Last Updated: 2010-11-25 08:57:08 UTC
by Bojan Zdrnja (Version: 1)
We received quite a bit of reports of people saying that Secunia’s web site has been defaced. And indeed, when I visit Secunia’s web site from my machine (located in Europe), I see a defaced web site as below:
However, after double checking it appears that their DNS records have been modified. The “defaced” web site is located (for me) at the following IP address:
$ host www.secunia.com
www.secunia.com is an alias for secunia.com.
secunia.com has address 188.8.131.52
secunia.com mail is handled by 0 secunia.com.
Checking my passive DNS system, I can see that previously www.secunia.com was at 184.108.40.206.
And, as suspected, after checking manually we can see that the original Secunia’s web site is still there:
$ telnet 220.127.116.11 80
Connected to secunia.com (18.104.22.168).
Escape character is '^]'.
GET / HTTP/1.0
HTTP/1.1 200 OK
Date: Thu, 25 Nov 2010 08:46:29 GMT
<meta name="Title" content="Secunia.com">
<link rel="stylesheet" type="text/css" href="/css/secunia.css">
Checking WHOIS entries will show more, but this "defacement" again shows how DNS is a critical resource.