whirlcool
Well-known member
What is the story with that Black something or other Swedish web hosting site hacking into automaticwasher.org? It's happened a couple of times over the past few days.
Swedish Hacking?
- Thread starter whirlcool
- Start date
Help Support :
Unfortunately this happened over the weekend when we all were down in Austin, TX for the Vacuum Club's convention. I had only one email alerting me to an issue and every time I checked site it appeared to be just fine. Being at the convention I didn't have much time for the website.
Over the weekend, our web host provider LunarPages has had its DNS (Domain Name Server) compromised, which resulted in a redirect nightmare for thousands of web site customers – including automaticwasher.org and vacuumland.org.
I feel for LunarPages. Honestly I do! They are one of the best, secure, shared web hosting companies that I’ve been affiliated with since our site went online in 2001. Fortunately this has never happened to us in the past, as far as I know.
The point is, however, there are no guarantees with the internet. Even if you are capable of running your own server and you know how to lock it down, you’re still vulnerable. That’s why we don’t run our own server. It’s too time consuming keeping up with these idiots!
So, in case you missed it, for a portion of time both aw.org and vacuumland were being redirected to a Swedish hosting provider.
We had it easy by comparison from what I’ve been reading on the support forum. Many sites had been redirected to malware providers that attempted to download an executable file. Others, have become victims of Cross-site Scripting attacks (XSS) and have no idea how to remove it from their pages. Many of these sites were using WordPress, Joomla, or other purchased software. The fact that I wrote our own customized code to run our discussion groups prevented the bad guys from injecting code into our site because its one of a kind and not off the shelf software that they could pre-analyze and exploit.
In order to understand what I said above (our web host provider LunarPages has had its Domain Name Server compromised), you have to understand that when you type in a web address, such as automaticwasher.org, there is a server on the Internet that takes that address and translates it into an IP address for the server it is located on. That server is called a DNS or Domain Name Server.
It’s sort of like a database that collects all the web addresses and connects them to their hosting server. So, when you type in an address in your browser, the address is sent to the DNS on your Internet Service Provider (ISP) and the browser then knows where to go look for the site.
Every so many hours – usually 24 – the ISPs flush their DNS cache. I know, huh????
Let’s look at it in another way.
Your computer – and I’ll use a Windows example – actually holds a storage or cache of the DNS addresses. That's how you’re able to get to websites so quickly. If you've ever gotten redirected or had problems accessing sites, you may have to flush or erase your computers DNS cache by typing in the run command the following: ipconfig /flushdns
That clears the stored – and possibly wrong – information on where websites are located. By flushing the information, your computer is forced to go out to the Internet and get a new list. Hopefully, the new list is corrected from errors you might have been experiencing.
ISPs need to do the same from time-to-time, and if they don’t, well, you wouldn’t be reading this because you’d be redirected to the Swedish hosting site.
Comcast appears to have flushed everything. Verizon apparently has not yet.
So, if you are reading this, your ISP has flushed the DNS cache and all is good.
I apologize about this, although there really was nothing Fred Nelson (webmaster of Vacuumland) or I could have done as this was an attack at the ISP level. Thus it is completely out of our hands.
[this post was last edited: 6/7/2010-18:14]
Over the weekend, our web host provider LunarPages has had its DNS (Domain Name Server) compromised, which resulted in a redirect nightmare for thousands of web site customers – including automaticwasher.org and vacuumland.org.
I feel for LunarPages. Honestly I do! They are one of the best, secure, shared web hosting companies that I’ve been affiliated with since our site went online in 2001. Fortunately this has never happened to us in the past, as far as I know.
The point is, however, there are no guarantees with the internet. Even if you are capable of running your own server and you know how to lock it down, you’re still vulnerable. That’s why we don’t run our own server. It’s too time consuming keeping up with these idiots!
So, in case you missed it, for a portion of time both aw.org and vacuumland were being redirected to a Swedish hosting provider.
We had it easy by comparison from what I’ve been reading on the support forum. Many sites had been redirected to malware providers that attempted to download an executable file. Others, have become victims of Cross-site Scripting attacks (XSS) and have no idea how to remove it from their pages. Many of these sites were using WordPress, Joomla, or other purchased software. The fact that I wrote our own customized code to run our discussion groups prevented the bad guys from injecting code into our site because its one of a kind and not off the shelf software that they could pre-analyze and exploit.
In order to understand what I said above (our web host provider LunarPages has had its Domain Name Server compromised), you have to understand that when you type in a web address, such as automaticwasher.org, there is a server on the Internet that takes that address and translates it into an IP address for the server it is located on. That server is called a DNS or Domain Name Server.
