Last Updated: 2010-11-25 08:57:08 UTC
by Bojan Zdrnja (Version: 1)
We received quite a bit of reports of people saying that Secunia’s web site has been defaced. And indeed, when I visit Secunia’s web site from my machine (located in Europe), I see a defaced web site as below:
However, after double checking it appears that their DNS records have been modified. The “defaced” web site is located (for me) at the following IP address:
$ host www.secunia.com
www.secunia.com is an alias for secunia.com.
secunia.com has address 220.127.116.11
secunia.com mail is handled by 0 secunia.com.
Checking my passive DNS system, I can see that previously www.secunia.com was at 18.104.22.168.
And, as suspected, after checking manually we can see that the original Secunia’s web site is still there:
$ telnet 22.214.171.124 80
Connected to secunia.com (126.96.36.199).
Escape character is '^]'.
GET / HTTP/1.0
HTTP/1.1 200 OK
Date: Thu, 25 Nov 2010 08:46:29 GMT
<meta name="Title" content="Secunia.com">
<link rel="stylesheet" type="text/css" href="/css/secunia.css">
Checking WHOIS entries will show more, but this "defacement" again shows how DNS is a critical resource.