Archive for November, 2007

SiteTruth outage – APlus Phoenix

Friday, November 30th, 2007

SiteTruth is partially available due to network problems at an APlus.net colocation facility in Phoenix, AZ. Servers are being moved and we expect to be operational by Monday.

Update, December 4, 2007: The APlus.net outage continues.

Update, December 5, 2007: SiteTruth is back up for now, but the APlus problems have not been fully resolved.

Active phishing scams exploiting major domains

Saturday, November 24th, 2007

After we discovered that a few major domains were being exploited by phishing scams, we added a new feature to SiteTruth – a continuously updated list of problem domains:

List of major domains being exploited by phishing scams

Each domain listed here is a well known domain in the Open Directory providing, perhaps unwittingly, a service for a phishing scam reported to PhishTank. The service provided may be hosting, URL redirection, or Internet connectivity. The owners of the domains listed are generally innocent of direct involvement with the scam. Domains listed typically have a security vulnerability which is being exploited.

There are only 164 such domains today. It’s not a problem that can’t be fixed, and it’s not a problem common to most web sites. A few major sites just need to clean up their act.

Domains on this list are down-rated by SiteTruth.

Google vs. PhishTank, or why we downrated Google

Sunday, November 18th, 2007

SiteTruth is currently rating Google as Red do-not enter “Site ownership unknown or questionable. — Negative Info”

“google.com” has a negative report in PhishTank this week. A hostile site is exploiting a security hole in Google Maps, an “open redirector”, to give themselves a phony “google.com” web address. This assists the hostile site in evading spam filters and web filters.

Once Google plugs this security hole, PhishTank should notice within a day, and SiteTruth will pick up that information and rerate automatically.

We’ve seen this with a few other major sites. “rds.yahoo.com” is an open redirector, but, confined to a separate domain used only for redirection, it doesn’t open a hole through spam filters and so we don’t downgrade the whole “yahoo.com” domain. AOL uses “r.aol.com” in a similar way, but they also have an exploitable hole in AOLsearch that’s been reported to PhishTank.

Click on any SiteTruth rating icon for a detailed report about how the rating was computed.  If “Negative Info” is reported, click on “Show Details” for a link to the data source which reported trouble.

SiteTruth now listed in Yahoo Application Gallery

Friday, November 9th, 2007

SiteTruth is an “editor’s pick” today in Yahoo’s Applications Gallery.