y Mike Lennon on November 24, 2014
[update] Users looking to visit online classifieds titan Craigslist on Sunday evening were redirected to a site hosted at the domain DigitalGangster(dot)Com, as a result of a DNS hijack.
Assumingly under a heavy load, the server receiving the hijacked traffic was unable to cope with the massive amount of web traffic that Craigslist.org receives and was unable to respond to most web requests.
Not long after, the attacker(s) apparently changed some settings, and redirected requests for craigslist.org to the New York Times website, after going through a third party click through gateway, which could have been an affiliate link. Soon after that, requests reverted back to the Digital Gangster site, which at the time of publishing still appeared to be choking under heavy traffic.
full article
I get redirected to this youtube video trying to access new-haven craigslist page.
https://www.youtube.com/watch?v=UCyFdGOdiUw.
Why does 'nt Webroot detects the redirecting and warn me?
https://www.youtube.com/watch?v=UCyFdGOdiUw.
Why does 'nt Webroot detects the redirecting and warn me?
Userlevel 7
+62
Hello mabecane,
Welcome to the Community,
If you continnue to read the Fulll Article of attackers Hijack Craigslist Name you would see this.
UPDATE] - As of early Monday morning, the domain registration is back in control of the rightful Craigslist administrator, with the Name Servers also changed back Craigslist.org servers. Users may need to clear their Browser Cache or Flush their DNS Cache to force the new settings to correctly resolve the DNS requests faster.
Craigslist CEO Jim Buckmaster posted an update on the incident early Monday, acknowledging that a "DNS outage" occurred as a result of a compromise:
Welcome to the Community,
If you continnue to read the Fulll Article of attackers Hijack Craigslist Name you would see this.
UPDATE] - As of early Monday morning, the domain registration is back in control of the rightful Craigslist administrator, with the Name Servers also changed back Craigslist.org servers. Users may need to clear their Browser Cache or Flush their DNS Cache to force the new settings to correctly resolve the DNS requests faster.
Craigslist CEO Jim Buckmaster posted an update on the incident early Monday, acknowledging that a "DNS outage" occurred as a result of a compromise:
"At approximately 5pm PST Sunday evening the craigslist domain name service (DNS) records maintained at one of our domain registrars were compromised, diverting users to various non-craigslist sites.
This issue has been corrected at the source, but many internet service providers (ISPs) cached the false DNS information for several hours, and some may still have incorrect information.
The Community has this article that you might be interested in reading below.
What you are seeing and describing is what we on the Community refer to as a PUA. (Potentially Unwanted Application)These are very annoying at best in that they cause pop-us, redirect your browser home page, and other behavior that may slow down the computer and direct ads your way, but they are not actually doing anything bad like damaging files or stealing information. Often they are installed intentionally by you the user as browser add-ons for various tasks such as quick search tools.. but they also come with the result of added annoying pop-ups and ads. Other times they 'piggy back' with other software that you installed, or try to 'sneak' onto your system entirely.
WSA does detect and remove many PUA's, and more are being added, but WSA does not detect all of them. A simple browser add-on with PUA behavior that is easy to identify and easy to remove is not likely to be detected and removed by WSA. Those that are intentionally difficult to locate and remove are. Please see THIS LINK for more information regarding Webroot's stance on these annoying programs.
The best thing to do is to submit a Trouble Ticket and ask Webroot Support to take a look and remove these for you. There is NO CHARGE for this for valid WSA license holder.
Also, we have had a lot of discussion regarding these recently, and I have posted an Idea for Webroot to consider asking them to increase PUA detection. The more users that need help removing a particular PUA the more likely and faster that PUA will be added to detection.
I hope this helps!
Best Regards,
I thought the hyjackers swaped the DNS setting to theirs and that's why I get redirected. I don't have any malware on my pc doing the redirection. I thought Webroot could detect it. But again the bad guys went into CL DNS server and changed the settings that's prolly why Webroot did not see the problem.
Userlevel 7
+62
Hello mabecane,
Thanks for getting back to us and you are mostly likely right about the hijackers swapping out the DNS. Great to hear you have no malware on your pc but I just through that in just encase.
Have a great day mabecane!:D
Thanks for getting back to us and you are mostly likely right about the hijackers swapping out the DNS. Great to hear you have no malware on your pc but I just through that in just encase.
Have a great day mabecane!:D
Since my server had not flushed the bad DNS addresses out their system, I still could not accsess CL so I changed the DNS server setting on my laptop. I used google DNS addresses 8.8.8.8 and 8.8.44.
Now i can get to CL on my laptop.
Thanks for the feedbacks
Now i can get to CL on my laptop.
Thanks for the feedbacks
Userlevel 7
+62
Hello mabecane,@ wrote:
Since my server had not flushed the bad DNS addresses out their system, I still could not accsess CL so I changed the DNS server setting on my laptop. I used google DNS addresses 8.8.8.8 and 8.8.44.
Now i can get to CL on my laptop.
Thanks for the feedbacks
Wonderful news and I'm happy that you are back and running CL. This could help others as well. So Thank you so much!
Regards,
Userlevel 7
The following article is a update
Craigslist is asking users to flush their DNS after one or more pranksters twice changed the DNS records of the popular flesh and furniture classifieds site so it redirects users to a website and video.
The attack, launched on 23 November, saw some users to some pages redirected to a site previously used in 2008 to sell stolen celebrity photos and a YouTube music video both run and created by former hacker Bryce Case Jnr.
Bryce said he did not know who was behind the attack.
Craigslist chief executive Jim Buckmaster said the hack was fixed on Sunday evening.
full article
(Craigslist pushes punters to YouTube, hacker site)
By Darren Pauli, 25 Nov 2014Craigslist is asking users to flush their DNS after one or more pranksters twice changed the DNS records of the popular flesh and furniture classifieds site so it redirects users to a website and video.
The attack, launched on 23 November, saw some users to some pages redirected to a site previously used in 2008 to sell stolen celebrity photos and a YouTube music video both run and created by former hacker Bryce Case Jnr.
Bryce said he did not know who was behind the attack.
Craigslist chief executive Jim Buckmaster said the hack was fixed on Sunday evening.
full article
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.