If anyone is still not sure about whether those were really the official forums (especially now that they are offline)...
When I registered at huxleyvs.com/huxleyversus.com I later received an email with the subject: "Account validated at Huxley Forums!" It contained some information about the account I had created and let me know the account is now active/validated. I checked the headers on it which appeared as such:
Received: from [66.251.34.90] (helo=WZA-D-001.us.webzen.com)
by [My Web Server was Here] with esmtp (Exim 4.63)
(envelope-from
)
id 1IFdFX-0008DU-S4
for riptide@[My Server]; Mon, 30 Jul 2007 17:58:00 -0400
Received: from WZA-D-001.us.webzen.com (WZA-D-001.us.webzen.com [127.0.0.1])
by WZA-D-001.us.webzen.com (8.13.8/8.13.8) with ESMTP id l6UMUWxQ002240
for ; Mon, 30 Jul 2007 15:31:01 -0700Already from the first line there, I could see that it identified itself to my mail server as WZA-D-001.us.webzen.com in the "helo" line, but that can be anything the sender wants to put, but the IP address is more likely to be correct -- it'd either be a proxy or their real address/NAT/Firewall (can't be spoofed because of the 3-way TCP handshake involved with SMTP connections). The second set of Received headers are what was already in the headers before it got to my server. That could also be faked.
So for verification on the IP address, I performed a whois on the address listed in the headers. The whois returned:
PaeTec Communications, Inc. PAETECCOMM (NET-66-251-0-0-1)
66.251.0.0 - 66.251.127.255
WEBZEN PAET-AN-WEBZE-1 (NET-66-251-34-80-1)
66.251.34.80 - 66.251.34.95
Then I did a whois on PAET-AN-WEBZE-1 which returned:
WEBZEN PAET-AN-WEBZE-1 (NET-66-251-34-80-1) 66.251.34.80 - 66.251.34.95
WEBZEN PAET-AN-WEBZE-1 (NET-63-139-240-240-1) 63.139.240.240 - 63.139.240.255
and finally a whois on NET-66-251-34-80-1 which returned:
CustName: WEBZEN
Address: 6601 CENTER DR W
City: LOS ANGELES
StateProv: CA
PostalCode: 90045
Country: US
RegDate: 2005-09-07
Updated: 2005-09-07
among other information which isn't as important for this.
It's one thing to fake a domain's registration info, and a completely different and much more difficult thing to purchase static IP space with fake information, so I believe this to be the real deal since the email obviously came from a mail server located within IP space I verified to be WebZen's. Technically it's still possible for that email to be generated from WebZen's IP space utilizing php email vulnerabilities if someone had found one, but what are the chances that someone went through the trouble of faking their site and a forum and then found an exploit in their site? And for what? To fool a bunch of gamers? Possible, but Occam/Ockham (http://en.wikipedia.org/wiki/Occam's_Razor) says otherwise.
I used to work as an intrusion a,nalyst for a managed network security company, and I had to be certified to work there, so I pretty much know what I am talking about (feel free to disagree, though -- I am open to criticism, but expect a technical response).
I apologize for this being a bit long winded... I just wanted to dispel more doubts.