Today we were alarmed to find out that our server domains are not resolved properly to their correct IP address but to an IP address we're not familiar with 126.96.36.199
The reason for this issue was that FreeDNS servers have responded with the wrong IP 188.8.131.52 instead of our real IP. To some people, this wrong IP cause a redirect to a malware website! Please comment here if you suffer from a similar issue.
While it seems that, at least in our case FreeDNS now responds properly, the malicious DNS entry has gotten a TTL (Time To Live) of 1 week which means that if the various domain name servers who received the wrong IP are actually obeying this TTL your website may be inaccessible for an entire week!
To check if your domain is resolved properly, you can use a service such as digwebinterface or whatsmydns to check quickly how different DNS worldwide resolve your domain. You can also use dig or nslookup to see quickly what a specific DNS replies.
In a chat with NameCheap they denied being hacked as their support supervisor wrote "I can assure you that our servers have not been hacked.". Well, if not hacked, have they done this on purpose? Getting many of their domains to point to a malware site? Do you smell a lawsuit coming?
Here's a bit of info about the IP used for this hack:
|ISP||Net-Style Atarim Ltd|
As for our own website I've posted this message on our forum: http://colnect.com/en/forum/viewtopic!f=6&t=68917&p=192078#p192078
UPDATE: we have posted on our blog about this issue as well.
UPDATE2: if you're on windows try to also launch ipconfig /flushdns from command prompt to ensure your computer is trying to fetch the correct DNS.
UPDATE3: we've updated more entries to the hosts file to ensure all our servers respond properly.
PLEASE SAVE THIS MESSAGE IF YOU SEE IT. If other Colnectors are having trouble please assist them.
DNS is a service that translates a domain name ( such as colnect.com ) to an IP address ( such as 184.108.40.206 which is our main IP ).
One of our DNS providers had problems on their servers. I suspect they've been hacked but are unaware of it. Thereby you may not see Colnect properly and instead get redirected somewhere else.
If this happens you can here are your options:
1/ Close your browser, wait a bit and try again. If it doesn't work then go ahead and flush your DNS cache. However, if your DNS provider didn't get updated yet you may need to follow the next steps.
2/ Update your hosts file manually (explanation) by adding these two lines:
If you choose this option you may want to comment out these lines later as we plan to change IP for colnect.com in the coming days as we upgrade our server.
3/ Set your DNS servers to Google's own 220.127.116.11 and 18.104.22.168 - here's a guide
We are very sorry for this trouble. While their DNS now seems to work well, the bad records showing a different IP address might still be cached on other DNS providers.