Gearslutz.com Hijacked?
- MisterMark
- gettin' sounds
- Posts: 134
- Joined: Thu May 08, 2003 11:52 am
- Location: Dallas, Tejas
- Contact:
Gearslutz.com Hijacked?
Has anyone noticed when you go to gearslutz.com you get a portal to a porn site? Seems they may have been hijacked!
-Mark
-Mark
Placid Audio - Home of the Copperphone
"Turn it up till it squeals then back it down a hair"
"Take these pills and pull down your pants... um, I mean, here take these pills"
"Turn it up till it squeals then back it down a hair"
"Take these pills and pull down your pants... um, I mean, here take these pills"
- Recycled_Brains
- resurrected
- Posts: 2354
- Joined: Tue Nov 22, 2005 6:58 pm
- Location: Albany, NY
- Contact:
- MisterMark
- gettin' sounds
- Posts: 134
- Joined: Thu May 08, 2003 11:52 am
- Location: Dallas, Tejas
- Contact:
Hmmm... cleared my history and cookies and I'm still getting the porn portal... not looking for granny dating sites right now... any ideas?
-Mark
-Mark
Placid Audio - Home of the Copperphone
"Turn it up till it squeals then back it down a hair"
"Take these pills and pull down your pants... um, I mean, here take these pills"
"Turn it up till it squeals then back it down a hair"
"Take these pills and pull down your pants... um, I mean, here take these pills"
- ulriggribbons
- steve albini likes it
- Posts: 398
- Joined: Sun Oct 26, 2003 7:50 pm
- Location: Seattle, WA
-
- audio school
- Posts: 8
- Joined: Tue Jan 26, 2010 9:01 pm
- Location: Indianola, Washington
You can access GS via their IP address...but I believe it's read only....I tried to post an ad...no go.
here's the IP
http://176.56.59.10/board/
here's the IP
http://176.56.59.10/board/
Hi TapeOp peeps
Sorry for being off-line on Thurs 1st March!
What happened?
Gearslutz changed web hosts back in June 2011 and the migration went well. During this migration an error was made when the nameservers were configured. One of the nameservers was misspelled and under normal circumstances this would have not caused any issues other than slightly less resilience in the DNS infrastructure.
On 1 March 2012 a hacker noticed this domain exploit and registered the misspelled domain name. They used this domain typo to redirect approximately 1/3rd of visitors to a "branded" web page that makes money off page clicks. Our web host corrected the misspelling as soon as it was identified at 7am GMT.
Why was this not resolved sooner?
The hacker used a domain name with a time to live (TTL) of one day. This TTL means that any forum users who were redirects to this branded web page would have it cached for 24 hours.
Was I hacked?
The aim of this hack was to make money from the hyper link clicks rather than compromise end users PCs and Macs. But to be on the safe side the techs at our server company scanned the web page - and confirmed no viruses or snide scripts. Your computer is clean!
Will this happen again?
No. The changes we've made are permanent and will stop this from happening again. We will also be moving our domain registration to our web hosting provider so any future updates will be handled automatically to prevent any further typos.
The end result was a typo over a year old caused the site to be inaccessible for 1/3rd of its visitors and boring wait until the DNS propagated.
Sorry for the interruption in service!
if you are still getting the bogus site here is a link that tells you how to flush your DNS http://www.tech-faq.com/how-to-flush-dns.html
Thanks
Jules
GS Admin
Sorry for being off-line on Thurs 1st March!
What happened?
Gearslutz changed web hosts back in June 2011 and the migration went well. During this migration an error was made when the nameservers were configured. One of the nameservers was misspelled and under normal circumstances this would have not caused any issues other than slightly less resilience in the DNS infrastructure.
On 1 March 2012 a hacker noticed this domain exploit and registered the misspelled domain name. They used this domain typo to redirect approximately 1/3rd of visitors to a "branded" web page that makes money off page clicks. Our web host corrected the misspelling as soon as it was identified at 7am GMT.
Why was this not resolved sooner?
The hacker used a domain name with a time to live (TTL) of one day. This TTL means that any forum users who were redirects to this branded web page would have it cached for 24 hours.
Was I hacked?
The aim of this hack was to make money from the hyper link clicks rather than compromise end users PCs and Macs. But to be on the safe side the techs at our server company scanned the web page - and confirmed no viruses or snide scripts. Your computer is clean!
Will this happen again?
No. The changes we've made are permanent and will stop this from happening again. We will also be moving our domain registration to our web hosting provider so any future updates will be handled automatically to prevent any further typos.
The end result was a typo over a year old caused the site to be inaccessible for 1/3rd of its visitors and boring wait until the DNS propagated.
Sorry for the interruption in service!
if you are still getting the bogus site here is a link that tells you how to flush your DNS http://www.tech-faq.com/how-to-flush-dns.html
Thanks
Jules
GS Admin
Jules
Gearslutz.com admin
Gearslutz.com admin
Who is online
Users browsing this forum: digitaldrummer, drumsound and 142 guests