Does anyone know anything about the recent spate of defaced pages on some free sites recently?
One host I use recently managed to mess up and deleted a whole bunch of their free members sites. Not only that but they managed to lose the account information too. Shortly afterwards the sites became defaced, this seems to be because the accounts were taken over before the orginal owners could reregister them.
I had a look at some of these sites and Googled some of the text found in the new pages -
Using different phrases, as far as I can tell, around 100,000 sites have been defaced. The hosts affected include 0Catch and their affiliates, Freeservers, Homestead, Lycos Europe (especially France) and SimpleNet.
Also, as far as I can tell, they look like sites that were originally made with the hosts online template building tools. It's hard to say for sure though as the HEAD sections of the sites are damaged.
In the text in the wrecked pages is also the phrase MikeinBrazil. A search for this shows that "MikeinBrazil" has been flooding message boards and forums.
The whole point of this hacking seems to be to drive people to various pornographic web sites. Especialy the various forms of inthevip. Like MikeinBrazil this is also somebody's screen name and they too seem to have been flooding message boards and forums.
0Catch for one says their servers were not hacked and that someone may have checked for expired or near-expired domains -
The problem with that explanation is that this software does exactly that - it looks for expired domains not the subdomains that these free hosts use.
I'd like to know if anyone has more information on this, or if possible, someone to explain how someone would get the DNS CNAME information for these subdomains.
Ray
One host I use recently managed to mess up and deleted a whole bunch of their free members sites. Not only that but they managed to lose the account information too. Shortly afterwards the sites became defaced, this seems to be because the accounts were taken over before the orginal owners could reregister them.
I had a look at some of these sites and Googled some of the text found in the new pages -
Using different phrases, as far as I can tell, around 100,000 sites have been defaced. The hosts affected include 0Catch and their affiliates, Freeservers, Homestead, Lycos Europe (especially France) and SimpleNet.
Also, as far as I can tell, they look like sites that were originally made with the hosts online template building tools. It's hard to say for sure though as the HEAD sections of the sites are damaged.
In the text in the wrecked pages is also the phrase MikeinBrazil. A search for this shows that "MikeinBrazil" has been flooding message boards and forums.
The whole point of this hacking seems to be to drive people to various pornographic web sites. Especialy the various forms of inthevip. Like MikeinBrazil this is also somebody's screen name and they too seem to have been flooding message boards and forums.
0Catch for one says their servers were not hacked and that someone may have checked for expired or near-expired domains -
The problem with that explanation is that this software does exactly that - it looks for expired domains not the subdomains that these free hosts use.
I'd like to know if anyone has more information on this, or if possible, someone to explain how someone would get the DNS CNAME information for these subdomains.
Ray