Hi!

I just renewed my membership and found that DNSStuff.com has been hacked!!
http://member.dnsstuff.com/rc/

Wonder if our credit card information is secure.

Contact DNSStuff and see what they have to report back regarding their hacked site.

Doesn't the same company that owns WebHostingTalk own dnsstuff.com ?

Doesn't the same company that owns WebHostingTalk own dnsstuff.com ?Not unless iNetinteractive has DNSstuff, LLC as a subsidiary.

Just in case anyone miss out the 'fun' . I took a screenshot.

http://i27.tinypic.com/219tpoi.jpg

Look like dnsstuff used joomla..

I love how these script kiddies hack websites and think it makes them cool. :rolleyes:

Yes, it is Joomla. The one most common vulnerability of Joomla is if the configuration.php is left writable. Otherwise it is pretty much secure software.

The most unfortunate incident can happen at the very time when the webmaster makes it writable to install some add-on.
I only wonder what modules/components they were using and how much is the damage. They can recover their website, but I wonder if any data is in wrong hands.

I love how these script kiddies hack websites and think it makes them cool. :rolleyes:

It is annoying indeed, however - it is worrysome that a site that caters to IT-professionals and prides itself for advanced features gets hacked like this.

I am glad I did not purchase an account there, as I'd have no idea if my financial data would be safe or not.

Not unless iNetinteractive has DNSstuff, LLC as a subsidiary.

http://www.inetinteractive.com/communities/internet/ ;)

Very good. Poor coding i would blame them not the server management team. If i am not wrong they are hosted with rackspace and they are secure guys.

This is not a script kiddie work, its someone who knows what he is doing.

To me it just looks like the Joomla was hacked, as the rest of the site seems functional.

I would just like an idea if CC/user information is secure as otherwise its another round of cancelling credit cards

I pay them using Paypal... if it's ever an option, I'll use it for this reason.

http://www.inetinteractive.com/communities/internet/ ;)


:eek: I had no idea

I remember another host was hacked yesterday with the Joomla problem.

I remember another host was hacked yesterday with the Joomla problem.

Always when designing your company website its a best practice to stick with your own custom designed CMS or use static pages.

Joomla or anyother CMS may have loop holes which can make a hacker to gain access to some files or even hack your website.

OWWW hacking is not something give pleasure to somebody.i realdy dont know why other ppl ruin other ppls right

http://www.inetinteractive.com/communities/internet/ ;)

Is this an ownership picture or...? The message "communities served" is quite confusing. :eek:

Since they went "pay" and their service declined (couldn't stay logged in), I switched to iptools.com and found them to be just as useful...and free.

Also, when a customer contacts us for support - we can link them to iptools.com for more information, without worrying that they're going to be blocked from seeing the results. :)

--Tina

Is this an ownership picture or...? The message "communities served" is quite confusing. :eek:They're all communities of some type. While we have some forums in our circle, we also have different styled community driven web sites.

http://www.inetinteractive.com/about/company sums up how iNET 'serves' these communities. :)

Hello,

It seems that the hacker use Malay language (Malaysia or Indonesia).

Thank you,

They're all communities of some type. While we have some forums in our circle, we also have different styled community driven web sites.

http://www.inetinteractive.com/about/company sums up how iNET 'serves' these communities. :)

The above is exactly why it is an unfortunate formulation. The information should be clear and direct, and in one page.

I love how these script kiddies hack websites and think it makes them cool. :rolleyes:

They just hacked a huge website that caters mostly to the IT professionals.

...and you called them script kiddies?

Funny that it still hasn't been fixed or the defaced index page atleast removed.

Funny that it still hasn't been fixed or the defaced index page atleast removed.

I wouldn't call that funny, I'd call it depressing. Either their support doesn't work weekends so it won't be fixed until Monday, or they just don't know that it's happened (how????)

I'll be watching to see how long it takes to get resolved, and if they release any kind of information. I'm betting that they will just fix it and stay quiet hoping that not many people noticed.

Since they went "pay" and their service declined (couldn't stay logged in), I switched to iptools.com and found them to be just as useful...and free.

I'm doing the same when my current term expires with them. Looks as though they raised the rates from the original signup as well, if the main page is accurate. From $36/year for all, to $50 for some except the DNS report, IPv6 and a few others. That's $30 extra.

Cool iptools.com woks !!, never knew it existed. Dnsstuff days are over i suppose, after they went paid i lost interest in them !!

wrong move on their part i guess, they could have put ads and made more money than going paid and loosing visitors.

Hello,

It seems that the hacker use Malay language (Malaysia or Indonesia).

Thank you,

Hi, dollah, the state definately kedah or penang - Malaysia. Look at the language.

They just hacked a huge website that caters mostly to the IT professionals.

...and you called them script kiddies?

That doesn't mean anything.

Cool iptools.com woks !!, never knew it existed. Dnsstuff days are over i suppose, after they went paid i lost interest in them !!

wrong move on their part i guess, they could have put ads and made more money than going paid and loosing visitors.

yeah,

the second they added pay memberships I stopped going to the site, I use www.loookup.com and www.iptools.com

Personally, I'd think they got hit by an SQL injection. My former employer had two sites hacked in this manner. mod_security and some nice rules can stop these types of attacks.

WTH is a "bangladesh heke"

I sure them one of the group called RipperzCrewz.

Personally, I'd think they got hit by an SQL injection. My former employer had two sites hacked in this manner. mod_security and some nice rules can stop these types of attacks.

Hmm, i cannot think of dnsstuff not already having mod_security and some nice rules too already .. or maybe they never anticipated such a thing ?

Always when designing your company website its a best practice to stick with your own custom designed CMSWrite your own is one of the worst security advice one can give. One of the main principle of computer security is that many (expert) eyes are always better than security through obscurity. Chances are, you / your company coders are not expert in computer security. Writing your own is just going to introduce even more holes than those that are taken care of in mainstream applications.

Joomla or anyother CMS may have loop holes which can make a hacker to gain access to some files or even hack your website.And your version of roll-your-own is sure not to contain those holes....

Write your own is one of the worst security advice one can give. One of the main principle of computer security is that many (expert) eyes are always better than security through obscurity. Chances are, you / your company coders are not expert in computer security. Writing your own is just going to introduce even more holes than those that are taken care of in mainstream applications.

And your version of roll-your-own is sure not to contain those holes....

It really depends, when I was learning PHP the primary focus of just about every resource I had come across was creating a secure PHP script, not just how to throw one together to achieve the goal.

A custom made or in-house script could certainly have holes but then again so do some of the large and widely available scripts. I wouldn't say creating a script in-house makes it any less secure necessarily as it greatly depends on the programming practices of the developers, and whether or not the script is created and then neglected or if it is maintained as any script should be.

I pay them using Paypal... if it's ever an option, I'll use it for this reason.
DNSStuff do not accept PayPal till now. I had to hunt for my Credit Card to renew the membership.