Spoofing Zerotier? my-dev.zerotier.com

I googled “Zerotier Central” today and (without paying enough attention) was presented with a normal looking Zerotier login page at:

https://my-dev.zerotier.com/

Several login attempts failed as did a couple of “Forget password” email requests. Finally I was able to login using the associated google account only to find that my network had vanished and was replaced by a request to create a new network (which I did not).

Retracing my steps I discovered the misdirection to the above site. Subsequently logging in to

https://my.zerotier.com/

everything worked as normal.

Consequently I’m wondering, if I was spoofed into revealing my google account password (changed of course) and why does this is a spoof site it appeared so high in the google search rankings and how do they get away with looking / working just like the zerotier site? If it isn’t spoof site, why doesn’t it work? Any revelations greatly appreciated.

That’s our development & testing instance of Central. Account creation is turned off, and doesn’t use the same user database as the main instance. Not sure how it got into Google’s search results

Thanks for putting me straight and my mind at rest.

Wouldn’t it help if the landing page for the development site made its difference clear? I wonder how many of the “login problem” postings I reviewed are actually due to people unwittingly trying to log into this development site because it’s pretty hard to tell the difference.

Thanks again for replying.

We put a note up on the page that it’s a Development/Test instance with a link to the production system

Ha! One step ahead already - very Zerotier! Thanks

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.