Is anyone else seeing their local craigslist redirected to another site other than craigslist? I see it loading http://digitalgangster.com/5um.
I can't reach my local one or the Fresno one. Server unreachable. Sent from my iPhone 5S.
On Nov 23, 2014, at 7:41 PM, Brian Henson <marine64@gmail.com> wrote:
Is anyone else seeing their local craigslist redirected to another site other than craigslist? I see it loading http://digitalgangster.com/5um.
Same here, New Jersey. On Sun, Nov 23, 2014 at 10:43 PM, aUser <auser@mind.net> wrote:
I can't reach my local one or the Fresno one. Server unreachable.
Sent from my iPhone 5S.
On Nov 23, 2014, at 7:41 PM, Brian Henson <marine64@gmail.com> wrote:
Is anyone else seeing their local craigslist redirected to another site other than craigslist? I see it loading http://digitalgangster.com/5um.
-- -- Brian
Maybe an area based issue. tons of reports here http://www.isitdownrightnow.com/craigslist.org.html On Sun, Nov 23, 2014 at 10:48 PM, Brian Artschwager <brian@artschwager.com> wrote:
Same here, New Jersey.
On Sun, Nov 23, 2014 at 10:43 PM, aUser <auser@mind.net> wrote:
I can't reach my local one or the Fresno one. Server unreachable.
Sent from my iPhone 5S.
On Nov 23, 2014, at 7:41 PM, Brian Henson <marine64@gmail.com> wrote:
Is anyone else seeing their local craigslist redirected to another site other than craigslist? I see it loading http://digitalgangster.com/5um.
--
-- Brian
yes it's been hijacked thru registrar level and someone was able to change name servers, now it's back to normal but you will need to clear your caches and perhaps your ISP too. (if you are using 8.8.8.8 , they have already cleared the caches) Sponsoring Registrar:Network Solutions, LLC (R63-LROR) seems to be registrar, would be fun to read the post-mortem. On Sun, Nov 23, 2014 at 7:48 PM, Brian Artschwager <brian@artschwager.com> wrote:
Same here, New Jersey.
On Sun, Nov 23, 2014 at 10:43 PM, aUser <auser@mind.net> wrote:
I can't reach my local one or the Fresno one. Server unreachable.
Sent from my iPhone 5S.
On Nov 23, 2014, at 7:41 PM, Brian Henson <marine64@gmail.com> wrote:
Is anyone else seeing their local craigslist redirected to another site other than craigslist? I see it loading http://digitalgangster.com/5um .
--
-- Brian
Well, NetSol? Is it just me or they came up a few times lately (past year) in high profil case of DNS Hijacking? On 11/23/14 23:06, Mehmet Akcin wrote:
yes it's been hijacked thru registrar level and someone was able to change name servers, now it's back to normal but you will need to clear your caches and perhaps your ISP too. (if you are using 8.8.8.8 , they have already cleared the caches)
Sponsoring Registrar:Network Solutions, LLC (R63-LROR) seems to be registrar, would be fun to read the post-mortem.
On Sun, Nov 23, 2014 at 7:48 PM, Brian Artschwager <brian@artschwager.com> wrote:
Same here, New Jersey.
On Sun, Nov 23, 2014 at 10:43 PM, aUser <auser@mind.net> wrote:
I can't reach my local one or the Fresno one. Server unreachable.
Sent from my iPhone 5S.
On Nov 23, 2014, at 7:41 PM, Brian Henson <marine64@gmail.com> wrote:
Is anyone else seeing their local craigslist redirected to another site other than craigslist? I see it loading http://digitalgangster.com/5um .
--
-- Brian
On 11/24/2014 08:41 AM, Alain Hebert wrote:
Well,
NetSol?
Is it just me or they came up a few times lately (past year) in high profil case of DNS Hijacking?
Someone was kind enough to break into one of my domains at Register.com -- and to their credit Register.com detected the intrusion and reported it to me so I could go fix the problem. Perp added DNS records to my zone file, which I deleted, and reported the incident to the owner of the IP address. Yes, I changed the passwords.
