11:24 Domain Theft What to do if during this massive attack you have it taken away | |
| We are partners rutsentra, and the domain of one of our clients "increase." Here was the first "lightning" of the attack habrahabr.ru/blogs/infosecurity/95705 / Cannot rutsentra - when you change DNS no notification to me never arrived. What rutsentr made good - temporarily blocked the shift partner. Hackers changed the password to access and ns-server. BUT! This is not limited. WARNING! Cunningly evil and disgusting. As ns-server hacker prescribed ns.imyasamogodomena.ru and the same ns2, a space prescribed ip transparent proxy 62.122.75.80 Ie face the first level of concealment. Next front of mimicry - the server at the specified address transparently take content from your old ip address (I do not know how). I do not know how much all this was going on, but the server hackers began to falter and stopped when a load. Brakes site and refusing to work with Outlook mail panic at first on the client side, then already in our office. What was the bewilderment and a sense of mysticism, you would know) Quick gugling aypishnika led to an article in runet of mass hacking domain (thanks, yuzerneym%%!). Continue to act quickly (after diagnosis). So, the action plan, if you partner Registrar (nic.ru): From the partnership account change the contact email domain administrator on the date and initiate the password reset process, and then change it. You've got to act quickly, because since the change of email hacker will come to know about it. They took thousands of domains, it is unlikely they will have time to react quickly. For THEN changed the dns-server. It is important to maintain consistency, and act quickly. If you own the domain owner, and no partner - boldly Roll the official letter from the registrar, and if possible come to pass. Read more here https: / / www.nic.ru / dns / service / faq.html # common (if you're under rutsentrom). Workers themselves rutsentra recommend not change password from under your account (this is a check in the admin panel). To all owners of a hosting, and who have a lot of customers sitting on the UPU - ping a list of their domains, who scored aypishnikom - under the microscope. On a note housewifely hostess. WARNING! It is not known what information the hackers managed to write down when passing the site through a proxy, so you need to change all passwords to access content on a website, email, ftp, database. P.S. What do I do with other registrars do not know, mtw.ru and without any passwords and authorizations directly over the phone will change ns-server, reg.ru not have its own affiliate base in a digestible form, by the way, with the position of the case Rutsentra torrents.ru I disagree . P.p.s. Use for - posted, as with other registrars it happens - hitting attacks, and share success stories. I will finish the post on the positive, repelling the domain of evil was, and what you want! | |
|
| |
| Total comments: 0 | |