Results 1 to 37 of 37
  1. #1

    DNSStuff.com has been hacked !!

    Hi!

    I just renewed my membership and found that DNSStuff.com has been hacked!!
    http://member.dnsstuff.com/rc/

    Wonder if our credit card information is secure.
    Reseller Hosting and dedicated servers at www.bizstreet.net

  2. #2
    Join Date
    Apr 2004
    Location
    Singapore
    Posts
    1,506
    Contact DNSStuff and see what they have to report back regarding their hacked site.
    tanfwc
    Singapore Managed Colocation
    Singapore BGP Announcement

  3. #3
    Join Date
    Oct 2007
    Location
    United States
    Posts
    1,175
    Doesn't the same company that owns WebHostingTalk own dnsstuff.com ?
    www.DMEHosting.com - DME Hosting LLC | Servers, KVM/OpenVZ VPS's, Email Hosting, Web Hosting

  4. #4
    Join Date
    Jul 2005
    Location
    Huh... where am I again?
    Posts
    974
    Quote Originally Posted by Speedy059 View Post
    Doesn't the same company that owns WebHostingTalk own dnsstuff.com ?
    Not unless iNetinteractive has DNSstuff, LLC as a subsidiary.
    -Steven | u2-web, LLC - Clustered Shared Hosting
    "It is the mark of an educated mind to be able to entertain a thought without accepting it" -Aristotle

  5. #5
    Join Date
    Jul 2007
    Posts
    32
    Just in case anyone miss out the 'fun' . I took a screenshot.

    http://i27.tinypic.com/219tpoi.jpg

    Look like dnsstuff used joomla..

  6. #6
    Join Date
    Jun 2007
    Location
    North Carolina
    Posts
    4,987
    I love how these script kiddies hack websites and think it makes them cool.

  7. #7
    Yes, it is Joomla. The one most common vulnerability of Joomla is if the configuration.php is left writable. Otherwise it is pretty much secure software.

    The most unfortunate incident can happen at the very time when the webmaster makes it writable to install some add-on.
    I only wonder what modules/components they were using and how much is the damage. They can recover their website, but I wonder if any data is in wrong hands.
    Reseller Hosting and dedicated servers at www.bizstreet.net

  8. #8
    Quote Originally Posted by JohnJ View Post
    I love how these script kiddies hack websites and think it makes them cool.
    It is annoying indeed, however - it is worrysome that a site that caters to IT-professionals and prides itself for advanced features gets hacked like this.

    I am glad I did not purchase an account there, as I'd have no idea if my financial data would be safe or not.

  9. #9
    Join Date
    Feb 2002
    Location
    Reading, England
    Posts
    4,243
    Quote Originally Posted by steven99 View Post
    Not unless iNetinteractive has DNSstuff, LLC as a subsidiary.
    http://www.inetinteractive.com/communities/internet/
    Steve

  10. #10
    Join Date
    Sep 2004
    Location
    Chennai , India
    Posts
    4,608
    Very good. Poor coding i would blame them not the server management team. If i am not wrong they are hosted with rackspace and they are secure guys.

    This is not a script kiddie work, its someone who knows what he is doing.

  11. #11
    Join Date
    Mar 2007
    Location
    UK
    Posts
    852
    To me it just looks like the Joomla was hacked, as the rest of the site seems functional.
    ZXPlay
    Premium Virtual Private Servers | Dedicated Media Streaming Servers
    Dedicated Resources | EU Based
    www.zxplay.co.uk

  12. #12
    Join Date
    Jun 2003
    Location
    UK
    Posts
    6,601
    I would just like an idea if CC/user information is secure as otherwise its another round of cancelling credit cards
    Russ Foster - Industry Curmudgeon

  13. #13
    Join Date
    Aug 2006
    Location
    Ashburn VA, San Diego CA
    Posts
    4,571
    I pay them using Paypal... if it's ever an option, I'll use it for this reason.
    Fast Serv Networks, LLC | AS29889 | Fully Managed Cloud, Streaming, Dedicated Servers, Colo by-the-U
    Since 2003 - Ashburn VA + San Diego CA Datacenters

  14. #14
    Join Date
    May 2006
    Location
    NJ, USA
    Posts
    6,456
    Quote Originally Posted by Vortex-Steve View Post

    I had no idea

  15. #15
    Join Date
    May 2006
    Posts
    572
    I remember another host was hacked yesterday with the Joomla problem.
    I'm currently hosting with: hostgator

  16. #16
    Join Date
    Sep 2004
    Location
    Chennai , India
    Posts
    4,608
    Quote Originally Posted by dave-dave View Post
    I remember another host was hacked yesterday with the Joomla problem.
    Always when designing your company website its a best practice to stick with your own custom designed CMS or use static pages.