I hate to say this, But I think that Network Operators have not see the last of of this DNS Hijacking. Craigslist might have been a test to see how far they could get and how long it would take for it to be discovered. I hope the FBI and the other Federal agencies out there are involved with Craigslist to determine how this happened and put in safeguards in place to help prevent this from happening again. -Mike Michael T. Voity Network Engineer University of Vermont On 11/24/2014 11:52 AM, Stephen Satchell wrote:
On 11/24/2014 08:41 AM, Alain Hebert wrote:
Well,
NetSol?
Is it just me or they came up a few times lately (past year) in high profil case of DNS Hijacking?
Someone was kind enough to break into one of my domains at Register.com -- and to their credit Register.com detected the intrusion and reported it to me so I could go fix the problem. Perp added DNS records to my zone file, which I deleted, and reported the incident to the owner of the IP address.
Yes, I changed the passwords.
It still seems broken in some areas. Mail is bouncing from Hotmail to craigslist. On Mon, Nov 24, 2014 at 5:08 PM, Michael T. Voity <mvoity@uvm.edu> wrote:
I hate to say this, But I think that Network Operators have not see the last of of this DNS Hijacking. Craigslist might have been a test to see how far they could get and how long it would take for it to be discovered. I hope the FBI and the other Federal agencies out there are involved with Craigslist to determine how this happened and put in safeguards in place to help prevent this from happening again.
-Mike
Michael T. Voity Network Engineer University of Vermont
On 11/24/2014 11:52 AM, Stephen Satchell wrote:
On 11/24/2014 08:41 AM, Alain Hebert wrote:
Well,
NetSol?
Is it just me or they came up a few times lately (past year) in high profil case of DNS Hijacking?
Someone was kind enough to break into one of my domains at Register.com
-- and to their credit Register.com detected the intrusion and reported it to me so I could go fix the problem. Perp added DNS records to my zone file, which I deleted, and reported the incident to the owner of the IP address.
Yes, I changed the passwords.
On 11/24/14, 5:08 PM, "Michael T. Voity" <mvoity@uvm.edu> wrote:
I hate to say this, But I think that Network Operators have not see the last of of this DNS Hijacking. Craigslist might have been a test to see how far they could get and how long it would take for it to be discovered. I hope the FBI and the other Federal agencies out there are involved with Craigslist to determine how this happened and put in safeguards in place to help prevent this from happening again.
-Mike
Michael T. Voity Network Engineer University of Vermont
Anyone heard from Eugene Kashpureff lately? Hello 1996. :)
In light of the CL domain hijacking, it seems like a good time to ask if everyone has an inventory system that keeps track of all the details (including renewal dates) for their domain registy and SSL certificate accounts. If you use a tool to keep track of this, which one? Do you have things set up in your monitoring system to watch for changes in this stuff? Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Xymon has a built in test to check SSL cert expiration. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Nov 24, 2014 7:14 PM, "Jay Ashworth" <jra@baylink.com> wrote:
In light of the CL domain hijacking, it seems like a good time to ask if everyone has an inventory system that keeps track of all the details (including renewal dates) for their domain registy and SSL certificate accounts.
If you use a tool to keep track of this, which one?
Do you have things set up in your monitoring system to watch for changes in this stuff?
Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Jay Ashworth wrote:
In light of the CL domain hijacking, it seems like a good time to ask if everyone has an inventory system that keeps track of all the details (including renewal dates) for their domain registy and SSL certificate accounts.
If you use a tool to keep track of this, which one?
Do you have things set up in your monitoring system to watch for changes in this stuff?
And a registrar that has an API compatible with the tool! Miles Fidelman -- In theory, there is no difference between theory and practice. In practice, there is. .... Yogi Berra
It's pretty easy to roll out a Nagios box that checks on your domains, NS results and SSL status. On Mon, Nov 24, 2014 at 4:20 PM, Miles Fidelman <mfidelman@meetinghouse.net> wrote:
Jay Ashworth wrote:
In light of the CL domain hijacking, it seems like a good time to ask if everyone has an inventory system that keeps track of all the details (including renewal dates) for their domain registy and SSL certificate accounts.
