Attempted domain hijacking?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

***paste notice from my dedicated server host who also host DNS services***

The reason why that happened is that we have been getting UPDATE traffic
from for that domain. It got flagged since we do not provide
update protocol handler for dynamic off-site dns editing.

Anyway. This guy does not seem to like you:

Mar  7 10:58:13 auth1 named[13081]: client update
'' denied is the name

***end paste***

It appears to be a person in Toronto Canada, and I am not on top of DNS, but
from what I can peice together some person assumed the DNS servers were open
to some automated updating and tried to push through a change - does this
sound close? I would imagine they were trying to point it to another IP
address to grab traffic and or serve a defaced site but could there be
something more sinister behind it?

The odd thing is that has only been registered for a couple weeks
and has a placeholder page so isn't exactly a worthwhile target for

Re: Attempted domain hijacking?

Quoted text here. Click to load it

Here is everything I know for sure.  I have one email killfilter for a
guy who was shipping me viri several times a day. The origin shown in
the headers for these viri was:

Beyond that I are clueless.


Site Timeline