    Joomla or anyother CMS may have loop holes which can make a hacker to gain access to some files or even hack your website.

  17. #17
    OWWW hacking is not something give pleasure to somebody.i realdy dont know why other ppl ruin other ppls right

  18. #18
    Quote Originally Posted by Vortex-Steve View Post
    Is this an ownership picture or...? The message "communities served" is quite confusing.

  19. #19
    Join Date
    Feb 2001
    Location
    West Michigan, USA
    Posts
    9,675
    Since they went "pay" and their service declined (couldn't stay logged in), I switched to iptools.com and found them to be just as useful...and free.

    Also, when a customer contacts us for support - we can link them to iptools.com for more information, without worrying that they're going to be blocked from seeing the results.

    --Tina
    ||| 99.999% Uptime SLA!!!
    Plenty of space and bandwidth to fit your needs!
    www.AEIandYou.com - - (WP Friendly - Premium Reseller Hosting and Cheap Dedicated Servers)

  20. #20
    Join Date
    Jun 2001
    Location
    Kalamazoo
    Posts
    33,190
    Quote Originally Posted by Henrik View Post
    Is this an ownership picture or...? The message "communities served" is quite confusing.
    They're all communities of some type. While we have some forums in our circle, we also have different styled community driven web sites.

    http://www.inetinteractive.com/about/company sums up how iNET 'serves' these communities.
    There is no best host. There is only the host that's best for you.

  21. #21
    Hello,

    It seems that the hacker use Malay language (Malaysia or Indonesia).

    Thank you,
    Fadhlullah Abd Rahman - Server Hosting Division
    Fivio.com | Customize Server Solutions
    Dedicated Servers - Managed Colocation - SMS Servers.

  22. #22
    Quote Originally Posted by SoftWareRevue View Post
    They're all communities of some type. While we have some forums in our circle, we also have different styled community driven web sites.

    http://www.inetinteractive.com/about/company sums up how iNET 'serves' these communities.
    The above is exactly why it is an unfortunate formulation. The information should be clear and direct, and in one page.

  23. #23
    Join Date
    May 2006
    Posts
    872
    Quote Originally Posted by JohnJ View Post
    I love how these script kiddies hack websites and think it makes them cool.
    They just hacked a huge website that caters mostly to the IT professionals.

    ...and you called them script kiddies?
    hosted by HawkHost
    I Recommend: LimeStone Networks!
    The OverSeller Defender!

  24. #24
    Join Date
    Aug 2006
    Location
    London
    Posts
    549
    Funny that it still hasn't been fixed or the defaced index page atleast removed.

  25. #25
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    16,087
    Quote Originally Posted by Ekin View Post
    Funny that it still hasn't been fixed or the defaced index page atleast removed.
    I wouldn't call that funny, I'd call it depressing. Either their support doesn't work weekends so it won't be fixed until Monday, or they just don't know that it's happened (how????)

    I'll be watching to see how long it takes to get resolved, and if they release any kind of information. I'm betting that they will just fix it and stay quiet hoping that not many people noticed.
    Michael Denney - MDDHosting LLC
    New shared plans for 2016! Check them out!
    Highly Available Shared, Premium, Reseller, and VPS
    http://www.mddhosting.com/

  26. #26
    Join Date
    Oct 2002
    Location
    State of Disbelief
    Posts
    22,948
    Quote Originally Posted by AH-Tina View Post
    Since they went "pay" and their service declined (couldn't stay logged in), I switched to iptools.com and found them to be just as useful...and free.
    I'm doing the same when my current term expires with them. Looks as though they raised the rates from the original signup as well, if the main page is accurate. From $36/year for all, to $50 for some except the DNS report, IPv6 and a few others. That's $30 extra.
    Having problems, or maybe questions about WHT? Head over to the help desk!

  27. #27
    Join Date
    Sep 2005
    Location
    In canada
    Posts
    3,213
    Cool iptools.com woks !!, never knew it existed. Dnsstuff days are over i suppose, after they went paid i lost interest in them !!

    wrong move on their part i guess, they could have put ads and made more money than going paid and loosing visitors.