If you use a tool to keep track of this, which one?
Do you have things set up in your monitoring system to watch for changes in this stuff?
And a registrar that has an API compatible with the tool!
Miles Fidelman
-- In theory, there is no difference between theory and practice. In practice, there is. .... Yogi Berra
-- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
A half-day with SQLite, memcached and PHP solved this need for us (auto-configures Nagios). Tracking a few hundred domains at this point. Gosh, I really need to cleanup sources, and punt some of these little tools onto GitHub. Gregg Berkholtz
On Nov 24, 2014, at 4:52 PM, Mike Hale <eyeronic.design@gmail.com> wrote:
It's pretty easy to roll out a Nagios box that checks on your domains, NS results and SSL status.
On Mon, Nov 24, 2014 at 4:20 PM, Miles Fidelman <mfidelman@meetinghouse.net> wrote:
Jay Ashworth wrote:
In light of the CL domain hijacking, it seems like a good time to ask if everyone has an inventory system that keeps track of all the details (including renewal dates) for their domain registy and SSL certificate accounts.
If you use a tool to keep track of this, which one?
Do you have things set up in your monitoring system to watch for changes in this stuff?
And a registrar that has an API compatible with the tool!
Miles Fidelman
-- In theory, there is no difference between theory and practice. In practice, there is. .... Yogi Berra
-- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
He didn't hack the registry, he hijacked its records. And this is far from the first time a registry account was hacked. But, yeah, *still* not secure enough. George William Herbert Sent from my iPhone
On Nov 24, 2014, at 2:17 PM, Randy Epstein <nanog@hostleasing.net> wrote:
On 11/24/14, 5:08 PM, "Michael T. Voity" <mvoity@uvm.edu> wrote:
I hate to say this, But I think that Network Operators have not see the last of of this DNS Hijacking. Craigslist might have been a test to see how far they could get and how long it would take for it to be discovered. I hope the FBI and the other Federal agencies out there are involved with Craigslist to determine how this happened and put in safeguards in place to help prevent this from happening again.
-Mike
Michael T. Voity Network Engineer University of Vermont
Anyone heard from Eugene Kashpureff lately?
Hello 1996. :)
On 11/24/14, 7:16 PM, "George Herbert" <george.herbert@gmail.com> wrote:
He didn't hack the registry, he hijacked its records. And this is far from the first time a registry account was hacked. But, yeah, *still* not secure enough.
Actually, he didn’t hack its records either. He exploited a bug in BIND.
George William Herbert Sent from my iPhone
On Nov 24, 2014, at 2:17 PM, Randy Epstein <nanog@hostleasing.net> wrote:
On 11/24/14, 5:08 PM, "Michael T. Voity" <mvoity@uvm.edu> wrote:
I hate to say this, But I think that Network Operators have not see the last of of this DNS Hijacking. Craigslist might have been a test to see how far they could get and how long it would take for it to be discovered. I hope the FBI and the other Federal agencies out there are involved with Craigslist to determine how this happened and put in safeguards in place to help prevent this from happening again.
-Mike
Michael T. Voity Network Engineer University of Vermont
Anyone heard from Eugene Kashpureff lately?
Hello 1996. :)
On Nov 24, 2014, at 4:18 PM, Randy Epstein <nanog@hostleasing.net> wrote:
Actually, he didn’t hack its records either. He exploited a bug in BIND.
