Web Hosting Forum | Lunarpages

Author Topic: DNS Redirection Issue With Our Nameservers  (Read 60428 times)

Offline SkillAdvance

  • Spaceship Navigator
  • *****
  • Posts: 82
    • Oracle, Java, Java EE Training
Re: DNS Redirection Issue With Our Nameservers
« Reply #30 on: June 10, 2010, 02:35:50 AM »
It may still be a DNS entry that hasn't been updated somewhere between your partners computer and your website server at LP. Try bypassing the site to IP address translation by using http://74.50.3.253/ in your browser address bar.
« Last Edit: June 10, 2010, 02:38:34 AM by SkillAdvance »
JR
_______________________________________________________

SkillAdvance LLC
 Web:     http://www.skilladvance.com
_______________________________________________________

Offline thisislobo

  • Trekkie
  • **
  • Posts: 15
Re: DNS Redirection Issue With Our Nameservers
« Reply #31 on: June 10, 2010, 01:41:26 PM »
I have a question regarding the wider implications of this hack. Suppose I'm running a blog on my domain which was impacted by the redirection hack. Now I'm always logged in to this blog so my Firefox has cookies that allow the server to authenticate me. Every time my browser makes a request, it sends all the info in the cookies.

Is it not possible that whoever did this redirect hack is reading all the cookie info that was sent to the server  in all these requests and storing it? They could now use this information to log into any of the sites that was hacked.

Shouldn't Lunarpages be advising all clients to change their passwords?

Priest

  • Guest
Re: DNS Redirection Issue With Our Nameservers
« Reply #32 on: June 10, 2010, 02:00:34 PM »
you shouldn't need to change any usernames or passwords.  While you may have been sending some data to the other domain, no script I'm aware of uses just the cookie data to authenticate.  They would have to further perform IP address spoofing, possible browser spoofing, and make other changes.  Many scripts also contain safeguards that will terminate an existing session should any information be invalid so future attempts to use that session data would fail.

In addition, the information stored in cookies is not plain text.  It is a one way cypher that would not be able to be reversed to retrieve a person's username or password

Offline demiurgia

  • Space Explorer
  • ***
  • Posts: 7
Re: DNS Redirection Issue With Our Nameservers
« Reply #33 on: June 10, 2010, 02:43:21 PM »
It may still be a DNS entry that hasn't been updated somewhere between your partners computer and your website server at LP. Try bypassing the site to IP address translation by using http://74.50.3.253/ in your browser address bar.

Thank you That does work but of course each time she clicks a link and goes to new page she has to reinput the numbers or is still going to the redirected site. It is impossible to work that way.

Offline SkillAdvance

  • Spaceship Navigator
  • *****
  • Posts: 82
    • Oracle, Java, Java EE Training
Re: DNS Redirection Issue With Our Nameservers
« Reply #34 on: June 10, 2010, 02:48:03 PM »
Yeah, I imagine so but till the fracas is over, you can at least access the info.
JR
_______________________________________________________

SkillAdvance LLC
 Web:     http://www.skilladvance.com
_______________________________________________________

Offline jlv

  • Space Explorer
  • ***
  • Posts: 9
Re: DNS Redirection Issue With Our Nameservers
« Reply #35 on: June 10, 2010, 04:02:56 PM »
Thank you for your help. She added that to the hosts file and restarted and still gets directed to the 69 site if she types in www.digitalscrapn.com:cry:
If she's having trouble editing the file correctly, this might help if she's running windows:

http://helpdeskgeek.com/windows-7/windows-7-hosts-file/

Offline demiurgia

  • Space Explorer
  • ***
  • Posts: 7
Re: DNS Redirection Issue With Our Nameservers
« Reply #36 on: June 10, 2010, 07:29:45 PM »
Thank you . I will pass on taht link to her to check she has changed hosts properly. She uses XP on one machine and vista on another but I am sure that info will be much the same or I will look for it on that site.


Offline Cuetomer_Too

  • Newbie
  • *
  • Posts: 1
Re: DNS Redirection Issue With Our Nameservers
« Reply #37 on: June 10, 2010, 09:27:44 PM »
 :hiya:

Just a note of THANKS to the people at Lunar Pages.
As I read through the messages - there have been some hostile responses - and your crew has kept your cool - and continued to provide us with
valuable help.

To the fellow who was so upset and kept saying "WHATS THAT PROVE " ... the one thing he proved to me was that he was
one mad jose and probably couldn't be convinced of anything.

I learned long ago I learned a lot more when listening than when talking ...
And functional forums make it easier than ever to listen to people who know.
The best part is that here we could tell them real world experiences so they could know what was happening and respond and help.
What a cheap resource to solve a problem.

