WARNING - Phishing on pocky.deamhost.com (no R)


#1

Someone has set up an SSH server on pocky.deamhost.com (no ‘r’ in dreamhost)!

Be that you type the domain correctly when you SSH into Pocky. Look very closely if SSH doesn’t recognize the server’s public key!

If you do accidentally try to log into the wrong site, SSH into pocky.dreamhost.com immediately and change your password!

thanks. Hope this helps.


#2

Ouch! Nasty.


Web Hosting Review | Hot Product Directory


#3

Hey, Tom - I hope you reported it to support and OMG and Abuse/Security!!!

That’s nasty.

Wholly


#4

It’s not just pocky; it look like there’s a wildcard DNS record, so .deamhost.com will resolve to the same hosts. The WHOIS info says:

Registrant:
Keyword Marketing, Inc. (DEAMHOST-COM-DOM)
P.O. Box 556
Main Street
Charlestown, West Indies
KN
+852.30164984
+852.30164984
message@keywordmarketinginc.com

Domain Name: DEAMHOST.COM
Status: PROTECTED

So it might not be a malicious phishing site, but rather one of those companies that sell ads based on “near misses” to real domains. Still, it’s best not to take chances. A good practice is to use your domain name for ssh; this also takes care of the case where DH changes you to a different server.