...returned a legit response plus a tacked-on glue record for www.internic.net anytime you queried his nameserver, which he tricked people into doing with mixtures of sending you mail, hitting open DNS servers with queries for his domain, and another thing I still don't want to talk about. Paul was more widely quoted and knew his BIND vulnerability better; he can always out-pedant me on this one. I did get a few press quotes, though. Your fu is weak, Randyhopper. Train harder! ;-) George William Herbert Sent from my iPhone
In message <FDF98A3E-6BDC-4D85-8826-B3B8DC6EC725@gmail.com>, George Herbert writes:
On Nov 24, 2014, at 4:18 PM, Randy Epstein <nanog@hostleasing.net> wrote:
Actually, he didn’t hack its records either. He exploited a bug in BIND.
...returned a legit response plus a tacked-on glue record for www.internic.net anytime you queried his nameserver, which he tricked people into doing with mixtures of sending you mail, hitting open DNS servers with queries for his domain, and another thing I still don't want to talk about.
Paul was more widely quoted and knew his BIND vulnerability better; he can always out-pedant me on this one.
More a protocol bug which lead to DNSSEC, which allows you to accept a answer from anywhere so long as it is signed and validates as secure, which most of you have yet to deploy.
I did get a few press quotes, though.
Your fu is weak, Randyhopper. Train harder! ;-)
George William Herbert Sent from my iPhone
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
In message <D09934E0.BE620%nanog@hostleasing.net>, Randy Epstein writes:
On 11/24/14, 7:16 PM, "George Herbert" <george.herbert@gmail.com> wrote:
He didn't hack the registry, he hijacked its records. And this is far from the first time a registry account was hacked. But, yeah, *still* not secure enough.
Actually, he didn’t hack its records either. He exploited a bug in BIND.
And your evidence for that is what? Feel free to send to security-officer@isc.org. Mark
George William Herbert Sent from my iPhone
On Nov 24, 2014, at 2:17 PM, Randy Epstein <nanog@hostleasing.net> wrote:
On 11/24/14, 5:08 PM, "Michael T. Voity" <mvoity@uvm.edu> wrote:
I hate to say this, But I think that Network Operators have not see the last of of this DNS Hijacking. Craigslist might have been a test to see how far they could get and how long it would take for it to be discovered. I hope the FBI and the other Federal agencies out there are involved with Craigslist to determine how this happened and put in safeguards in place to help prevent this from happening again.
-Mike
Michael T. Voity Network Engineer University of Vermont
Anyone heard from Eugene Kashpureff lately?
Hello 1996. :)
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
On 11/24/14, 7:51 PM, "Mark Andrews" <marka@isc.org> wrote:
In message <D09934E0.BE620%nanog@hostleasing.net>, Randy Epstein writes:
On 11/24/14, 7:16 PM, "George Herbert" <george.herbert@gmail.com> wrote:
He didn't hack the registry, he hijacked its records. And this is far from the first time a registry account was hacked. But, yeah, *still* not secure enough.
Actually, he didnâ•˙t hack its records either. He exploited a bug in BIND.
And your evidence for that is what? Feel free to send to security-officer@isc.org.
Mark
I could be wrong. This is what was reported by a few back in 1997. If not true, so be it. I have no further details from something that occurred 17 years ago.
George William Herbert Sent from my iPhone
On Nov 24, 2014, at 2:17 PM, Randy Epstein <nanog@hostleasing.net> wrote:
On 11/24/14, 5:08 PM, "Michael T. Voity" <mvoity@uvm.edu> wrote:
I hate to say this, But I think that Network Operators have not see the last of of this DNS Hijacking. Craigslist might have been a test to see how far they could get and how long it would take for it to be discovered. I hope the FBI and the other Federal agencies out there are involved with Craigslist to determine how this happened and put in safeguards in place to help prevent this from happening again.
-Mike
Michael T. Voity Network Engineer University of Vermont
Anyone heard from Eugene Kashpureff lately?
Hello 1996. :)
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
In message <20141125005124.0C4BF243AC29@rock.dv.isc.org>, Mark Andrews writes:
In message <D09934E0.BE620%nanog@hostleasing.net>, Randy Epstein writes:
On 11/24/14, 7:16 PM, "George Herbert" <george.herbert@gmail.com> wrote:
He didn't hack the registry, he hijacked its records. And this is far from the first time a registry account was hacked. But, yeah, *still* not secure enough.
