Network Solutions Lacks Solutions for Domain Name Hijacking
ARTICLE UPDATE (1-18-08): Please be sure to check out page three for the exciting conclusion to this article!
It's been two weeks now, and Network Solutions still has no idea how somebody managed to breach their security system and hijack our domain.
As a scant few of you might have noticed, Something Awful was hijacked and redirected to another IP on Wednesday, January 2nd. Internet users who failed to receive the memo informing them our site stopped being funny two years before it was created were redirected en masse to a completely different website, essentially serving as a DDoS attack. Let me try to explain this crap to you average human beings out there:
Non-technical analogy for normal people: A bunch of drunk criminals are heading to a big silly foreign person soccer game. They pile into countless ramshackle buses and Mad Max-ian flatbed trucks lumbering down the one single road leading to the stadium. Unfortunately, a dastardly trickster placed a fake street barricade ahead of them, redirecting all traffic directly to your nearby lonely grandmother's house. Grandma peeks through her doily-enhanced window and suffers a heart attack upon noticing the incoming influx of rowdy, angry people, all of which are specifically not her grandson who never calls. More and more violent, confused weirdos show up with each passing second. Grandma's house soon collapses; it was not designed to withstand so many horrible people. 30 minutes later and grandma is dead. Congratulations internet, you killed grandma.
Our domain name hijacking was apparently part of some ridiculous ongoing feud between bitter rival IRC channels or something equally asinine and completely unrelated to our site. My brain grows kind of hazy when pondering anything remotely related to "internet drama," so I really don't have a clue about what group of social deviants hates what group of slightly different social deviants. Internet drama tends to lose its amazingly addictive appeal once you get married, have a kid, and discover real-life activities that don't revolve around perpetually asking obese white people for ops. Let's just close this issue by saying I finally discovered a group of folks whose lives would significantly improve if they became addicted to World of Warcraft.
Regardless, some group of IRC trolls was mad at some other group of IRC trolls, so they decided to overload their website using a Network Solutions exploit, one which unfortunately involved Something Awful. Here's a consolidated timeline of these exciting events. Feel free to read along and pretend you're Kiefer Sutherland trying to protect the president from seeing the internet.
January 2nd, 1:15 PM - My coworker Kevin "Fragmaster" Bowen helpfully notices our website (www.somethingawful.com for those of you who ran out of Ritalin) is pointing to the Network Solutions domain placeholder page. After some consideration, we both agreed such a change contradicts our site's slogan, "Something Awful: not just another Network Solutions domain placeholder page."
1:18 PM - I call up Network Solutions' "Gold VIP Member" tech support, which is exactly like Network Solutions' non-Gold VIP member tech support except the people answering the phones hate you slightly less. I ask them to please cancel our recent, unauthorized nameserver change, additionally inquiring as to who requested the initial redirect. "Hmmm, I don't know," replied the Network Solutions Gold VIP Tech Support employee. "It wasn't you?" I'm not sure there's enough sarcasm in the world to properly address such a question in this scenario.
1:21 PM - I log on to my Network Solutions account, update both my username and password to randomly generated, 28-character hexadecimal entries, replacing my security question with something nonsensical and impossible to guess. Since I have no idea where this security breach originated, I am forced to assume everything has been compromised; we begin locking servers down as tightly and securely as possible.
1:26 PM - Despite generating a new password, username, and security question, somebody manages to change our nameservers yet again. I successfully log in to my Network Solutions account using the new username and password, just to ensure my security changes went through.
At this point, I was able to rule out a few possible security holes. The hijacker couldn't have possibly brute force cracked my username and password, two 28-character hex blocks of random garbage, in less than 10 minutes. I was running a fresh install of Vista less than two hours old (firewalled, anti-virus software, behind a blocked off router on a secure network), so my PC wasn't infected with any type of trojan or malware. Since nothing local could be compromised, I suspected somebody had gained access to our email address associated with Network Solutions, and were possibly obtaining our login information through lost username / password requests. This theory was debunked after searching through the mail server's logs, which didn't contain any recent messages from Network Solutions. Social engineering was additionally ruled out, as the possibility of some person duping Network Solutions' tech support twice in half an hour seemed somewhat unbelievable.