Mumsnet threads archived/mirrored elsewhere - security issue?

[MaidOfStars]

I have just stumbled across something odd. I was using Google to search for '[username]' and 'Mumsnet' (so two words in the search box) and got results from a website with the domain name

jcpenneyhours.com

I clicked on a random link and it's an entire Mumsent thread, fully navigable so not a screenshot, being mirrored there.

I cannot navigate to the homepage of this domain - access is forbidden, so I have no idea what the website is.

Given the recent security issues, I thought I'd flag this for attention. I have attached a screenshot of a search for Mumsnet threads on Google.

I've tried some old usernames but didn't find anything out of the ordinary but this username brings up the jcpenny sites but only for 4 threads within the past month

Any news on this?

yes, would like ot know too

Boardreader is a search engine for forums. Most don't allow it access anymore but it's not suspicious in itself.

JCPenney is a mirror site with fake log-in and account pages - It's quite possibly designed to phish for people's details. There's a few fake log-in pages on that site, for various pet forums/parenting forums/community sites.

DON'T PUT DATA IN THE FAKE LOG IN PAGE.

Thank you anchor.

This makes me re-evaluate what I write on public Internet forums. I tend to get carried away thinking that I only share my infertility with anonymous friends rather than the world. Worrying that I can be this stupid.

The jcpennyhours.com thing is possible copyright infringement/possible phishing - its not a security issue per se.

Lots of sites scrape data from other sites, for various reasons. Anything you post on MN is cached by Google amongst other sites.

Posting on MN does not somehow magically limit your post to being viewed by mumsnetters - anyone can see your posts on Mumsnet, and any person/computer can search/cache/replicate/share anything on Mumsnet/ the internet...

Hi again,

Just letting you all know that our Tech team are on the case with this. They're reporting the site to Google as a possible phishing site, and will also be contacting the owners of the domain and the host site.

As ItsAllGoingToBeFine pointed out, this is more of a copyright issue than a security one, but we can see that it's pretty unsettling.

The advice from Tech is to please steer clear of that and any similar sites.

Many thanks.

What would happen if someone logged on via the jcpenny site? Would they be able to steal log on details?

In theory yes.

MN is also logged by the Internet Archive/Wayback Machine. It's quite sporadic and I'm not sure if it's every thread, but I found a 3/4 of a deleted thread on there.

Hi again,

We've just had word back from our Tech team saying they've had confirmation that the registrar has now suspended the domain.

Many thanks for drawing it to our attention.

And if you spot any similar sites, please do let us know.

which domain?

@OnceAMeerNotAlwaysAMeer

which domain?

The jcpenneyhours.com domain name, which was reported by the OP.

okay good to hear. Still working on the others?

Yes, OnceAMeer, our Tech team are still looking into the other sites that have been mentioned on this thread - we'll report back as soon as we can.

thanks

Hi again, just an update from our Tech team about some of the sites reported on this thread.

We have contacted the boardreader.com site in the past to get them to stop indexing MN pages. We're contacting them again now, as it's clearly still an issue.

The hidemyass.com site is not a worry from a security point of view. It's a site where you type in a url you want to visit and it displays it for you without it showing up in your history.

The issue with various other sites mentioned is more of an infringement of copyright than a security one. Again, we'll be contacting individual sites where necessary.

Please let us know if you have any other concerns - and thanks again for bringing this issue to our attention.

Thanks dawn
I use the hide my ass website occasionally when overseas and genuine websites don't like my IP special forces innit it's fine.