Update on searchportal.information.com DNS Attack
Update to my first post about DNS ATTACK
Just now observed that DNS poisoning continues this time affected DNS servers belong to 1AND1.COM AKA 1&1 Internet Inc. - one of the largest registrars and hosters!
I am getting pretty scared - if they can’t deal with this problem for three days in a row - Internet is a dangerous place now!
Some more info on this - hacked DNS servers resolve Hijacked domains to 66.151.179.147 which hosts a 302 redirect as yesterday. The landing page on searchportal.information.com belongs to account id 19911 as yesterday.
Shit! Nobody is doing anything - neither the servicing of the IP 66.151.179.147 is stopped nor the hosing discontinued or redirect script deleted. The account 19911 on searchportal.information.com is alive and well and not banned. What the fun is going on? Where all those bloody spam-hunters now? Nor the DNS providers neither the Hosting company seem to be doing anything!
At the moment according to domaintools there are 16633 domains hosted on this IP address.
Once again to clear it out it isn’t an Easter DOS Attack as there is no Denial Of Service as such it is DNS hijack or DNS spoofing if you wish when rather high up at the hierarhy of DNS servers your domain name resolves to the attacker’s IP address. This poisoned data spreads over multiple DNS servers around the world and gradually gets cleaned only after correct IP address is restored at a parent DNS server.
IMPORTANT
Once again I remind you to change all the passwords as the redirect script on 66.151.179.147 also collects cookies and authentication requests from your e-mail and FTP clients are most likely logged too.
tags: 1and1, dns, dos, easter, alert, attack, danger, hack, hijack, oneandone, password, poisoning, red alert, security, spoofing
Posted by LZZR under SEDD | Comments (3)
