Gearslutz Hijacked!!

Advertise with us
Shop deals on ebay
shop deals on amazon
GroupDIY Audio Forum

Help Support GroupDIY Audio Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
W

wtmnmf

Well-known member
Joined
Feb 4, 2007
Messages
380
Location
Berkeley,CA USA
Check it out!  Looks more like Gearslutsssss  now  :eek:  LMAO

Edit:  The 'official' explanation: "There was a typo in one of the nameservers and a spammer registered the typo domain name and has done this redirect."

It looks like the typo was gearsluts.com, which uses the same registrar and name servers as gearslutz.com and was created not long after the creation of GS.  I still don't understand how or why a manual entry was made.

Pinging 'sluts' returns 176.56.59.10, which is the correct IP address for GS.
Pinging 'slutz' returns 141.8.224.116, which is the IP address for 'sluts'.

Both URLs get you to the 'sluts' page...  how does that work?

Further edit:  Answering my own question: The nameservers were updated, but my cache needed flushing! Now, 'sluts' redircts to 'slutz'!!!!!  Pwnage  ;D
 
Sorry Ethan, let me know if I need to take this down:

Here's what comes up for me....  funny thing is I'm facebook chatting with folks that seem to still be able to access Gearslutz with no issue.

 
It's probably a domain host issue, it's the generic site that pops up when the site is missing, but the domain holder wants to still make money off it... Maybe they haven't paid the bill?
 
zebra50 said:
Looks fine. What did I miss?
Click to expand...

Interesting...  what IP address do you see for GS?  I bet if you were to flush your DNS cache the problem would crop up, but it could be that the DNS server that you use does not reflect the change. Or, maybe there is something about DNS and the host country of the site that I fail to grasp?  I don't know.

I use the term Hijack loosely... It's certainly a case of GS not renewing their site registration on time.  I'm afraid that they are not going to get it back cheaply.  Maybe it's a good thing, I think that joke got old a long time ago.

Edit:  I see that 176.56.59.10 works OK.
 
Yeah, it's pretty batsh*t crazy and useless over there anyhow.  It's sort of funny, one would think they could've afforded the bill, what with their entire site being one giant advertisement.  Happy snow IS expensive, however. 
 
There should be a special room in hell for website hackers, while I have seen real businesses register and redirect similar sounding URL names to literally steal another company's good will and web traffic. 

These porn hacks at geekslutz  look like just a short term annoyance.

I constantly see footprints of people trying to hack my website , I blocked one URL last week, but this is a never ending battle and for every one I block there are thousands right behind him.


JR
 
John,

Are you sure those are hackers trying to access your site?
I would hate to see you lose legit traffic to your product website accidentally blocking innocent traffic.

RE: GS, yes it looks like they just forgot, or their registrar forgot to remind them they needed to pay to renew.  It looks like their hosting service provider is squatting on the domain in the meantime. If they've got a crummy host, it's going to cost them A LOT to buy it back. If indeed they have a crummy host and it's the host that originally registered the domain, it's their responsibility to send the client the reminder to renew. This would beg the question whether there was foul play involved on the part of the host...especially knowing how much traffic that site gets...
 
For a short time last year my site (oscomerce) was constantly under attack.  Some kind of google bot keyword scam type thing described here:
http://blog.unmaskparasites.com/2010/01/18/bety-php-oscommerce-hack-part-1/

I was finally able to lock it down with a number of patches that ban any questionable ip's.

Very annoying.  Especially since I discovered the problem and had to fix it while on vacation with my wife.  I hate hackers.

Mike
 
Was fine this morning and works fine now. Including seeing very recent posts, so not just my cache.

http://www.gearslutz.com/board/showthread.php?t=705310

Weirdy weird.
 
zebra50 said:
Was fine this morning and works fine now. Including seeing very recent posts, so not just my cache.

http://www.gearslutz.com/board/showthread.php?t=705310

Weirdy weird.
Click to expand...

I was seeing the porn spam page this morning.  Now regular GS is back.  I kinda miss the old porn spam page.
 
Ethan said:
John,

Are you sure those are hackers trying to access your site?
I would hate to see you lose legit traffic to your product website accidentally blocking innocent traffic.
Click to expand...
I get a running list of the last 300 failed link attempts with who, when, and what.  There are very few honest mistakes, where I may have a broken link or a missing image file, but the vast majority are clear hacking attempts.

Over the years, they have caused much mischief, and I have closed all of the back doors and vulnerabilities that I know about, adding lots of code to thwart known attacks, etc.  (I'd rather not discuss details of my counter measures openly). This is an escalating arms race, where they keep trying like the incoming tide.

Just last week I caught a puke trying to hack my database, and after I googled his IP, i found he was already on a black list. Most of the hack attacks I see are not from black listed IPs so black listing doesn't work as well as other defensive strategies.

I routinely have my website scanned for PCI compliance since trying to steal customer CC information is a common theme with these pukes. but they have multiple different agendas and strategies.
RE: GS, yes it looks like they just forgot, or their registrar forgot to remind them they needed to pay to renew.  It looks like their hosting service provider is squatting on the domain in the meantime. If they've got a crummy host, it's going to cost them A LOT to buy it back. If indeed they have a crummy host and it's the host that originally registered the domain, it's their responsibility to send the client the reminder to renew. This would beg the question whether there was foul play involved on the part of the host...especially knowing how much traffic that site gets...
Click to expand...

My recollection of the law, or general practice, is that you have a grace period of several months to reclaim an expired domain registry. While it is possible that their host is so sleazy, that they concealed the expiry of their registration for months, there are often other registrars that will try to get your renewal (this is all public information), so this expiration may be hard to keep secret.

My guess is that somebody fooled the central registry to change where gearslutx was pointed, so they will probably change it back fairly quickly. If they indeed had their name stolen, shame on them both.

I've said this before but i wouldn't mind a little more effective law and order on the WWW, while I appreciate the pros and cons of too much.

JR
 

Latest posts

Back
Top