It’s sort of like a database that collects all the web addresses and connects them to their hosting server. So, when you type in an address in your browser, the address is sent to the DNS on your Internet Service Provider (ISP) and the browser then knows where to go look for the site.
Every so many hours – usually 24 – the ISPs flush their DNS cache. I know, huh????
Let’s look at it in another way.
Your computer – and I’ll use a Windows example – actually holds a storage or cache of the DNS addresses. That's how you’re able to get to websites so quickly. If you've ever gotten redirected or had problems accessing sites, you may have to flush or erase your computers DNS cache by typing in the run command the following: ipconfig /flushdns
That clears the stored – and possibly wrong – information on where websites are located. By flushing the information, your computer is forced to go out to the Internet and get a new list. Hopefully, the new list is corrected from errors you might have been experiencing.
ISPs need to do the same from time-to-time, and if they don’t, well, you wouldn’t be reading this because you’d be redirected to the Swedish hosting site.
Comcast appears to have flushed everything. Verizon apparently has not yet.
So, if you are reading this, your ISP has flushed the DNS cache and all is good.
I apologize about this, although there really was nothing Fred Nelson (webmaster of Vacuumland) or I could have done as this was an attack at the ISP level. Thus it is completely out of our hands.
[this post was last edited: 6/7/2010-18:14]
whirlcool
Well-known member
Thanks for the explanation. I am familiar how DNS names work.
Grrr, I wish they could clean up all these hackers and cons off of the internet.
Grrr, I wish they could clean up all these hackers and cons off of the internet.
Posting from work on DSL, which apparently didn't pick up the corrupt DNS records as it has been OK for the duration of the hack. Interestingly, my cable service @ home (a local provider that sources from ComCast) still is not refreshed as of 1.5 hrs ago, which is odd being as they've picked up name server changes/updates very quickly in the past.
Robert (or anyone who knows Mac computers):
Is this the equivalent of a flushdown on a Mac? There is a command to Empty Cache, and one called Reset (which empties the cache plus other things).
Here's what pops up when you select the Empty Cache command:
Is this the equivalent of a flushdown on a Mac? There is a command to Empty Cache, and one called Reset (which empties the cache plus other things).
Here's what pops up when you select the Empty Cache command:
DNS caching (a function of the operating system) is a different thing from the browser's (page) cache, although some browsers do also cache DNS. Doesn't hurt to clear the browser cache occasionally.
Can't say about Macs, but on PCs holding Shift while clicking the browser's refresh button ignores the page cache and forces a full reload (for the one page being viewed). Again, that's not related to DNS.
Recent versions of Windows (from 2K forward) have a DNS Client service that caches DNS records. As Robert stated above, running ipconfig /flushdns at a command line forces a refresh on it from the ISP's DNS server(s). Whether that fixes the BlackInternet issue depends on if the ISP's DNS has itself refreshed. I always disable the DNS Client service.
Can't say about Macs, but on PCs holding Shift while clicking the browser's refresh button ignores the page cache and forces a full reload (for the one page being viewed). Again, that's not related to DNS.
Recent versions of Windows (from 2K forward) have a DNS Client service that caches DNS records. As Robert stated above, running ipconfig /flushdns at a command line forces a refresh on it from the ISP's DNS server(s). Whether that fixes the BlackInternet issue depends on if the ISP's DNS has itself refreshed. I always disable the DNS Client service.
There is one major problem with computer:
If you can get OUT, someone else can get IN!
If you can get OUT, someone else can get IN!
Eugene, I don't know enough about Mac computers to be able to say how to do it, I'm sure other mac super-users might be able to say.
I do want everyone to realize that this outage/redirection is happening to tens of thousands of web sites at Lunarpages, not just us. People are just furious at them as it is generally a very secure company and while for us here at aw.org this is just an inconvenience for others running their websites is their income and it could have devastating effects for these small business owners. If you read the thread going on about it on the Lunarpages forum you can see the frustrations.
So now question, on our site everything appears to be working properly for me as I'm on Comcast who seem to be on the ball with refreshing their DNS pointers. Can as many people as possible report in to this thread and let me know if the site is acting funny in any way for them or even just let me know that everything is fine. I want to keep a record to show Lunarpages and see if they can compensate us in some way once things return to normal.
Thanks for everyone's help during this crazy nonsense.
I do want everyone to realize that this outage/redirection is happening to tens of thousands of web sites at Lunarpages, not just us. People are just furious at them as it is generally a very secure company and while for us here at aw.org this is just an inconvenience for others running their websites is their income and it could have devastating effects for these small business owners. If you read the thread going on about it on the Lunarpages forum you can see the frustrations.
