We’ve seen hacks on iPowerWeb servers before. Now there seems to be a fresh rash of them. All of these sites are hosted on iPowerWeb-related servers (which include Endurance International Group and Bizland). And all of them have a similar pattern.
Examples:
Generally, these links redirect to porn:
More hacked sites:
nvvam.org
orda.org
chnetwork.org
ifess.org
vraweb.org
spt.org
chnetwork.org
limarc.org
atcsd.com
123child.com
planetarium.net
kci.org
icat.org (not porn, but search redirects)
It’s a DNS hack (very much like what occurred in the past):
| 111.pornsites2703.planetarium.net | |
| Answer records | ||||||||||||||||||||||||||
| name | class | type | data | |||||||||||||||||||||||
|
111.pornsites2703.planetarium.net planetarium.net
|
IN | A | 216.130.168.69 | |||||||||||||||||||||||
iPowerWeb isn’t the only web hosting provider to have this problem. At least one site on Cernio (indybay.org), The Planet (ruby-doc.org) and Media Temple (hml.org) is similarly hacked.
However, they pale in comparison to the iPowerWeb problem.
Alex Eckelberry