Gearslutz.com compromized! - diyAudio
Go Back   Home > Forums > Member Areas > The Lounge

The Lounge A place to talk about almost anything but politics and religion.

Please consider donating to help us continue to serve you.

Ads on/off / Custom Title / More PMs / More album space / Advanced printing & mass image saving
Reply
 
Thread Tools Search this Thread
Old 1st March 2012, 04:10 AM   #1
diyAudio Member
 
Wavebourn's Avatar
 
Join Date: Sep 2006
Location: Pleasant Hill, CA
Send a message via Skype™ to Wavebourn
Default Gearslutz.com compromized!

Geekslutz forum - Gearslutz.com

I went there tonight and found an adult site. Is it DNS spoof or the site itself had been broken?
__________________
The Devil is not so terrible as his math model is!
  Reply With Quote
Old 1st March 2012, 04:20 AM   #2
GloBug is offline GloBug  Canada
Banned
 
Join Date: Jun 2011
That's odd I just got my DNS sorted out a few minutes ago.
I was there for a moment earlier today looking for a mic preamp for a member here.
Maybe a coincidence I suppose, I thought the Chinese finally hacked me.

The Vonage and the Macbook continued to work, the iMac, ipad and 'doze 7 machine stopped working.

Had me scratching my head for a while.(Translation: profusely swearing).

Is there something wrong with me because I want to click your link and see? Are there midgets?
  Reply With Quote
Old 1st March 2012, 11:34 AM   #3
Cassiel is offline Cassiel  Libya
diyAudio Member
 
Cassiel's Avatar
 
Join Date: Sep 2004
Location: Madrid
Quote:
an adult site
Ahhhh adults..... slutsz, gimps and whatnot. And children's sites aren't safer either. Crooked world.
__________________
Hobby-Horse
  Reply With Quote
Old 2nd March 2012, 04:47 PM   #4
diyAudio Member
 
Wavebourn's Avatar
 
Join Date: Sep 2006
Location: Pleasant Hill, CA
Send a message via Skype™ to Wavebourn
I had a gut feeling that it was DNS!

Quote:
Sorry for being off-line yesterday! (Thursday 1 March)

What happened?

Gearslutz changed web hosts back in June 2011 and the migration went well. During this migration an error was made when the nameservers were configured. One of the nameservers was misspelled and under normal circumstances this would have not caused any issues other than slightly less resilience in the DNS infrastructure.

On 1 March 2012 a hacker noticed this domain exploit and registered the misspelled domain name. They used this domain typo to redirect some users to a "branded" web page that makes money off page clicks. Our web host corrected the misspelling as soon as it was identified at 7am GMT.

Why was this not resolved sooner?
The hacker used a domain name with a time to live (TTL) of one day. This TTL means that any forum users who were redirects to this branded web page would have it cached for 24 hours.

Was I hacked?
The aim of this hack was to make money from the hyper link clicks rather than compromise end users PCs and Macs. But to be on the safe side the techs at our server company scanned the web page - and confirmed no viruses or snide scripts. Your computer is clean!

Will this happen again?
No. The changes we've made are permanent and will stop this from happening again. We will also be moving our domain registration to our web hosting provider so any future updates will be handled automatically to prevent any further typos.
The end result was a boring wait until the DNS propagated.

Welcome back and sorry for the disruption!!

Jules
__________________
The Devil is not so terrible as his math model is!
  Reply With Quote
Old 2nd March 2012, 04:55 PM   #5
tvrgeek is offline tvrgeek  United States
diyAudio Member
 
Join Date: Dec 2009
Location: Md
I am not sure of the date, but the collection of name servers that has been preventing the big DNS redirection hack from working are going off line soon, so all those who had not fixed this systems may be again exploited. The US ran them for 6 months to give every one time.

Glad they jumped on the error and got it fixed. So many don't. No matter how good our tools are, fat fingers will still undo them!

There were a lit of issues on the 29th as it seems Microsoft's cloud had a date problem.
  Reply With Quote
Old 2nd March 2012, 11:28 PM   #6
Ron E is offline Ron E  United States
diyAudio Member
 
Ron E's Avatar
 
Join Date: Jun 2002
Location: USA, MN
Quote:
Originally Posted by GloBug View Post
Is there something wrong with me because I want to click your link and see? Are there midgets?
oompaloompas!
__________________
Our species needs, and deserves, a citizenry with minds wide awake and a basic understanding of how the world works. --Carl Sagan
Armaments, universal debt, and planned obsolescence--those are the three pillars of Western prosperity. Aldous Huxley
  Reply With Quote
Old 3rd March 2012, 06:34 PM   #7
diyAudio Member
 
Join Date: Mar 2012
Default What really happened...

Hi Folks

Sorry for being off-line on Thurs 1st March!

What happened?

Gearslutz changed web hosts back in June 2011 and the migration went well. During this migration an error was made when the nameservers were configured. One of the nameservers was misspelled and under normal circumstances this would have not caused any issues other than slightly less resilience in the DNS infrastructure.

On 1 March 2012 a hacker noticed this domain exploit and registered the misspelled domain name. They used this domain typo to redirect approximately 1/3rd of visitors to a "branded" web page that makes money off page clicks. Our web host corrected the misspelling as soon as it was identified at 7am GMT.

Why was this not resolved sooner?
The hacker used a domain name with a time to live (TTL) of one day. This TTL means that any forum users who were redirects to this branded web page would have it cached for 24 hours.

Was I hacked?
The aim of this hack was to make money from the hyper link clicks rather than compromise end users PCs and Macs. But to be on the safe side the techs at our server company scanned the web page - and confirmed no viruses or snide scripts. Your computer is clean!

Will this happen again?
No. The changes we've made are permanent and will stop this from happening again. We will also be moving our domain registration to our web hosting provider so any future updates will be handled automatically to prevent any further typos.

The end result was a typo over a year old caused the site to be inaccessible for 1/3rd of its visitors and boring wait until the DNS propagated.

Sorry for the interruption in service!

if you are still getting the bogus site here is a link that tells you how to flush your DNS How to Flush DNS

Thanks

Jules
GS Admin
  Reply With Quote
Old 3rd March 2012, 07:20 PM   #8
diyAudio Member
 
Wavebourn's Avatar
 
Join Date: Sep 2006
Location: Pleasant Hill, CA
Send a message via Skype™ to Wavebourn
Hi Jules;

welcome aboard!
__________________
The Devil is not so terrible as his math model is!
  Reply With Quote

Reply


Hide this!Advertise here!
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



New To Site? Need Help?

All times are GMT. The time now is 02:38 PM.


vBulletin Optimisation provided by vB Optimise (Pro) - vBulletin Mods & Addons Copyright © 2014 DragonByte Technologies Ltd.
Copyright 1999-2014 diyAudio

Content Relevant URLs by vBSEO 3.3.2