How can we verify that this redirect is real? Basically what I'm getting at is couldn't the domain owner have built this redirect to a clone site along with identical mod accounts in use by whomever they choose to assign access to the "mod" accounts? With the warnings that this would happen were the site to become compromised, this is suspicious to say the least. Edit: another concern of mine is if the directory structure was also cloned exactly, if the user database is part of the directory, wouldn't that be cloned as well so the usernames would still be associated with their respective passwords? This would allow the old passwords to work, which nullifies the check laid out in an earlier sticky to try a wrong password.

How can we verify that this redirect is real? Basically what I'm getting at is couldn't the domain owner have built this redirect to a clone site along with identical mod accounts in use by whomever they choose to assign access to the "mod" accounts? With the warnings that this would happen were the site to become compromised, this is suspicious to say the least.

Edit: another concern of mine is if the directory structure was also cloned exactly, if the user database is part of the directory, wouldn't that be cloned as well so the usernames would still be associated with their respective passwords?

How can we verify that this redirect is real?

Basically what I'm getting at is couldn't the domain owner have built this redirect to a clone site along with identical mod accounts in use by whomever they choose to assign access to the "mod" accounts? With the warnings that this would happen were the site to become compromised, this is suspicious to say the least.