Actually, he didn’t hack its records either. He exploited a bug in BIND.
Ignore. Lost track of context. Mark
And your evidence for that is what? Feel free to send to security-officer@isc.org.
Mark
George William Herbert Sent from my iPhone
On Nov 24, 2014, at 2:17 PM, Randy Epstein <nanog@hostleasing.net> wrote:
On 11/24/14, 5:08 PM, "Michael T. Voity" <mvoity@uvm.edu> wrote:
I hate to say this, But I think that Network Operators have not see the last of of this DNS Hijacking. Craigslist might have been a test to see how far they could get and how long it would take for it to be discovered. I hope the FBI and the other Federal agencies out there are involved with Craigslist to determine how this happened and put in safeguards in place to help prevent this from happening again.
-Mike
Michael T. Voity Network Engineer University of Vermont
Anyone heard from Eugene Kashpureff lately?
Hello 1996. :)
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
And that was July 1997 not 96, though that does nothing to make me feel younger ... George William Herbert Sent from my iPhone
On Nov 24, 2014, at 4:16 PM, George Herbert <george.herbert@gmail.com> wrote:
He didn't hack the registry, he hijacked its records. And this is far from the first time a registry account was hacked. But, yeah, *still* not secure enough.
George William Herbert Sent from my iPhone
On Nov 24, 2014, at 2:17 PM, Randy Epstein <nanog@hostleasing.net> wrote:
On 11/24/14, 5:08 PM, "Michael T. Voity" <mvoity@uvm.edu> wrote:
I hate to say this, But I think that Network Operators have not see the last of of this DNS Hijacking. Craigslist might have been a test to see how far they could get and how long it would take for it to be discovered. I hope the FBI and the other Federal agencies out there are involved with Craigslist to determine how this happened and put in safeguards in place to help prevent this from happening again.
-Mike
Michael T. Voity Network Engineer University of Vermont
Anyone heard from Eugene Kashpureff lately?
Hello 1996. :)
On 11/24/14, 7:18 PM, "George Herbert" <george.herbert@gmail.com> wrote:
And that was July 1997 not 96, though that does nothing to make me feel younger ...
http://archive.wired.com/politics/law/news/1997/07/5325 Yep. He did it to one of my domains (besides internic.net).
George William Herbert Sent from my iPhone
On Nov 24, 2014, at 4:16 PM, George Herbert <george.herbert@gmail.com> wrote:
He didn't hack the registry, he hijacked its records. And this is far from the first time a registry account was hacked. But, yeah, *still* not secure enough.
George William Herbert Sent from my iPhone
On Nov 24, 2014, at 2:17 PM, Randy Epstein <nanog@hostleasing.net> wrote:
On 11/24/14, 5:08 PM, "Michael T. Voity" <mvoity@uvm.edu> wrote:
I hate to say this, But I think that Network Operators have not see the last of of this DNS Hijacking. Craigslist might have been a test to see how far they could get and how long it would take for it to be discovered. I hope the FBI and the other Federal agencies out there are involved with Craigslist to determine how this happened and put in safeguards in place to help prevent this from happening again.
-Mike
Michael T. Voity Network Engineer University of Vermont
Anyone heard from Eugene Kashpureff lately?
Hello 1996. :)
Not here, spyware maybe? On Sun, Nov 23, 2014 at 8:41 PM, Brian Henson <marine64@gmail.com> wrote:
Is anyone else seeing their local craigslist redirected to another site other than craigslist? I see it loading http://digitalgangster.com/5um.
-- eSited LLC (701) 390-9638
Comes up normal for me in LA, on twc. On Nov 23, 2014 7:43 PM, "Brian Henson" <marine64@gmail.com> wrote:
Is anyone else seeing their local craigslist redirected to another site other than craigslist? I see it loading http://digitalgangster.com/5um.
down for me and http://www.downforeveryoneorjustme.com/craigslist.org /kc On Sun, Nov 23, 2014 at 07:45:35PM -0800, Chaim Rieger said:
Comes up normal for me in LA, on twc. On Nov 23, 2014 7:43 PM, "Brian Henson" <marine64@gmail.com> wrote:
Is anyone else seeing their local craigslist redirected to another site other than craigslist? I see it loading http://digitalgangster.com/5um.
