Secunia Was Owned or DNS/domain hijacked?
Today Morning Secunia website was out of service and the reason of this service disruption is a DNS-attack. Many users thought that the website was compromised by hackers but that was not the case, the attack was made on the DNS server by redirecting users attempting to enter Secunia website to Hackers Website IP address.
On the hackers website you can find the following :
Sans have recived some reports from people about this incident they found that the site web located at the following IP address:
$ host www.secunia.com
www.secunia.com is an alias for secunia.com.
secunia.com has address 18.104.22.168
secunia.com mail is handled by 0 secunia.com.
And by running telnet on the original Secunia’s web site the server is still running:
$ telnet 22.214.171.124 80
Connected to secunia.com (126.96.36.199).
Escape character is ‘^]’.
GET / HTTP/1.0
HTTP/1.1 200 OK
Date: Thu, 25 Nov 2010 08:46:29 GMT
This is not the first DNS attack we read about in the news there were a big number of incidents that are related to the DNS record and it is now very important to start using and implementing the DNSSec to protect the DNS servers.
make sure you subscribe to my RSS feed!