So now question, on our site everything appears to be working properly for me as I'm on Comcast who seem to be on the ball with refreshing their DNS pointers. Can as many people as possible report in to this thread and let me know if the site is acting funny in any way for them or even just let me know that everything is fine. I want to keep a record to show Lunarpages and see if they can compensate us in some way once things return to normal.
Thanks for everyone's help during this crazy nonsense.
bendixbubba
Well-known member
- Joined
- Aug 23, 2008
- Messages
- 86
java files on Mac
Hey there
When I was getting re-directed, I flushed out the java files in the system, reset safari, then rebooted the iMac, blackinternet was gone when it was back on and running, no problems since.
Hey there
When I was getting re-directed, I flushed out the java files in the system, reset safari, then rebooted the iMac, blackinternet was gone when it was back on and running, no problems since.
seamusuk
Well-known member
No issues over here...
Im with Virgin Media cable......
Im with Virgin Media cable......
BUMP
Since I'm not getting much response to this thread I'm going to repeat what I said above:
I do want everyone to realize that this outage/redirection is happening to tens of thousands of web sites at Lunarpages, not just us. People are just furious at them as it is generally a very secure company and while for us here at aw.org this is just an inconvenience for others running their websites is their income and it could have devastating effects for these small business owners. If you read the thread going on about it on the Lunarpages forum you can see the frustrations.
So now question, on our site everything appears to be working properly for me as I'm on Comcast who seem to be on the ball with refreshing their DNS pointers. Can as many people as possible report in to this thread and let me know if the site is acting funny in any way for them or even just let me know that everything is fine. I want to keep a record to show Lunarpages and see if they can compensate us in some way once things return to normal.
Thanks for everyone's help during this crazy nonsense.
Since I'm not getting much response to this thread I'm going to repeat what I said above:
I do want everyone to realize that this outage/redirection is happening to tens of thousands of web sites at Lunarpages, not just us. People are just furious at them as it is generally a very secure company and while for us here at aw.org this is just an inconvenience for others running their websites is their income and it could have devastating effects for these small business owners. If you read the thread going on about it on the Lunarpages forum you can see the frustrations.
So now question, on our site everything appears to be working properly for me as I'm on Comcast who seem to be on the ball with refreshing their DNS pointers. Can as many people as possible report in to this thread and let me know if the site is acting funny in any way for them or even just let me know that everything is fine. I want to keep a record to show Lunarpages and see if they can compensate us in some way once things return to normal.
Thanks for everyone's help during this crazy nonsense.
Another UK member with no problems
both work and at home although it is the same internet provider (Plusnet) in both cases
Al
both work and at home although it is the same internet provider (Plusnet) in both cases
Al
I guess I missed this whole thing. I have no problems accessing the website, nor is anything funny going on. When did this happen? Was it on Saturday or on Sunday?
I use IE8 and my provider is Ziggo in the Netherlands.
www.ziggo.nl
BTW, if I needed to do it, where would I type that command to clean the cache memory?
I use IE8 and my provider is Ziggo in the Netherlands.
www.ziggo.nl
BTW, if I needed to do it, where would I type that command to clean the cache memory?
Have not had any problems so far. Am using TWC RoadRunner.
I'm with Charter communications at home and here at the office and I never knew there had been any problems until I read the thread on here about it.
whirlcool
Well-known member
From what I have seen the problem comes and goes. I flushed my cache so far the problem has seemed to disappear.
BTW, if I needed to do it, where would I type that command to clean the cache memory?
I wouldn't worry about it Louis, all will clear itself within a week or so. Since the Lunarpages was attacked on Saturday in a few days all should be good. Its just horrible that it was so easy for some hacker to essentially hack thousands of web sites all at once and unfortunately we got caught in the storm as well. I do feel really bad for all the small businesses that got caught up in this mess, this certainly doesn't help their business any.
I wouldn't worry about it Louis, all will clear itself within a week or so. Since the Lunarpages was attacked on Saturday in a few days all should be good. Its just horrible that it was so easy for some hacker to essentially hack thousands of web sites all at once and unfortunately we got caught in the storm as well. I do feel really bad for all the small businesses that got caught up in this mess, this certainly doesn't help their business any.
All ok-
Google Chrome, AT&T DSL.
Seemed a bit slow on Saturday, but otherwise ok then.
Lawrence/Maytagbear
Google Chrome, AT&T DSL.
Seemed a bit slow on Saturday, but otherwise ok then.
Lawrence/Maytagbear