Thank you Lunar Pages...
We have liked you ever since we came aboard from another hosting place that started with *edited*.
And they were BAD ( not bat).
I guess you have to know bad to appreciate good.
And this webmaster appreciates GOOD!
GO LUNAR PAGES

 :bounce:

« Last Edit: June 12, 2010, 10:46:43 PM by katrina1 »

Offline viper

  • Newbie
  • *
  • Posts: 1
IT WAS A TROJAN D/L'ER (Re: DNS Redirection Issue With Our Nameservers)
« Reply #38 on: June 11, 2010, 09:06:26 AM »
Just a note.  The page that was on 69.50.197.245 contained a Java applet (.JAR file) that ran and downloaded a .EXE that was designed to slip behind your defenses.

I called the host of 69.50.197.245, Atjeu.com, on Monday and asked them to shut down that site, which they did by Tuesday morning.  However, whoever got that payload MAY have a lingering bug on their system that will continue to interfere with DNS resolution.  I have spoken with at least one person that found a rogue Video Codec that appeared to be causing them to continue to redirect to 69.50.197.245 until they identified it and removed it.  After that was removed, their issues were solved.

This was not just a simple redirect.  I have stored the HTML of the page that used to be up at that IP address, and I did put up all my defenses and follow it through manually.  It definitely tried to slip a trojan into PCs that it got to run on.

If you continue to have issues, please contact a service technician to come clean your PC.  Any lingering issues are absolutely ONLY on your PC at this point...

-- V

Offline thisislobo

  • Trekkie
  • **
  • Posts: 15
Re: DNS Redirection Issue With Our Nameservers
« Reply #39 on: June 11, 2010, 10:37:36 AM »
you shouldn't need to change any usernames or passwords.  While you may have been sending some data to the other domain, no script I'm aware of uses just the cookie data to authenticate.  They would have to further perform IP address spoofing, possible browser spoofing, and make other changes.  Many scripts also contain safeguards that will terminate an existing session should any information be invalid so future attempts to use that session data would fail.

In addition, the information stored in cookies is not plain text.  It is a one way cypher that would not be able to be reversed to retrieve a person's username or password

I agree that cookies would usually not store information in plain text. But that is irrelevant because the server does not need that information in plain text. You don't need to retrieve the username and password to be able to log in - that's the whole point. Spoofing a request made by the browser (even spoofing the IP it was made from) is pretty easy, especially for someone who could hack Lunarpages's nameserver.

Good scripts are immune to session hijacking but there is a lot of badly written software out there. Not to mention custom programs that probably do not take these security measures. You are deluding yourself (unconsciously, perhaps, to avoid bad press) by downplaying the risks here.

Offline jlv

  • Space Explorer
  • ***
  • Posts: 9
I called the host of 69.50.197.245, Atjeu.com, on Monday and asked them to shut down that site, which they did by Tuesday morning. 
Just wanted to thank you for that.  I sent them an email on Monday and didn't get a response.

Offline demiurgia

  • Space Explorer
  • ***
  • Posts: 7
Any lingering issues are absolutely ONLY on your PC at this point...

-- V

Does not seem to be necessarily the case. My partner still cannot connect through her isp to our store at home. She took her laptop to town and used a different isp and it worked perfectly. So something is still not cleared yet between her isp and our store. It is nothing on her computer.

Update on moday 14th  - finally the dns has resolved itself and she can get into everything in our store.  :yey:
« Last Edit: June 13, 2010, 10:30:37 PM by demiurgia »

Offline jonnyalden

  • Newbie
  • *
  • Posts: 3
Re: DNS Redirection Issue With Our Nameservers
« Reply #42 on: May 11, 2011, 08:39:39 PM »
If you are unable to get their email on your phone, you phone itself.If your browser cache and both your operating system's DNS cache is cleared are not able to flush the DNS cache, you also Can try restarting the computer will not be able to access the site.

Offline cancy12

  • Space Explorer
  • ***
  • Posts: 6
Re: DNS Redirection Issue With Our Nameservers
« Reply #43 on: August 24, 2011, 10:50:24 PM »
The web hosting is very necessary for us when we work on internet. We should have it if you uasually work on the Internet.

Offline cancy12

  • Space Explorer
  • ***
  • Posts: 6
DNS Redirection Issue With Our Nameservers
« Reply #44 on: August 26, 2011, 04:43:41 PM »
The compromise occurs when data is introduced into a DNS name server's cache database that did not originate from authoritative DNS sources. It may be a deliberate attempt of a maliciously crafted attack on a name server. It may also be an unintended result of a misconfiguration of a DNS cache or from improper software design of DNS applications.

When a DNS server has received such non-authentic data and caches it for performance optimization, it is considered poisoned, supplying the non-authentic data to the clients of the server.

A domain name server translates a domain name (such as example.com) into an IP address that Internet hosts use to contact Internet resources. If a DNS server is poisoned, it may return an incorrect IP address, diverting traffic to another computer.

 

Share |