Author Topic: EMERGENCY! freedns.centos-webpanel.com has been hacked!  (Read 7404 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
EMERGENCY! freedns.centos-webpanel.com has been hacked!
« on: September 13, 2017, 04:31:19 AM »
I host all my DNS on
http://freedns.centos-webpanel.com

Right now, it's not reporting that my website (www.chantcd.com) directs anywhere but to my server, hosted on IP 64.250.9.27.

However, somehow there's a hidden redirect for the subdomain
books.chantcd.com

which SHOULD NOT BE HAPPENING. I looked into this, and I conclude that there has been a hack, not on my server, but on the FreeDNS system somewhere. PLEASE LOOK INTO IT ASAP!



chantcd.com
Host records (by server):
chantcd.com has address 64.250.9.27
chantcd.com mail is handled by 10 mail.chantcd.com.
Host record (by google DNS):
64.250.9.27
NameServers (by google DNS):
ns2.centos-webpanel.com.
ns1.centos-webpanel.com.
NS search records (by google DNS):
SOA ns1.centos-webpanel.com. freedns.centos-webpanel.com. 2017091307 28800 7200 1209600 86400 from server 167.114.21.225 in 57 ms.
SOA ns1.centos-webpanel.com. freedns.centos-webpanel.com. 2017091307 28800 7200 1209600 86400 from server 185.4.149.83 in 137 ms.
rDNS/PTR record check: SUCCESS
rDNS/PTR = 64-250-9-27.gvec.net
rDNS A record = 64.250.9.27 [Check SenderBase] [Check RBL]



books.chantcd.com
Host records (by server):
books.chantcd.com has address 212.47.235.72
Host record (by google DNS):
212.47.235.72
NameServers (by google DNS):
ns2.centos-webpanel.com.
ns1.centos-webpanel.com.
NS search records (by google DNS):
SOA ns1.centos-webpanel.com. freedns.centos-webpanel.com. 2017082101 28800 7200 1209600 86400 from server 167.114.21.225 in 68 ms.
SOA ns1.centos-webpanel.com. freedns.centos-webpanel.com. 2017082101 28800 7200 1209600 86400 from server 185.4.149.83 in 151 ms.
rDNS/PTR record check: FAILED
rDNS/PTR = 72.1-24.235.47.212.in-addr.arpa72-235-47-212.rev.cloud.scaleway.com
rDNS A record = 212.47.235.72 [Check SenderBase] [Check RBL]

Checking with google if domain is hosted on this server: FAILED

You need to set your domain nameservers to:
ns1.centos-webpanel.com
ns2.centos-webpanel.com
ns3.centos-webpanel.com
ns4.centos-webpanel.com
ns5.centos-webpanel.com

*if you want that your dns records works!

Zone:
chantcd.com   
Serial:
2017091308
Refresh:

28800
Retry:

7200
Expire:

1209600
TTL:

86400
NS1:

ns1.centos-webpanel.com
NS2:

ns2.centos-webpanel.com
    
Host   Type   Destination   Valid   Delete

@
    
64.250.9.27
 YES


@
    
10
 
mail.chantcd.com
 YES


books
    
64.250.9.27
 YES


ftp
    
64.250.9.27
 YES


mail
    
64.250.9.27
 YES


www
    
@

« Last Edit: September 13, 2017, 04:33:24 AM by DeveloperMcD »

Offline
**
Re: EMERGENCY! freedns.centos-webpanel.com has been hacked!
« Reply #1 on: September 13, 2017, 08:00:05 AM »
Any admin comments on this???

Offline
*
Re: EMERGENCY! freedns.centos-webpanel.com has been hacked!
« Reply #2 on: September 13, 2017, 01:09:50 PM »
He wrote to me and said he did find this subdomain (books.chantcd.com) in another account.
But I don't have any other FreeDNS accounts.
My recent (April 2016) foray into CWP was my first and only use of the software.

Thus far, he has not given me the name of the "other account" -- If I had the name, I could tell you with 100% certainty whether or not it was a name I picked at some point.

I seriously doubt I personally created this record.
So just anyone can add records for another person's domain, as long as it's a subdomain, and get away with it? That's crazy.
All you'd have to do is find out what domains are hosted by FreeDNS, and which ones have good Google pagerank. Then hijack away!

He needs to increase his security STAT!