Hi there,
Over the weekend it looks like the DNS was hijacked on two of my domains.
My set up is I have the sites registered on 1and1.co.uk, with dns nameservers pointing to Hostgator in the US where the sites are hosted. I also had cloudflare CDN running on the sites (via hostgator cpanel).
My question is any ideas as to how this happened, and how I could either monitor it so I know if it occurs again, or strengthen the set up/service to minimise the risk.
History:
I received a ping from my site monitoring service that the sites were down.
When I checked the sites were up so I assumed it was local to the monitoring service
I received a ping last night the sites were up
When I checked, one site was redirecting to download-manual.com (and checking that URL now, the home page is not the same as the one I saw, so they too may have been hijacked/hacked)
The other site URL remained the same but had one of those standard site search pages which bounce you off to either phishing or paid for search sites
I notified Hostgator who told me Cloudflare or 1and1 were the issue. I removed cloudflare, and contacted both them and hostgator, and am awaiting a response, but am not holding my breath.
Is this common? I've never heard of this or come across this before. It's pretty scary that this can happen so easily.
Appreciate any input.
**Update: I've now spoken to support at 1and1, Hostgator, and Cloudflare, and each one claims it has nothing to do with them, and must be one of the others. Larry, curly, moe.
