notifications/ website

#4 Post by sunrat »

dasein wrote: I'm not 100% sure of the country in which tartini resides, though I know it's somewhere in the general area of northwest Europe.
whois says Netherlands
Good catch, though. :cool: Better safe, and all that.
I thought it was probably legit after doing lookups, but worth a mention. Wondering more why it didn't resolve to hostname as it always had in the past.
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ”
Remember to BACKUP!

User avatar
dasein
Posts: 7680
Joined: 2011-03-04 01:06
Location: Terra Incantationum

Re: Suspicious forum notifications/ website

#5 Post by dasein »

sunrat wrote:I thought it was probably legit after doing lookups, but worth a mention.
Absolutely.
sunrat wrote:Wondering more why it didn't resolve to hostname as it always had in the past.
DNS gremlins, mebbe. Or possible browser bug. Invisible Pink Unicorns possible, but unproved.

Post Reply