Anybody else get this?

[stu]

I just received this email from security.admin@dsredirection.com

Quote:

Dear Dsredirection valued Members

Regarding our new security regulations, as a part of our yearly maintenance we have provided a security guard script in the attachment.

So, to secure your websites, please use the attached file and (for UNIX/Linux Based servers) upload the file "guard.php" in: "./public_html" or (for Windows Based servers which use ASP) upload the file "guard.asp" in: "./wwwroot" in your site.

If you do not know how to use it, you can use the following instruction:

For Unix/Linux based websites that use PHP/CGI/PERL:
1) Download the attachment named "guard.zip"
2) Extract file "guard.php"
3) Login to your site Control panel.
4) Open "File Manager" window.
5) Go through "Public_html" or "htdocs"
6) Choose "Upload Files"
7) Upload the file "guard.php"
8) Check its URL too "http://www.yoursite.com/guard.php", if it is ok

For Windows based websites that use ASP:
1) Download the attachment named "guard.zip"
2) Extract file "guard.asp"
3) Login to your site Control panel.
4) Open "File Manager" window.
5) Go through "wwwroot" directory
6) Choose "Upload Files"
7) Upload the file "guard.asp"
8) Check its URL too "http://www.yoursite.com/guard.asp", if it is ok

Thank you for using our services and products. We look forward to providing you with a unique and high quality service.

Best Regards

Dsredirection Inc

http://www.dsredirection.com

The attachmement guard.asp is a VBscript. I don't read VBScripts, so don't understand what it's doing. But what I fail to understand is why would we need such a protection because when we are using their dsredirection nameservers, we don't have any website to upload the script to? The website doesn't resolve either.

Smells fishy to me.

[DSSupport]

I can tell you that the email you're referencing DID NOT come from DomainSponsor. I've checked interally and no one has sent out anything like what's being described. Most, if not all, communication from DomainSponsor will come from DSSupport@domainsponsor.com.

At this point it's unclear to me whether this email is attempting to intentionally misrepresent itself as being sent from DomainSponsor, but we obviously take this very seriously and are in the process of investigating further.

Thanks,

DSSupport

[donsimon]

We received one as well and decrypted the script. It's pretty good, basically it emails your server name to a gmail account and they then come to the site and basically have full access to your server. I don't recommend installing it.

Donny

[stu]

Welcome to DNF, DSSupport. Nice to know there is someone from DS on this forum.

[Bender]

Quote:

Most, if not all, communication from DomainSponsor will come from DSSupport@domainsponsor.com

the sender email can be easily forged- don't consider that safe.

[stu]

I got exactly the same email from verisign.com today. So it looks like somebody's out to do some mischief.

[lazyleo]

Someone has been naughty and many chances are they watched you here as i checked your profile most of you posts are asking about DS payments so i think they handpicked you.

anyways be extra careful now

regards

[stu]

Anyone else subscribe to this theory?

[donsimon]

Actually, I don't think it has anything to do with DNForum. They seemed to have went after hosting companies (nameservers) and registrars. So they probably bought WHOIS information or stole it and just sent out the emails.

Donny

[namestrands]

im jealous I did not get one.. Stu can you send me the email, I would not mind seeing its footprint and adding it to my Security Gateway.