  28. #28
    Join Date
    Mar 2004
    Location
    Kuala Lumpur
    Posts
    148
    Quote Originally Posted by dollah View Post
    Hello,

    It seems that the hacker use Malay language (Malaysia or Indonesia).

    Thank you,
    Hi, dollah, the state definately kedah or penang - Malaysia. Look at the language.

  29. #29
    Join Date
    Oct 2005
    Location
    Surrey BC
    Posts
    1,319
    Quote Originally Posted by 40sixty View Post
    They just hacked a huge website that caters mostly to the IT professionals.

    ...and you called them script kiddies?
    That doesn't mean anything.


    + NOW WE'RE MAKING RECORDS, NOW WE'RE MAKING TAPES

  30. #30
    Join Date
    Feb 2004
    Location
    Atlanta, GA
    Posts
    5,627
    Quote Originally Posted by Energizer Bunny View Post
    Cool iptools.com woks !!, never knew it existed. Dnsstuff days are over i suppose, after they went paid i lost interest in them !!

    wrong move on their part i guess, they could have put ads and made more money than going paid and loosing visitors.
    yeah,

    the second they added pay memberships I stopped going to the site, I use www.loookup.com and www.iptools.com

  31. #31
    Join Date
    Jan 2008
    Location
    St. John's, NL
    Posts
    2,114
    Personally, I'd think they got hit by an SQL injection. My former employer had two sites hacked in this manner. mod_security and some nice rules can stop these types of attacks.
    Cpanel/WHM PHP Perl Ruby Full Time Support
    LCWSoft - Canada web hosting (based in Newfoundland) since 2007
    Servers based in the US and Canada (Uptime Report)

  32. #32
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,512
    WTH is a "bangladesh heke"

  33. #33
    Join Date
    Jan 2005
    Location
    Malaysia
    Posts
    112
    I sure them one of the group called RipperzCrewz.

  34. #34
    Join Date
    Sep 2005
    Location
    In canada
    Posts
    3,213
    Quote Originally Posted by larwilliams View Post
    Personally, I'd think they got hit by an SQL injection. My former employer had two sites hacked in this manner. mod_security and some nice rules can stop these types of attacks.
    Hmm, i cannot think of dnsstuff not already having mod_security and some nice rules too already .. or maybe they never anticipated such a thing ?

  35. #35
    Join Date
    Mar 2008
    Posts
    33
    Quote Originally Posted by Biju View Post
    Always when designing your company website its a best practice to stick with your own custom designed CMS
    Write your own is one of the worst security advice one can give. One of the main principle of computer security is that many (expert) eyes are always better than security through obscurity. Chances are, you / your company coders are not expert in computer security. Writing your own is just going to introduce even more holes than those that are taken care of in mainstream applications.

    Joomla or anyother CMS may have loop holes which can make a hacker to gain access to some files or even hack your website.
    And your version of roll-your-own is sure not to contain those holes....

  36. #36
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    16,087
    Quote Originally Posted by ktchan View Post
    Write your own is one of the worst security advice one can give. One of the main principle of computer security is that many (expert) eyes are always better than security through obscurity. Chances are, you / your company coders are not expert in computer security. Writing your own is just going to introduce even more holes than those that are taken care of in mainstream applications.

    And your version of roll-your-own is sure not to contain those holes....
    It really depends, when I was learning PHP the primary focus of just about every resource I had come across was creating a secure PHP script, not just how to throw one together to achieve the goal.

    A custom made or in-house script could certainly have holes but then again so do some of the large and widely available scripts. I wouldn't say creating a script in-house makes it any less secure necessarily as it greatly depends on the programming practices of the developers, and whether or not the script is created and then neglected or if it is maintained as any script should be.
    Michael Denney - MDDHosting LLC
    New shared plans for 2016! Check them out!
    Highly Available Shared, Premium, Reseller, and VPS
    http://www.mddhosting.com/

  37. #37
    Quote Originally Posted by FastServ View Post
    I pay them using Paypal... if it's ever an option, I'll use it for this reason.
    DNSStuff do not accept PayPal till now. I had to hunt for my Credit Card to renew the membership.
    Reseller Hosting and dedicated servers at www.bizstreet.net

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •