cancel
Showing results for 
Search instead for 
Did you mean: 

UK2.net

pcrepairs
Newbie
Posts: 1
Registered: 30-07-2007

UK2.net

Having problems this AM it appears to of been hacked is anyone else having difficulties accessing any uk2.net domains or email ?

Rodge :roll:
5 REPLIES
Community Gaffer
Community Gaffer
Posts: 12,804
Thanks: 635
Fixes: 62
Registered: 04-04-2007

UK2.net

Yes,

I have seen a few complaints this morning. Our DNS appears to be resolving a different authoritative DNS for the uk2.net domain.

The first query below is from our DNS the second from Freeserve's. I'll ask somebody to take a look:

bpullen@pvs-csctools:~$ dig uk2.net @212.159.13.49


; <<>> DiG 9.2.4 <<>> uk2.net @212.159.13.49
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39099
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;uk2.net. IN A

;; ANSWER SECTION:
uk2.net. 13632 IN A 72.232.55.194

;; AUTHORITY SECTION:
uk2.net. 56805 IN NS ns1.securitycrims.com.
uk2.net. 56805 IN NS ns2.securitycrims.com.

;; ADDITIONAL SECTION:
ns1.securitycrims.com. 143166 IN A 72.232.55.194
ns2.securitycrims.com. 143166 IN A 72.232.55.195

;; Query time: 7 msec
;; SERVER: 212.159.13.49#53(212.159.13.49)
;; WHEN: Thu Jul 12 12:44:07 2007
;; MSG SIZE rcvd: 126

bpullen@pvs-csctools:~$ dig uk2.net @195.92.195.94

; <<>> DiG 9.2.4 <<>> uk2.net @195.92.195.94
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62892
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;uk2.net. IN A

;; ANSWER SECTION:
uk2.net. 128203 IN A 83.170.69.14

;; AUTHORITY SECTION:
uk2.net. 75488 IN NS ns1.uk2.net.
uk2.net. 75488 IN NS ns2.uk2.net.

;; ADDITIONAL SECTION:
ns1.uk2.net. 128203 IN A 83.170.64.2
ns2.uk2.net. 128203 IN A 83.170.69.2

;; Query time: 7 msec
;; SERVER: 195.92.195.94#53(195.92.195.94)
;; WHEN: Thu Jul 12 12:44:21 2007
;; MSG SIZE rcvd: 109


Kind Rgds,

Bob Pullen
Plusnet Products Team
If I've been helpful then please give thanks ⤵

p_w_d_stone
Grafter
Posts: 315
Registered: 05-04-2007

UK2.net

Can a mod move this thread to Community Support for greater visibility?
Community Veteran
Posts: 5,877
Thanks: 1
Registered: 05-04-2007

UK2.net

Done as requested Smiley
Community Gaffer
Community Gaffer
Posts: 12,804
Thanks: 635
Fixes: 62
Registered: 04-04-2007

UK2.net

Right,

doesn't seem to be a problem with us. Looks like uk2.net's auth DNS was hacked at some point. Requests to get to their site were redirecting to a hacked page. This will have affected any domains hosted with them.

I know that Entanet had a similar problem, as did OneTel and Newnet.

We've just refreshed the records on one of our caching servers and that's now showing the correct record. My bet is that uk2.net got hacked, they realised relatively quickly and sorted the problem, however some caching servers (like ours) will not yet have expired the dodgy DNS entries.

Wonder if they'll be announcing this?

Kind Rgds,

Bob Pullen
Plusnet Products Team
If I've been helpful then please give thanks ⤵

grey_gorilla
Dabbler
Posts: 24
Registered: 23-07-2007

UK2.net

Quote

Wonder if they'll be announcing this?


El Reg have reported it

http://www.theregister.co.uk/2007/07/12/uk2_hack/