🚨 Warning: New FAKE website offering FAKE KeePassXC downloads!

keepassxc@fosstodon.org

Warning: New FAKE website offering FAKE KeePassXC downloads! Do not fall for it. The correct domain is https://keepassxc.org without hypens!

keepassxc@fosstodon.org

The website is asking for your email address to access the downloads. We never ask for your email address. Do not enter your data there, it's a phishing attempt.

bleed@dostar.moe

@keepassxc

cc @kafazen

sn@social.josko.org

@keepassxc sent email to abuse@dynadot.com and cloudflare abuse (NS records)

keepassxc@fosstodon.org

@sn Thanks. I've reported it to Microsoft, Google, Netcraft, and other services as well.

gremlin@critter.cafe

@keepassxc also reported to Dynadot. Maybe you Guys should claim similar Domains like this to prevent this BS.

nestab@infosec.exchange

@keepassxc
from repository

eroc1990@mastodon.parastor.net

@keepassxc
Methinks you should go buy as many typosquat domains as are available before copycats get to them.

keepassxc@fosstodon.org

@gremlin We already own a lot of variants with different top-level domains and redirect them to keepassxc.org. The only one we couldn't get is .com, because someone snatched it already and has since put it on auction after it was put on block lists. But we cannot also register all possible combinations with hyphens and typos.

gremlin@critter.cafe

@keepassxc I mean typos not but something like keepass-xc/com should have been in your mind. But yeah, hopefully DynoDot nukes them soon

keepassxc@fosstodon.org

@eroc1990 We own several already, but it's a losing game and a pretty expensive one at that.

keepassxc@fosstodon.org

@gremlin There's an infinite number of possible typos like that. Registering them all is pretty futile and expensive.

gremlin@critter.cafe

@keepassxc as said, at least common Domains with "-" are with .com, .net and .org like 30$ a year.

regendans@todon.eu

@nestab @keepassxc The p.s. I use VoidLinux and the b.t.w. I use ArchLinux folks are awake now ?

keepassxc@fosstodon.org

@gremlin And then multiply it by 10 different TLDs.

gremlin@critter.cafe

@keepassxc If I want to secure my Shit I do it, you host a Software of Security. Like what are you trying to tell me? That the security of your Users isn't worth it?

keepassxc@fosstodon.org

@gremlin As I said, we already own quite a few different domains. We're a small open source project. We get a healthy amount of donations, but we cannot spend $2000 a year on domains, just so someone can register yet another one we haven't registered yet.

gremlin@critter.cafe

@keepassxc If you are even close to over 200-300€ for your Domains per year you do something really wrong. I guess you should check-out https://tldes.com and find a Register that does not Rip the Shit out of you (I pay around 190€ for 30 Domains with Common Extensions)

keepassxc@fosstodon.org

@gremlin Six different variants with hyphens, kee, key -pw etc. times 10 TLDs times $30 is $1800. But if you want to help, keepassxc[.]com is on auction for a mere $50,000.

gremlin@critter.cafe

@keepassxc

You need:
KeepassXC/com
KeepassXC/org
KeepassXC/net
maybe KeepassXC/pw as a "Joke Domain" and the same with "-". Since .com is currently taken it is one less.

I calculate now with 6 Domains, where we end up at around 70$ a year, if we add uncommon extensions or Country specific (in this Case I choose: .info, .biz and .eu) we are still at around 92$ a year. These are not even 1,2K$ a year. Idk what "weird" or uncommon Domains you own. But a basic Brand Shield with these should be enough. And sorry, I do not spend Money at Domain-Suckers/Re-Sellers, I sue the Shit out of them if they infringe my Brand.