[manjaro-dev] Fwd: You have a new ticket [ TK-SX8-BLW67 ] :: sDown.eu

Jonathon Fernyhough jonathon at manjaro.org
Tue Apr 12 21:07:14 CEST 2016

No idea.

It looks at first like a new "Softpedia" type site but, being paranoid,
I suspect it is a social engineering site (or one that will inject/serve
ads on download pages).

Note the domain whois shows it was registered in Romania. The "control
panel" page attributes are located on 'web-romania.ro' (redirects to an
ad site). These obviously don't match the listed contact address and
though it's possible this is a oDesk-type freelance job it's also quite
possible they picked an address at random. T&C, AUP etc. links at the
bottom of the page are to an entirely different domain.

Also note that anyone with that ticket link gets sent straight into
their system without a login check so now it's archived on the list
anyone reading it has edit access to the sdown.eu listing. It's a
thoroughly unprofessional site.

If I was truly paranoid I suspect we're going to be attacked in the same
way that Mint (and Architect?) were. Note that they have listed the
community editions - JWM's Softpedia link already points to a porn site.

We need to act, right now, just in case:
 * Make sure passwords are changed and accounts are checked (especially
Sourceforge access);
 * Make sure every release has checksums;
 * Make sure any inactive/old accounts are removed (e.g. alumni email

We might also need to think about having a proper process in place for
controlling branding. For example, it's not good having a load of
half-baked social networking accounts that are "official" but run by
someone who left the project, and it's no good community edition
maintainers going off and doing their own marketing. We also need to
come up with contingency/disaster recovery plans.


On 12/04/16 19:27, Philip Müller wrote:
> Does anybody know what is happening here?
> -------- Weitergeleitete Nachricht --------
> Betreff: 	You have a new ticket [ TK-SX8-BLW67 ] :: sDown.eu
> Datum: 	Tue, 5 Apr 2016 01:52:44 +0200 (CEST)
> Von: 	admin at sdown.eu
> An: 	support at manjaro.org
> You have a new ticket [ TK-SX8-BLW67 ] :: sDown.eu
> *sDown.eu* is offering a friendly and easy to use platform for
> presenting your articles and promoting your software applications. Thank
> you for using our services!
> <https://www.sdown.eu/>
> *WEBSITE*	<http://admin.usdown.eu/>
> APPROVED :: *Manjaro Linux JWM*
> Follow this link to view this ticket TK-SX8-BLW67
> http://user.usdown.eu/shortcut/0e1bb528/1458790028/ticket
> Received this email because you are subscribed to our database :: sDown.eu
> Stay connected with us ...
>   <https://twitter.com/softedown>
> <//plus.google.com/103622889834275975386>
> <//www.facebook.com/sdowneu-Free-Download-1449083712065986>
> STERLING REIGN  copyright © 2016. All Rights Reserved.
> *+44 - 7595 627 652*
> _______________________________________________
> manjaro-dev mailing list
> manjaro-dev at manjaro.org
> http://lists.manjaro.org/mailman/listinfo/manjaro-dev

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.manjaro.org/pipermail/manjaro-dev/attachments/20160412/7e0ad96f/attachment.pgp>

More information about the manjaro-dev mailing list