-- Ken Chase - math@sizone.org Toronto Canada
I did a cache flush at googledns and it started resolving to a different IP than the one earlier. Thinking the DNS may have been compromised somewhere. New IP is 208.91.197.27 old one was 74.63.219.135 On Sun, Nov 23, 2014 at 10:53 PM, Ken Chase <math@sizone.org> wrote:
down for me and http://www.downforeveryoneorjustme.com/craigslist.org
/kc
On Sun, Nov 23, 2014 at 07:45:35PM -0800, Chaim Rieger said:
Comes up normal for me in LA, on twc. On Nov 23, 2014 7:43 PM, "Brian Henson" <marine64@gmail.com> wrote:
Is anyone else seeing their local craigslist redirected to another site other than craigslist? I see it loading http://digitalgangster.com/5um.
-- Ken Chase - math@sizone.org Toronto Canada
I get the favicon.ico but Chrome says Error code: ERR_CONNECTION_TIMED_OUT Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Sun, Nov 23, 2014 at 11:15 PM, Brian Henson <marine64@gmail.com> wrote:
I did a cache flush at googledns and it started resolving to a different IP than the one earlier. Thinking the DNS may have been compromised somewhere. New IP is 208.91.197.27 old one was 74.63.219.135
On Sun, Nov 23, 2014 at 10:53 PM, Ken Chase <math@sizone.org> wrote:
down for me and http://www.downforeveryoneorjustme.com/craigslist.org
/kc
On Sun, Nov 23, 2014 at 07:45:35PM -0800, Chaim Rieger said:
Comes up normal for me in LA, on twc. On Nov 23, 2014 7:43 PM, "Brian Henson" <marine64@gmail.com> wrote:
Is anyone else seeing their local craigslist redirected to another site other than craigslist? I see it loading http://digitalgangster.com/5um.
-- Ken Chase - math@sizone.org Toronto Canada
Boston is just fine, and all the links from there, to other craigslist sites seem to be working as well. Chaim Rieger wrote:
Comes up normal for me in LA, on twc. On Nov 23, 2014 7:43 PM, "Brian Henson" <marine64@gmail.com> wrote:
Is anyone else seeing their local craigslist redirected to another site other than craigslist? I see it loading http://digitalgangster.com/5um.
-- In theory, there is no difference between theory and practice. In practice, there is. .... Yogi Berra
Not seeing that here The local site and the general http;// www.craigslist.org both look to be going to the correct site. On Sun, Nov 23, 2014 at 10:41 PM, Brian Henson <marine64@gmail.com> wrote:
Is anyone else seeing their local craigslist redirected to another site other than craigslist? I see it loading http://digitalgangster.com/5um.
strange when I go to Boise.craigslist or dayton.craigslist.org I get a site that shows digital Gangster for life as the title. so do some of the other tools outside my network. On Sun, Nov 23, 2014 at 10:45 PM, Charles Mills <w3yni1@gmail.com> wrote:
Not seeing that here The local site and the general http;// www.craigslist.org both look to be going to the correct site.
On Sun, Nov 23, 2014 at 10:41 PM, Brian Henson <marine64@gmail.com> wrote:
Is anyone else seeing their local craigslist redirected to another site other than craigslist? I see it loading http://digitalgangster.com/5um.
On Nov 23, 2014, at 7:41 PM, Brian Henson <marine64@gmail.com> wrote:
Is anyone else seeing their local craigslist redirected to another site other than craigslist? I see it loading http://digitalgangster.com/5um.
