开云体育

Modern browsers highlight such fake domains anyway, IIRC. Basically, if any prefix is a valid FQDN with valid https certificate, it’ll get flagged.

Cheers, Kuba

8 okt. 2018 kl. 12:39 skrev Dave McGuire <mcguire@...>:

On 10/08/2018 12:33 PM, pianovt via Groups.Io wrote:
Dave, I agree that the internet was not meant for e-commerce and really
lacks in terms of security. In this case, the domain name is

3262345523.site

The standard should really not allow any other text in front of the
domain name. It's just asking for a scam.

Yes, but "text in front of the domain name" is how subdomains work.
Nearly all large networks use subdomains, sometimes as many has five
levels deep. In the case of the fake web page being discussed,
"www.ebay.com" is a fully legitimate subdomain of domain "3262345523.site".

The problem here is scumbags on one end and people not paying
attention on the other end. Of course, as with anything else, when the
scumbags get better at fooling people, it becomes less our fault and
more their fault, as is what seems to be happening here. I myself would
probably have spotted the fraudulent page, but only because I ran very
large (tens of thousands of domains) DNS servers years ago, and I run a
couple of good-sized ones (hundreds of domains) now. Any other
reasonable person may not notice it at all.

...just like any reasonable person may not notice a modified ATM with
an added card-harvesting fixture, or a scam phone call from the IRS.

-Dave

--
Dave McGuire, AK4HZ
New Kensington, PA