Is anybody really this stupid?

[disturbed1]

Got this email today -

Dear eBay User,
During our regular update and verification of the accounts, we couldn't verify
your current information. Either your information has changed or it is
incomplete.
Please update and verify your information by signing in your account below :
If the account information is not updated to current information within 5 days
then, your access to bid or buy on eBay will be restricted.
go to this link below:

http://194.27.43.23/login.htm

***Please Do Not Reply To This E-Mail As You Will Not Receive A Response***


Thank you
Accounts Managent

As outlined in our User Agreement, eBay will periodically send you information
about site changes and enhancements. Visit our Privacy Policy and User Agreement
if you have any questions.

Copyright 2002 eBay Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.
eBay and the eBay logo are trademarks of eBay Inc

Whois for 194.27.43.23

inetnum: 194.27.43.0 - 194.27.43.255
netname: DPU-NET
descr: Dumplupinar Universitesi
country: TR
admin-c: ZC87-RIPE
tech-c: CY25-RIPE
status: ASSIGNED PA
mnt-by: RIPE-NCC-LOCKED-MNT
remarks: Maintainer RIPE-NCC-NONE-MNT removed and object
remarks: LOCKED by the RIPE NCC due to
remarks: deprecation of the NONE authentication scheme.
remarks: Please visit the following URL to unlock this object
remarks: http://www.ripe.net/db/none-deprecation-042004.html
changed: hostmaster@metu.edu.tr 19990303
changed: ripe-dbm@ripe.net 20040429
source: RIPE

route: 194.27.0.0/16
descr: ULAKNET
origin: AS8517
holes: 194.27.149.0/24
mnt-by: ULAKNET-MNT
changed: ipadmin@ulak.net.tr 20010213
source: RIPE

person: Zeki Cakmak
address: DPU Rektorluk
address: Kutahya Turkiye
phone: +90 274 2239500
fax-no: +90 274 2244288
nic-hdl: ZC87-RIPE
changed: hostmaster@knidos.cc.metu.edu.tr 19950802
source: RIPE

person: Cumali Yasar
address: DPU Rektorluk
address: Kutahya Turkiye
phone: +90 274 2239500
fax-no: +90 274 2244288
nic-hdl: CY25-RIPE
changed: hostmaster@knidos.cc.metu.edu.tr 19950802
source: RIPE

Tell me people don't fall for this stuff.

Then again, I've always wondered why they call it common sense when it isn't all that common

[Guest]

You end up at this url
https://www.ebay.com/acounts/memb/avncenter/?dll87443%221384%145

I wonder how this is scripted. How does the info get sent elsewhere when you are inside the ebay site? I couldnt tell from the source code.

[disturbed1]

Nah, ebay is 66.135.208.88.

That other IP is going to Turkey, and everything for ULAKNET-MNT points to ulakbim.gov.tr which is part of the National Academic Network and Information Center in TURKEY.

[Guest]

How does ebays url get into the browser?

[disturbed1]

How does ebays url get into the browser?

Here's the link of what the IP actually is http://www.ulakbim.gov.tr/english/

[Guest]

Right, but im just wondering about the script that displays ebays url. I know a little about this,but might be duped if there was an update and the url was microsofts.Scary

[disturbed1]

http://pages.ebay.com/education/spooftutorial/spoof_2.html

Read that from ebay, the example "spoof email" is almost word for word what was sent to me.

[Guest]

I'm only wondering how the ip is displaying ebays url. I didnt think this was possible.

[disturbed1]

Don't see where the IP is displaying anything for ebay?

I'm lost

Ebay owns 66.135.208 block

While the Turkey data center owns 194.27.43

194.27.43.23 has nothing to do with ebay.

[Guest]

When I click on the ip you posted (194.27.43.23..) I end up at a page displaying this url
https://www.ebay.com/acounts/memb/avncenter/?dll87443%221384%145

in my browser

[Rookie64]

You're overlooking something - that link starts out httpS

type out -
http://www.ebay.com/acounts/memb/avncenter/?dll87443%221384%145

or just the link without https

www.ebay.com/acounts/memb/avncenter/?dll87443%221384%145


you'll get Page Not Found 8)

[Guest]

Right, https means it is a secure site. I would expect this. I dont ever enter sensitive info on a non-https site

[The village idiot]

He He He, I filled it all out


Then I went and changed my ebay and paypal passwords, just incase they stole the cookies

[glockjs]

i dont really agree with hacking.. but in cases like this hackers can be a good thing. some good samaritan should shut this a hole down. then again if somebody is stupid enough its their own damn fault.

