[guardian-dev] ostel.cc

Hans of Guardian hans at guardianproject.info
Mon Feb 29 09:27:57 EST 2016


I did get a brief message from Lee, the lead of ostel.co.  He said that ostel.cc a site that he helped setup, and it federates with ostel.co.  The phishing style domain name is unfortunate though.

.hc

On Jan 17, 2016, at 2:13 PM, cexinho . wrote:

> currently its ostel.co that is overwriting ostel.cc on the cache page, but that's simply because ostel.co atm has more hits, but as soon as ostel.cc gets more hits it will overwrite the cache for ostel.co.
> So all of a sudden they can start to show malicious data on the page and that will affect the SEO of ostel.co
> 
> On Sun, Jan 17, 2016 at 1:08 PM, cexinho . <cexinho at gmail.com> wrote:
> Hey, that is actually not phishing, and the way to handle with it is not that easy. That is actually a method that is attempting to steal the search engine index ranks.
> Depends a bit on how it works, it usually creates a live mirror of the real site, so any change on the real site should reflect on that copy site. If this is verified then you can simply block any requests that come from that site/IP and it should instantly stop working.
> 
> If the above don't check then just follow the steps outlined here:
> http://www.indigoextra.com/blog/report-scraper-site-to-google
> Since their whois info seems to be protected the last step would be to contact the hosting provider on which that site is hosted on :).
> 
> If you want more details about this, this is possibly an attack method that is taking advantage of a bug with Google's cache system.
> See here how it already affected it:
> 
> https://webcache.googleusercontent.com/search?q=cache:EiJ20XvpiwEJ:https://ostel.cc/+&cd=1&hl=pt-PT&ct=clnk&gl=us
> that's a cache page for ostel.cc but the page being shown is actually from ostel.co/ :)
> 
> On Sun, Jan 17, 2016 at 12:15 AM, Patrick Connolly <patrick.c.connolly at gmail.com> wrote:
> Ugh. No, wasn't aware of it myself. Not good.
> 
> Should we report it as phishing attempt to Google? https://www.google.com/safebrowsing/report_phish/
> 
> 
> --------------------------------------------
> Q: Why is this email [hopefully] five sentences or less? | A: http://five.sentenc.es
> 
> On Sat, Jan 16, 2016 at 9:37 AM, Hans-Christoph Steiner <hans at guardianproject.info> wrote:
> 
> Anyone know about ostel.cc?  It seems to be a clone of ostel.co:
> 
> https://ostel.cc/
> 
> .hc
> 
> --
> PGP fingerprint: EE66 20C7 136B 0D2C 456C  0A4D E9E2 8DEA 00AA 5556
> https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556
> _______________________________________________
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> To unsubscribe, email:  guardian-dev-unsubscribe at lists.mayfirst.org
> 
> 
> _______________________________________________
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> To unsubscribe, email:  guardian-dev-unsubscribe at lists.mayfirst.org
> 
> 
> 
> 
> -- 
> César
> 
> 
> 
> -- 
> César

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20160229/1fa3536b/attachment.html>


More information about the guardian-dev mailing list