Phishing website bitwardenlogin.com

As I’ve noted above, is is a violation of Bitwarden’s Trademark Policies to use the name bitwarden as part of your domain name. Refraining from doing so would alleviate most concerns with regards to the legitimate self-hosted sites. Thus, it would be a good idea if a prominent notice to this effect was presented during the installation process for self-hosted servers (or even better, if the server software automatically examined the server domain name and produced an error message if the domain name contains the word bitwarden but is not identically equal to vault.bitwarden.com).

1 Like

You’re totally right, but many people probably won’t search the Github repository for such guidelines. When I installed my self-hosted instance a few years ago, I first used “bitwarden” as well but changed it to “bw” later on because I’m lazy. :sweat_smile:

Funny thing is, the official documentation actually recommends using “bitwarden” as name:

We recommend configuring a domain name with DNS records that point to your host machine (for example, bitwarden.example.com ), especially if you are serving Bitwarden over the internet.

Is there a way to check the devices that are currently logged in and a history of unique logins through the vault? I get emails regarding new devices logged in but the IP address locations are probably some ISP server locations and not the exact locations.

I could be missing something. But why are certain things like changing security settings and reports only possible to do through the web vault? If the browser extension and the apps (desktop and mobile) are fully featured, there would not be a need to go to the web vault thereby reducing the risks from these phishing websites.

The phishing website has reappeared: https://www.loginbitwarden.com/ and it forwards to an exact replica of the Bitwarden web vault page. I just filled in the forum posted above and flagged it to the google team…not good though.
I feel the whole Bitwarden community is in great danger.

The phishing website appears in the Google search result after typing “bitwarden web” ans it is a “sponsored” link that appears in the first page, right above the first result (which is Bitwarden web)

MORE INFO:

Registrar Info

Name

Registrar of domain names REG.RU LLC

Whois Server

Referral URL

www dot reg dot com

Status

Important Dates

Expires On

2024-01-28

Registered On

2023-01-28

Updated On

2023-01-28

Name Servers

[ns1 dot reg dot ru]

[ns2 dot reg dot ru]

Quote :

  1. You may not use or register, in whole or in part, the Marks as part of your own trademark, service mark, domain name, company name, trade name, product name, service name or social media handle/account.

The terminology is important here :

tld = top level domain name (.com)
domain-name = domain name (example)
root-domain = domain-name + tld (example.com)
hostname = the name of a host (bitwarden)
subdomain = sub + root-domain (bitwarden.example.com)
FQDN = hostname + root-domain (bitwarden.example.com)
URL = scheme (https://) + FQDN + PATH (https://bitwarden.example.com/login)

I think the Trademark policy only restrains you from registering a domain-name with the word Bitwarden in it, e.g. bitwarden-is-cool.de. Not sure that it applies to the subdomains of a domain you own (bitwarden.my-domain.co.uk).

Can someone confirm?

The discovered Bitwarden instances may be legitimate instances. Be careful if you request takedown.

Good point. I think it depends on whether the Terms were written by a lawyer or an engineer… :laughing: