akkoma - Collegamento all'originale

This is the first time I'm posting anything here but I figured this may be the right audience.

I've never run into something like this and I don't quite know what to make of it. I'm the author and maintainer of libgpiod. The official git repository is the one at kernel.org[1]. There's also a github mirror[2] as well as a documentation page[3] at readthedocs that I maintain.

I noticed (purely by chance) that there's a new website at libgpiod.com that's been created recently. I have nothing to do with it. It's clearly AI-generated but it redirects to my github. It's a 2 month old domain, anonymized registrar, protected by Cloudflare and NeoProtect and a Swedish host behind that.

Clearly someone went to a great length to stay anonymous. I'm afraid of falling victim to some new elaborate supply chain attack. What should I do about it (if anything)? Has anyone else experienced something similar?

[1] git.kernel.org/pub/scm/libs/li…
[2] github.com/brgl/libgpiod
[3] libgpiod.readthedocs.io/

Libgpiod - Modern C Library for Linux GPIO Hardware Control

Libgpiod is a modern C library for Linux GPIO control, enabling efficient hardware access for embedded and system developers. #Libgpiod
Libgpiod

reshared this

in reply to Bartosz Golaszewski

mastodon - Collegamento all'originale

BrianKrebs

Interesting. Just looked at the other sites they apparently registered and they all do the same thing: say on the bottom they aren't affiliated with the official package and that they only link to documentation. All the ones I checked go to the developer's GitHub profile. Could be someone trying to be well-meaning here with an overnight AI project, but I think it's important to point out everything about these sites could change on a dime.
in reply to Bartosz Golaszewski

mastodon - Collegamento all'originale

BrianKrebs

I'm reasonably certain that the people who've developed these sites are in India. A couple of them appear to have compromised their systems with credential stealing malware recently. But I don't see anything remotely malicious or phishy in their saved credentials or visited sites. If they were in the habit of doing bad things online, it would almost certainly be evident in their keylog data. However, they appear to be creating a large number of unrelated sites that basically just use SEO to get people to click on their affiliate links and buy stuff at Amazon, etc.
in reply to Bartosz Golaszewski

mastodon - Collegamento all'originale

BrianKrebs

I did a passive DNS lookup on one of the host IPs for these domains, which are in basically two groups of time (2024-5 and 2026). But they all share a few qualities, including name server records at middlehosted.com:

108.181.247.108

rrname
_dc-mx.f60fb856bfda.osmnx.com
_dc-mx.b5ce1a126c7a.dinov2.com
_dc-mx.7adfbb8745a5.fsspec.com
_dc-mx.0e13b143350f.gseapy.com
_dc-mx.c6c56ec9210f.kivymd.com
_dc-mx.45b83b48adea.pynput.com
_dc-mx.068c61ca79d8.pyodbc.com
_dc-mx.d7fb3628e222.pypdf2.com
_dc-mx.d21ba05b8588.pysftp.com
_dc-mx.aeaab2e746b1.bowtie2.com
_dc-mx.c9ba3f8379cd.ddtrace.com
_dc-mx.a6258de5455a.docxtpl.com
_dc-mx.146e00e48478.elltube.com
_dc-mx.0c39c9f8f0ee.hdbscan.com
_dc-mx.3353ef162267.multrin.com
_dc-mx.de0943ca2691.pymongo.com
aioredis.com
_dc-mx.fbc668446112.aioredis.com
_dc-mx.9ea0beef5e4f.certutil.com
_dc-mx.c273429a2750.chemprop.com
cutadapt.com
_dc-mx.497eb2a8d293.dateutil.com
_dc-mx.f0f8755e9e35.gpiozero.com
_dc-mx.bdaab5a45463.hmmlearn.com
_dc-mx.ecd016286fd0.libgpiod.com
_dc-mx.88bc25810b8a.autogluon.com
_dc-mx.b2bb3cf06aba.bevformer.com
_dc-mx.352fcf2cb67f.ipykernel.com
_dc-mx.ab3782236e1f.nbconvert.com
_dc-mx.578a7752c5e7.pytorch3d.com
_dc-mx.c811adc671e3.pywinauto.com
born2gamer.com
cpanel.born2gamer.com
webdisk.born2gamer.com
webmail.born2gamer.com
cpcalendars.born2gamer.com
_dc-mx.74d423c8d6f0.commitlint.com
_dc-mx.f417b6bbec48.ipywidgets.com
_dc-mx.d42d69f39f8a.weasyprint.com
_dc-mx.4ad93e3ec257.xlsxwriter.com
_dc-mx.024265d17206.apscheduler.com
paidcracked.com
cpanel.paidcracked.com
webdisk.paidcracked.com
webmail.paidcracked.com
cpcontacts.paidcracked.com
cpcalendars.paidcracked.com
leshazlewood.com
paidcracked.org.leshazlewood.com
www.paidcracked.org.leshazlewood.com
cpanel.leshazlewood.com
webdisk.leshazlewood.com
webmail.leshazlewood.com
jonitame.leshazlewood.com
www.jonitame.leshazlewood.com
born2gamer.leshazlewood.com
www.born2gamer.leshazlewood.com
cpcontacts.leshazlewood.com
cpcalendars.leshazlewood.com
paidcracked.leshazlewood.com
www.paidcracked.leshazlewood.com
_dc-mx.c3bb03d3e822.wfdownloader.com
_dc-mx.58ec27e99864.xgbclassifier.com
_dc-mx.180c3a6d37a6.clusterprofiler.com
virtualenvwrapper.com
jonitame.net
webmail.jonitame.net
ai3826.myfoscam.org
paidcracked.org

Questo sito utilizza cookie per riconosce gli utenti loggati e quelli che tornano a visitare. Proseguendo la navigazione su questo sito, accetti l'utilizzo di questi cookie.