build 

Craigslist Down For Hours After DNS Attack Forced Domain Hijacking

By James Kosur | Small Business

The Craigslist website went down for hours after a hacker used a DNS attack to hijack the website. Users who visited any Craigslist location were instead served a link to the DigitalGangster.com domain.

Because Craigslist serves a massive number of visitors, the DigitalGangster domain also crashed, serving up a bit of irony to the hacker.

The successful hack was not a direct attack on the Craigslist website, but rather a change of DNS settings which allowed the hacker to redirect the website.

Craigslist Down For Hours After DNS Attack Forced Domain Hijacking image Craigslist DownCraigslist Down For Hours After DNS Attack Forced Domain Hijacking

The attacker(s) apparently changed some settings, and redirected requests for craigslist.org to the New York Times website, after going through a third party click through gateway, which could have been an affiliate link. Soon after that, requests reverted back to the Digital Gangster site.

The domain name for Craigslist was modified at 2014-11-24T00:32:41Z, with the domain name registrant listed as “steven wynhoff @LulzClerk.”

By Monday morning the domain was once again under the control of Craigslist. However, many users must first clear their browser cache in order to regain access to the website.  Flushing DNS settings should also serve to restore access to Craigslist.

Craigslist CEO Jim Buckmaster posted an update on the incident early Monday, acknowledging that a “DNS outage” occurred as a result of a compromise:

“At approximately 5pm PST Sunday evening the craigslist domain name service (DNS) records maintained at one of our domain registrars were compromised, diverting users to various non-craigslist sites.

Many internet service providers (ISPs) cached the false DNS information for several hours, and some may still have incorrect information.

If you need immediate access to Craigslist you can ask your network provider or tech staff to flush all *.craigslist.org and *.craigslist.com entries (A,CNAME,SOA) from their DNS servers.”
Attacks like this typically are not very complex, and rarely affect customer data.

DNS hijacking has become a common way for hackers to take control of a websites domain, without needing to hack the actual websites database.

Did Craigslist being down cause you any headaches?

This article was syndicated from Business 2 Community: Craigslist Down For Hours After DNS Attack Forced Domain Hijacking

More Technology & Innovation articles from Business 2 Community:

Subscribe to our mailing list
* indicates required
Small Business Services