[Catalog-sig] bad package that's fishing bitbucket emails

M.-A. Lemburg mal at egenix.com
Thu Mar 29 13:36:31 CEST 2012 

Robert Kern wrote:
> On 3/29/12 11:56 AM, M.-A. Lemburg wrote:
>> M.-A. Lemburg wrote:
>>> Michael Foord wrote:
>>>> Hello mt,
>>>>
>>>> It doesn't appear to be a clone, but embedding bitbucket - and the Python package *seems* genuine.
>>>
>>> The site hosts an illegal copy of the bitbucket site and redirects the logins
>>> not to bitbucket, but to the code.thejeshgn.com:
>>>
>>> http://code.thejeshgn.com/account/signin/
>>>
>>> Needless to mention that the login info is sent in clear as well...
>>>
>>> I think we should inform Atlassian about this.
>>
>> Looks like he cloned bitbucket for all his bitbucket repos:
>>
>> http://code.thejeshgn.com/
>>
>> and happily proxies requests through his site.
> 
> Are we sure this is not just an instance of this supported feature of Bitbucket?
> 
> http://confluence.atlassian.com/display/BITBUCKET/Using+your+Own+bitbucket+Domain+Name

Oh dear, they even promote such use... what a poor security model :-(

You were right:

$ dig code.thejeshgn.com

; <<>> DiG 9.7.4-P1 <<>> code.thejeshgn.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34768
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 2

;; QUESTION SECTION:
;code.thejeshgn.com.            IN      A

;; ANSWER SECTION:
code.thejeshgn.com.     3600    IN      CNAME   bitbucket.org.
bitbucket.org.          360     IN      A       207.223.240.181
bitbucket.org.          360     IN      A       207.223.240.182

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Mar 29 2012)
>>> Python/Zope Consulting and Support ...        http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ...             http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
________________________________________________________________________
2012-04-03: Python Meeting Duesseldorf                      5 days to go

::: Try our new mxODBC.Connect Python Database Interface for free ! ::::


   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611
               http://www.egenix.com/company/contact/

More information about the Catalog-SIG mailing list