| You are here: DEVPPL ‹ Forum ‹ For Webmasters ‹ Domain Names Forum |
NOTIFICATIONS
|
|
|||||||||||||||
Login |
How my domain got "robbed" for an hour
4 posts
• Page 1 of 1
0
How my domain got "robbed" for an hour
by Leonard » Tue Aug 26, 2008 6:33 am
Oh man...
I couldn't believe what just happened...
My main domain got "robbed". The domain was pointing to a wrong IP-Address.
Luckily my wife noticed that the webmail was not working and I went to investigate the problem. I first thought my server was down, but all services were up and running.
I then noticed that it was not my server. The DNS-query (the A-Records) showed that the domain was pointing to completely wrong IP-Addresses, and the MX-Record was pointing to the domain itsself (therefore also to the wrong IP-Addresses).
I checked the nameservers I had configured at my registrar. They were correct.
I then checked the entries of my DNS-provider. They were correct too.
So what must have happened is that someone had access to the nameservers with higher priority than I had.
I opened an account on a new DNS-provider and I reconfigured the nameservers at my registrar to point there. Now my domain is working properly again.
It was pure luck that I noticed this whole thing within an hour. Man this gives me the creeps.... all emails went to the wrong server in this hour!! Everywhere you use an email address as login, the password can be (re-)sent by a click. I guess there's nothing else than to change all passwords where I use an email of this domain as login.
Cheers! - And I hope this doesn't happen to you!!
- leonard
I couldn't believe what just happened...
My main domain got "robbed". The domain was pointing to a wrong IP-Address.
Luckily my wife noticed that the webmail was not working and I went to investigate the problem. I first thought my server was down, but all services were up and running.
I then noticed that it was not my server. The DNS-query (the A-Records) showed that the domain was pointing to completely wrong IP-Addresses, and the MX-Record was pointing to the domain itsself (therefore also to the wrong IP-Addresses).
I checked the nameservers I had configured at my registrar. They were correct.
I then checked the entries of my DNS-provider. They were correct too.
So what must have happened is that someone had access to the nameservers with higher priority than I had.
I opened an account on a new DNS-provider and I reconfigured the nameservers at my registrar to point there. Now my domain is working properly again.
It was pure luck that I noticed this whole thing within an hour. Man this gives me the creeps.... all emails went to the wrong server in this hour!! Everywhere you use an email address as login, the password can be (re-)sent by a click. I guess there's nothing else than to change all passwords where I use an email of this domain as login.
Cheers! - And I hope this doesn't happen to you!!
- leonard
:%s/^M//
There are 10 kinds of people:
Those who understand binary and those who don't.
There are 10 kinds of people:
Those who understand binary and those who don't.
- Leonard
- Reputation: 0
- Posts: 147
- Joined: Tue Dec 18, 2007 8:11 am
- Location: Switzerland
- Highscores: 0
- Arcade winning challenges: 0
How my domain got "robbed" for an hour - Sponsored results
- Sponsored results
0
by DC » Wed Oct 22, 2008 12:15 am
that's a fairly chilling story leonard, could you explain a little what you mean by "Everywhere you use an email address as login, the password can be (re-)sent by a click.?"
- DC
- Reputation: 0
- Posts: 4
- Joined: Wed Oct 22, 2008 12:09 am
- Highscores: 0
- Arcade winning challenges: 0
0
by Johnathan » Wed Oct 22, 2008 7:45 am
He means that any site he is a member of people can use your username and have the password sent to the email address you registered with. All the emails that were sent to him while his domain was 'robbed' went to a different server someone could access them.
- Johnathan
- Reputation: 0
- Posts: 1207
- Joined: Thu May 31, 2007 4:28 pm
- Location: Belfast, Northen Ireland
- Highscores: 0
- Arcade winning challenges: 0
0
by Leonard » Wed Oct 22, 2008 3:32 pm
Right Johnathan
Example facebook:
All the aggressor needs to do is enter the email-address of my account, e.g. correctaddress@robbeddomain.com (of course he needs to know exactly which email I use for the account on facebook) and the password will be sent to his server (that is if he has set the MX-record of the domain to point to his server and has a mailserver to receive the mail).
Cheers
- leonard
Example facebook:
All the aggressor needs to do is enter the email-address of my account, e.g. correctaddress@robbeddomain.com (of course he needs to know exactly which email I use for the account on facebook) and the password will be sent to his server (that is if he has set the MX-record of the domain to point to his server and has a mailserver to receive the mail).
Cheers
- leonard
:%s/^M//
There are 10 kinds of people:
Those who understand binary and those who don't.
There are 10 kinds of people:
Those who understand binary and those who don't.
- Leonard
- Reputation: 0
- Posts: 147
- Joined: Tue Dec 18, 2007 8:11 am
- Location: Switzerland
- Highscores: 0
- Arcade winning challenges: 0
|
|