Skip to content

4 Comments

> a professional entertainer in the USA, whose server† had apparently and unobtrusively been hacked

† also his domain registrar–unless a wildcard DNS directive sends
WhateverYouCanImagine[.]ViolatedEntertainer[.]com
to the same host.

…and this story thereby provides an answer to the question we’ve all asked in the name of convenience:
“We can add a subdomain anytime, without updating DNS–what’s the downside?“

The article doesn’t mention whether someone reached out to the entertainer,† so I hope someone has.

† cue ragtime piano music

By the time the article went live, the redirects were no longer happening – you’d get an error instead. Someone definitely changed something, and I don’t think it was the crooks!

I assumed it was a DNS-only hack at first – I reasoned the same way as you – and therefore that someone had simply added a heap of subdomains and served them up for themselves.

But all the bogus subdomains I tried ended up back at the main website, redirected to the same PHP script, from where they were re-redirected, either into an ecosystem of PII-grabbing “dating sites”, or to the bogus OneDrive login URL.

Because of that, I inferred that the hack involved some sort of unauthorised changes on the main server, regardless of what else the crooks did, so I focused on that aspect.

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?