iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > News > Security News > Fake Blacklists?
Search:
[ news_security_news ]

Fake Blacklists?



A.P. Lawrence
Contributing Writer
2006-07-10

SecurityProNews: Insider Reports Insider Reports RSS Feed


A customer had momentary trouble sending mail to someone. The first attempt failed, but the second went through. An examination of the logs revealed a couple of interesting things.

First, the recipient mail server sent a strange handshake. The Kerio mail server recorded this log entry:

(IP replaced with all 9's)
553 Bogus helo FRONT4.com.

If you follow that, you come to a legitimate looking screen telling you that the address is blacklisted. However, it seems a little sparse for a real blacklist site - they usually give you more information. I also checked the client's IP on the more common blacklist sites: none of them have him listed.

If you try to find this "secureserver.net" in Google, there is no listing. An attempt to go there or to www.secureserver.net in a browser redirects to "http://www.securepaynet.net/gdshop/404error.asp". Suspicious: is this some sort of extortion scheme?

The domain is registered with GoDaddy - that's a little suspicious too just because GoDaddy is the registrar of a lot of bottom-feeders. It isn't very old, either: less than a year. They have an interesting DNS, too. Most of the pages are place-holders or redirect elsewhere. This just doesn't smell like a real outfit.

That "FRONT4.com" doesn't exist either.

I think this is some sort of scam. I definitely wouldn't plug in my email address there.

As to how they got to that server, I don't know - dns hijacking, perhaps..

*Originally published at APLawrence.com

Add to Del.icio.us | DiggThis | Yahoo! My Web | Furl


About the Author:
A.P. Lawrence provides SCO Unix and Linux consulting services http://www.pcunix.com

More news_security_news Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds