Looks like another hole in the NSI registrar (not registry) system has been found and exploited. Apparently some 2,000 domains have been hijacked, so if something weird has happened to a domain of yours, this may explain it... Whois lucasfilm.com Query: indianajones.com Registry: whois.networksolutions.com Results: Registrant: Lucasfilm Ltd (INDIANAJONES5-DOM) senojanaidn 12 Tirana, Albania 10000 AL Domain Name: INDIANAJONES.COM Administrative Contact, Technical Contact, Zone Contact, Billing Contact: indianajones, inetn (IIO27) justdoit@MEGAPOST.NET indianajonesorgni senojanaidn 12 Tirana, Albania 10000 AL 323432444 (FAX) 323432431 Record last updated on 10-Apr-2000. Record expires on 02-Oct-2000. Record created on 01-Oct-1997. Database last updated on 12-Apr-2000 04:49:41 EDT. Domain servers in listed order: NS1.WEBPROVIDER.COM 209.143.154.70 NS2.WEBPROVIDER.COM 207.226.255.71 Results brought to you by the GeekTools WHOIS Proxy v3.0 Server results may be copyrighted and are used with permission. Your host (204.74.78.193) has visited 2 times today. Story appears at http://filmforce.ign.com/news/781.html pointer provided by jra :-) The url does take you to the lucasfim website now, but earlier it took you to Webprovider.com. The above story has a screencapture of the way it looked. -- Rodney Joffe CenterGate Research Group, LLC. http://www.centergate.com "Technology so advanced, even we don't understand it!"(SM)
I modified my NSI contact handle last week. I sent in the modification template from an address other than what was listed on the contact record, expecting to get something sent to the listed address asking me to ack the change, but instead the change just went right through. The mail from authentication was never very secure, as it would accept whatever was on the From: line as suitable authentication, but this seemed even worse than usual. I can't say this domain hijacking surprises me much. -Steve On Thu, 13 Apr 2000, Rodney Joffe wrote:
Looks like another hole in the NSI registrar (not registry) system has been found and exploited. Apparently some 2,000 domains have been hijacked, so if something weird has happened to a domain of yours, this may explain it...
Whois lucasfilm.com
Query: indianajones.com Registry: whois.networksolutions.com Results:
Registrant: Lucasfilm Ltd (INDIANAJONES5-DOM) senojanaidn 12 Tirana, Albania 10000 AL
Domain Name: INDIANAJONES.COM
Administrative Contact, Technical Contact, Zone Contact, Billing Contact: indianajones, inetn (IIO27) justdoit@MEGAPOST.NET indianajonesorgni senojanaidn 12 Tirana, Albania 10000 AL 323432444 (FAX) 323432431
Record last updated on 10-Apr-2000. Record expires on 02-Oct-2000. Record created on 01-Oct-1997. Database last updated on 12-Apr-2000 04:49:41 EDT.
Domain servers in listed order:
NS1.WEBPROVIDER.COM 209.143.154.70 NS2.WEBPROVIDER.COM 207.226.255.71
Results brought to you by the GeekTools WHOIS Proxy v3.0 Server results may be copyrighted and are used with permission. Your host (204.74.78.193) has visited 2 times today.
Story appears at http://filmforce.ign.com/news/781.html
pointer provided by jra :-)
The url does take you to the lucasfim website now, but earlier it took you to Webprovider.com. The above story has a screencapture of the way it looked.
-- Rodney Joffe CenterGate Research Group, LLC. http://www.centergate.com "Technology so advanced, even we don't understand it!"(SM)
-- Steve Gibbard WWNet System Administration +1 734 513-7707 x 2009 http://www.wwnet.net
participants (2)
-
Rodney Joffe
-
Steve Gibbard