Explanation of ejeffy.com Re-directs
Submitted by Signalost
Doing about five to ten minutes of enumeration I think the reason why if you go to
any of the old websites' ftp subdomain via http (such as ftp.creditdauphine.com) and
get the same ejeffy site is because they happen to correspond to the same IP. This
means one change to one machine will be reflected on the other sites. Each site such
as rambaldi.org and creditdauphine.com are configured to be hosted virtually under the
same IP address depending on the name resolution. This means that they have basically
kept all their eggs in one basket.
Here are some related data I found... some of which has a login prompt if anybody is
willing to try:
http://host.inxite.com = ejeffy.com = thetruewheel.com = dayfornight.com =
findwhatever.com = rambaldi.org = creditdauphine.com = jenningsaero.com = 184.108.40.206
22 ssh Login Prompt version SSH-1.99-OpenSSH_2.5.2p2.
25 smtp for sending possible mail from analysis etc.
80 http website port response: !___ <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
.<HTML><HEAD>.<TITLE>501 Method Not Implemented</TITLE>.</HEAD><BODY>.<H1>Met
81 hosts2-ns -hmm nameserver host
110 pop3 email port again, version host v2000.69rh server ready..
443 https a 'secure' port
8080 WWW-Proxy : going to this port on any related season 1 site is immediate
indication whether it is hosted by them. It gives a "File Not Found" page.
Now for Scarlet Terrier:
22 ssh version 1.99-OpenSSH_2.9p2. login prompt
23 telnet: ahem login prompt
25 smtp: email
intel on email:
220-alexandria3.unixhoster.com ESMTP Exim 3.35 #1
Wed, 7 Aug 2002 12:40:06 -0400 ..220-We do not authorize the use of this sys
80 http response: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<HTML>
<HEAD>.<TITLE>501 Method Not Implemented</TITLE>.</HEAD><BODY>.<H1>Met 143
imap[CAPABILITY IMAP4REV1 LOGIN-REFERRALS AUTH=LOGIN] alexandria3.unixhoster.com
2002.325-cpanel at Wed, 21 Aug 2002
Note the telnet service. During the season 1 game they closed it early on, after the
email message was found and the map of the websites involved.
Last update: 9/30/03