DNS URL Redirect Attack

Nifty · Feb 21, 2016

Over the past day or two the site has been attacked by spammers. They were able to redirect our URL to various spam sites.

I've been working tirelessly with the tech team to find the cause and then a solution to the problem. The internet routing of the site's domain name (the DNS) and the URL routing got hijacked.We've since fixed the problem on our end, but it sometimes takes hours and even days for "propagation" of the fix to all the servers around the world to get the info that the change has been made.

It sucks that there are so many people around the world doing all they can to maliciously attack sites and servers. We've been lucky over the years that we've been able to keep most spammers and hackers at bay (even the big companies with all their money and experts have a hard time fighting the scourge), but we're working hard to ensure it doesn't happen again!

stratman · Feb 21, 2016

Thank you for the explanation, Nifty!

Ink stained Fingers · Feb 21, 2016

thanks for taking action !!

ThrillaMozilla · Feb 22, 2016

Possibly something to do with this?
https://nakedsecurity.sophos.com/2016/02/22/worlds-biggest-linux-distro-infected-with-malware/
http://blog.linuxmint.com/?p=3001
Maybe coincidence, but something was going around.

http://arstechnica.com/security/201...cks-silently-delivers-ransomware-to-visitors/

It may not have anything to do with either, actually. As Nifty said, this appears to be the fault of DNS. Still, the attack looks rather similar. I tried to visit this site, and got redirected to some other site that presented what looked like search results. I don't understand this stuff, but NO WAY would I click on any of those links.

The Hat · Feb 22, 2016

All I know is, that this bug is a new kid on the block and that’s why it’s been more successful that others, most of the Anti-virus company’s had no idea it was there till yesterday, we check with 58 different anti-malware companies and none of them had no record of it, they do now.

It managed got past my Symantec into a temp folder without detection but was then blocked when it tried to launch, it got quarantined..

turbguy · Feb 22, 2016

I am still getting redirected at home using windows 7, Google chome, even after clearing the cache. But, if I use an android tablet from home (same DNS server?), no problems getting to the site.

Go figure...

Nifty · Feb 22, 2016

Ya, DNS propagation is a weird thing. Throughout the whole experience I was having very inconsistent results using my phone (cell network) desktop, etc. Some people didn't have any problems and others are still having problems even today.

It's so frustrating that there are so many people out there trying to do harm. We've updated all the software, beefed up security, and increased our daily backup procedures. Nothing guarantees 100% safety from this junk, but we're doing all we can!

Thanks to all you guys for your patience and understanding!

ThrillaMozilla · Feb 24, 2016

For what it's worth, I changed my DNS server right away to Google (8.8.8.8), and I've had no trouble since. I have no idea whether that's what fixed it, however.

websnail · Feb 26, 2016

The joys of DNS propogation are just endless... As a rule you're looking at 24 hours for any changes to propogate but some DNS servers have TTL (Time to Live) settings that wait closer to a week which just makes this sort of thing all the more "interesting".

Good catch though Rob...

DNS URL Redirect Attack

Nifty

Printer VIP

stratman

Printer VIP

Ink stained Fingers

Printer VIP

ThrillaMozilla

Printer Master

The Hat

Printer VIP

turbguy

Printer Master

Nifty

Printer VIP

ThrillaMozilla

Printer Master

websnail

Printer VIP

Latest posts

DNS URL Redirect Attack

Printer VIP

Printer VIP

Printer VIP

Printer Master

Printer VIP

Printer Master

Printer VIP

Printer Master

Printer VIP

Log in