[Rookie64]

Right, https means it is a secure site. I would expect this. I dont ever enter sensitive info on a non-https site

It redirects you to Ebay's real site though

If you can't get there from the real Ebay site...then it's obvious the link is bogus.

Personally, I'd never enter passwords, credit card info or other personal info from any link provided via e-mail or IMs - you're asking for trouble if you do that.

Ebay would never have you enter the site that way to begin with.
You should always sign in from the site itself.

[Guest]

Right, https means it is a secure site. I would expect this. I dont ever enter sensitive info on a non-https site

It redirects you to Ebay's real site though

If you can't get there from the real Ebay site...then it's obvious the link is bogus.

Personally, I'd never enter passwords, credit card info or other personal info from any link provided via e-mail or IMs - you're asking for trouble if you do that.

Ebay would never have you enter the site that way to begin with.
You should always sign in from the site itself.

Ok,back to the other point. If you are on ebays,legit,secure page ,how are they hijacking the info?

[The village idiot]

Right, https means it is a secure site. I would expect this. I dont ever enter sensitive info on a non-https site

It redirects you to Ebay's real site though

If you can't get there from the real Ebay site...then it's obvious the link is bogus.

Personally, I'd never enter passwords, credit card info or other personal info from any link provided via e-mail or IMs - you're asking for trouble if you do that.

Ebay would never have you enter the site that way to begin with.
You should always sign in from the site itself.

It only redirects to ebay after you fill in all the info. Ebay doesn't ask for all the things that they are asking for. Paypal user and password? I don't think so...

Also when you click the lick in the first post, I get a pop up message that says the web site is trying to close the window, to which I click no, leave the window open. It is shady all the way around!

[lordsmurf]

Cunnilingus, NY ? Nice.

[Guest]

Right, https means it is a secure site. I would expect this. I dont ever enter sensitive info on a non-https site

It redirects you to Ebay's real site though

If you can't get there from the real Ebay site...then it's obvious the link is bogus.

Personally, I'd never enter passwords, credit card info or other personal info from any link provided via e-mail or IMs - you're asking for trouble if you do that.

Ebay would never have you enter the site that way to begin with.
You should always sign in from the site itself.

It only redirects to ebay after you fill in all the info. Ebay doesn't ask for all the things that they are asking for. Paypal user and password? I don't think so...

Also when you click the lick in the first post, I get a pop up message that says the web site is trying to close the window, to which I click no, leave the window open. It is shady all the way around!

I see a quick pop page that disappears. Never get the option to close it. All I get is the legit ebay page. Do I now have an underlying ,nefarious process running? It would seem there would have to be because how else could info be garnered while your inputing it on a secure site?

[northcat_8]

I think it is a spoof site. Basically it's just a copy of the ebay site, looks real, links maybe real but it's not. You enter all of your stuff, submit it and it doesn't go to ebay, it goes to a database on the hacker's server. You click a link and it actually has an ebay url attached and you're none the wiser. Next time you try to get into ebay your new password doesn't work, so you use your old and it works...so you figure it must not have went through or been changed yet and just dismiss it.

There were a bunch of hotmail spoofed sites up a few years ago.

I don't know if that's what it is, but that's sure what it looks like.

[tgpo]

I never see any ebay stuff from that link. It opens a new window and closes it. That's it.

I saved the link you gave and looked at the html, all it does is refresh the page to http://www.parlininsurance.com/secure.htm , but I never see that page because it closes my window.

[jeex]

[tgpo]

The real url of the page is http://www.parlininsurance.com/a.html

[Baldrick]

it "creates" a fake address bar and remove the original address bar...that is why it can say ebay.com in the address bar(it has nothing to do with the https)

[tgpo]

I'm looking through the code. It always is a bad sign when the word "mail bomber" appears in the source code comments

[The village idiot]

I'd love to see the guys face when he looks at all the bounced mail from the address I sent them.

Come on, everybody join in!

[Guest]

it "creates" a fake address bar and remove the original address bar...that is why it can say ebay.com in the address bar(it has nothing to do with the https)

So thats why my browser canges configuration

[Guest]

Funny,when I try to log on at work,i get a pop-up for turkish language support.Icant load the page

[dnix71]

The link first posted is a number, not a name. That should have been the giveaway. If you use Mozilla as a browser and someone uses a redirect (the % sign) then you will see the true url when you arrive, With IE you will not see the true url, and MS will not fix this severe flaw. IE drops the redirect part of the url script so the address bar would only show something like "http://www.ebay.com/customerwhatever" I can't even go there in Mozilla, because my security settings don't allow that kind of redirect.

[BodaZoffa]

Maybe you can try something like this.....


http://www.mannequin3d.com/powerbook/

This was classic!

Boda