DNS hijack - prevention tips

Posted by user578359 on Pro Webmasters See other posts from Pro Webmasters or by user578359
Published on 2011-01-17T10:10:54Z Indexed on 2011/02/17 15:33 UTC
Read the original article Hit count: 402

Filed under:
|

Hi there,

Over the weekend it looks like the DNS was hijacked on two of my domains.

My set up is I have the sites registered on 1and1.co.uk, with dns nameservers pointing to Hostgator in the US where the sites are hosted. I also had cloudflare CDN running on the sites (via hostgator cpanel).

My question is any ideas as to how this happened, and how I could either monitor it so I know if it occurs again, or strengthen the set up/service to minimise the risk.

History:

  • I received a ping from my site monitoring service that the sites were down.
  • When I checked the sites were up so I assumed it was local to the monitoring service
  • I received a ping last night the sites were up
  • When I checked, one site was redirecting to download-manual.com (and checking that URL now, the home page is not the same as the one I saw, so they too may have been hijacked/hacked)
  • The other site URL remained the same but had one of those standard site search pages which bounce you off to either phishing or paid for search sites

I notified Hostgator who told me Cloudflare or 1and1 were the issue. I removed cloudflare, and contacted both them and hostgator, and am awaiting a response, but am not holding my breath.

Is this common? I've never heard of this or come across this before. It's pretty scary that this can happen so easily.

Appreciate any input.

**Update: I've now spoken to support at 1and1, Hostgator, and Cloudflare, and each one claims it has nothing to do with them, and must be one of the others. Larry, curly, moe.

© Pro Webmasters or respective owner

Related posts about dns

Related posts about hijacked