Monday, May 5, 2008

Problems at iPowerWeb?

We�ve seen hacks on iPowerWeb servers before. Now there seems to be a fresh rash of them. All of these sites are hosted on iPowerWeb-related servers (which include Endurance International Group and Bizland). And all of them have a similar pattern.

Examples:

scioly.org


Scioly12387787

astronomical.org

Astronomical12388

ifess.org

Ifess123888

nvvam.org

Nvvam123881238

Generally, these links redirect to porn:

Porn123888sdf88123

More hacked sites:

nvvam.org
orda.org
chnetwork.org
ifess.org
vraweb.org
spt.org
chnetwork.org
limarc.org
atcsd.com
123child.com
planetarium.net
kci.org
icat.org (not porn, but search redirects)

It�s a DNS hack (very much like what occurred in the past):

111.pornsites2703.planetarium.net

Answer records
nameclasstypedata

111.pornsites2703.planetarium.net


planetarium.net

Answer records
nameclasstypedata
planetarium.netINNSns1.ipowerdns.com
planetarium.netINNSns1.ipowerweb.net

INA216.130.168.69

iPowerWeb isn�t the only web hosting provider to have this problem. At least one site on Cernio (indybay.org), The Planet (ruby-doc.org) and Media Temple (hml.org) is similarly hacked.

However, they pale in comparison to the iPowerWeb problem.



Alex Eckelberry


No comments:

Post a Comment