CircleID

On Saturday, November 29, 2003 a post on the GNSO mailing list indicated that the .name registry website had been hacked. As reported by George Kirikos, "The .name registry's main website www.nic.name has been hacked, as of Saturday evening in North America. According to Netcraft, they're running Linux. They must not have kept up to date with all security updates, or someone cracked a password. Hopefully offsite backups were made, to ensure data integrity."

Although, due to this emergency, the .name web servers have been pulled down as of this writing, just a short few hours ago, visitors to the .name registry home page would find a mysterious black screen upon visiting the site, including the following text:

"Owned by SUr00tIK & GroMx

No files was deleted
Original site available HERE

Last login from: surootik_gromx.polish.underground.pl [2003-11-29]"

The bottom of the black screen also included a rotating image displaying the following text in sequece:

"It's good.
www.slackware.com
Open Source is Good.
Free is Good.
Slackware Linux."

In response to this event, Hakon Haugnes, president of Global Name Registry said:

"To those having noticed our website incident:

We did an update to Apache and PHP last week and someone managed to exploit a hole in one of these and replace the index file on the webserver.

No other data than the index.php were replaced, and no other data could be accessed as the webserver is physically and geographically separated from our Registry Systems.

We have taken our webservers down during the weekend to further reinforce our website against similar incidents in the future.

Thank you for your vigilence and to all who notified us about this unfortunate incident."

Written by CircleID Reporter

Related topics: DNS, Security