*.craigslist.ca and *.craigslist.org have been offline since about 16:40 Pacific Standard Time from at least three different networks I have access to. From the limited poking around I've done it looks like it could be a DNS hijacking. I haven't seen anything about it on the outages list yet ... --lyndon
CoSprings list is coming up fine. On Sun, Nov 23, 2014 at 8:41 PM, Brian Henson <marine64@gmail.com> wrote:
Is anyone else seeing their local craigslist redirected to another site other than craigslist? I see it loading http://digitalgangster.com/5um.
Im seeing it resolve to 74.63.219.135 on my network and on http://whois.domaintools.com/craigslist.org On Sun, Nov 23, 2014 at 10:57 PM, Quinn Kuzmich <lostinmoscow@gmail.com> wrote:
CoSprings list is coming up fine.
On Sun, Nov 23, 2014 at 8:41 PM, Brian Henson <marine64@gmail.com> wrote:
Is anyone else seeing their local craigslist redirected to another site other than craigslist? I see it loading http://digitalgangster.com/5um.
Looking at San Diego. Suspecting an issue with Google DNS. Google--> dig @8.8.8.8 cities.l.craigslist.org. +short 74.63.219.135 My resolver--> dig cities.l.craigslist.org. +short 208.82.238.226 Authoritative--> dig @208.82.236.210 cities.l.craigslist.org. +short +norec 208.82.236.242 On Sun, Nov 23, 2014 at 10:59:35PM -0500, Brian Henson wrote:
Im seeing it resolve to 74.63.219.135 on my network and on http://whois.domaintools.com/craigslist.org
On Sun, Nov 23, 2014 at 10:57 PM, Quinn Kuzmich <lostinmoscow@gmail.com> wrote:
CoSprings list is coming up fine.
On Sun, Nov 23, 2014 at 8:41 PM, Brian Henson <marine64@gmail.com> wrote:
Is anyone else seeing their local craigslist redirected to another site other than craigslist? I see it loading http://digitalgangster.com/5um.
On 24/11/14 13:41, Brian Henson wrote:
Is anyone else seeing their local craigslist redirected to another site other than craigslist? I see it loading http://digitalgangster.com/5um.
Over on [dns-operations]:
On 24/11/14 13:38, Brad Volz wrote:>
The craigslist account at one of our registrars was compromised and the NS records migrated away from their rightful home. That issue has since been corrected, but the various caches around the Internet are still holding the old data.
If you could take a look at your caches to see if craigslist.org has the following NS records:
ns1p.craigslist.org ns2p.craigslist.org ns1f.craigslist.org ns2f.craigslist.org
If you see something else there, then you have a poisoned cache.
Thank you for your assistance in this matter.
Brad Volz Network Engineer
On Nov 23, 2014, at 8:51 PM, Randy Bush <randy@psg.com> wrote:
and what tasty things did the hijacker's web site serve?
Firefox on my Mac started acting very strangely after encountering one of the 'unresponsive' versions of craigslist.ca. Apparent browser hangs, javascript script timeouts, and odd things related to the browser history. I restored ~/Library/Application\ Support/Firefox from a Time Machine snapshot taken just before the Craigslist hack, and all appears fine now. I have to diff between the two versions of that directory before I claim the website hack had anything to do with it, but for now Mac Firefox users might want to be wary ... (Note: Mac OS 10.9.5 and Firefox 33.1 are what I was running.) --lyndon
participants (25)
-
Alain Hebert
-
aUser
-
Brian Artschwager
-
Brian Henson
-
Bryan Tong
-
Chaim Rieger
-
Charles Mills
-
Christopher Morrow
-
George Herbert
-
Gregg Berkholtz
-
Jay Ashworth
-
Josh Luthman
-
Ken Chase
-
Lyndon Nerenberg
-
Mark Andrews
-
Mehmet Akcin
-
Michael T. Voity
-
Mike Hale
-
Miles Fidelman
-
Nate Itkin
-
Quinn Kuzmich
-
Randy Bush
-
Randy Epstein
-
Stephen Satchell
-
Ted Cooper