Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security The Media United Kingdom News

The Register Hacked 192

First time accepted submitter rjmx writes "Looks like The Register has been hacked. Its front page has been replaced with a page in tasteful red and black, apparently by a Turkish hacker."
This discussion has been archived. No new comments can be posted.

The Register Hacked

Comments Filter:
  • oh shit! (Score:5, Funny)

    by larry bagina ( 561269 ) on Sunday September 04, 2011 @03:21PM (#37303988) Journal
    looks like the hacker retroactively stole all their credibility!
    • Front page still hacked, but fairly harmlessly. Does that hacker know what sort of wasps' nest he may have poked his nose into? No doubt, we shall hear more from the BOFH [theregister.co.uk].
      • "No doubt, we shall hear more from the BOFH."

        What was your user name again? Ah. Ok. "Clicky Clicky."

        You know, that wasn't a very nice email you just sent to the President.

        Oh, and here, hold this wire.
    • Re:oh shit! (Score:5, Informative)

      by KiloByte ( 825081 ) on Sunday September 04, 2011 @03:44PM (#37304132)

      No credibility lost, it's not them who got hacked but their DNS provider.

      • No credibility lost, it's not them who got hacked but their DNS provider.

        The Buzzard brand is safe.

    • by amiga3D ( 567632 )

      At least all of it in the last 6 years. Check the copyright on the page. Nice touch.

    • looks like the hacker retroactively stole all their credibility!

      You know, I hear lots of people go off on the Register's credibility, but I've never myself noticed a problem. Do you have any examples of what earned them that reputation?

  • Oops ... (Score:1, Offtopic)

    by rjmx ( 233228 )

    its, not it's. Sorry about that.

    • Re: (Score:2, Offtopic)

      by DWMorse ( 1816016 )

      Last time accepted submitter rjmx writes

      Fixed that for you... ;)

    • Neither. TITS.
      • Or, maybe its like PHP. A recursive acronym. Here's an example you can run from my Dropbox [dropbox.com] account. IT'S (ha!) named (of course) "TITS". If you're using the BetterPrivacy plugin for Firefox (or something similar), you'll have to disable it or the page is blocked (I guess it doesn't like HTML files named "TITS.html" -- and BTW, BetterPrivacy, what does "TITS" have to do with my privacy?).

        Here's a description of what it does (and how it does it):

        function TITS(String theBigT, Number bandSize, String cu

  • Copyright 2005?? What the fuck? lol
    • Copyright 2005?? What the fuck? lol

      Also, in the source I find:
      <meta content="MSHTML 6.00.2900.3698" name="GENERATOR">

  • website is down, cant wait to read odds and sods when its back up.... :O)
  • by Anonymous Coward

    the register is shithouse anyway

  • Errr...UK here, seems all good to me...

    Did i miss the hack? Kudos to the admin if i did. I was reading it not two hours before this too.
    • As I write, the site is still defaced. It's been up and down in the last few minutes though...
      • by Inda ( 580031 )
        Fine here too.

        Using Virgin Media's DNS.

        Their forum has nothing...
        • With apologies to the reg's admins, I tried to get to a story I was reading earlier on, and got the following in return:

          Not Found The requested URL /2011/09/02/samsung_webos_acquisition_no_not_ever/ was not found on this server.
          Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
          Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.4 Perl/v5.8.8 Server at ww
          • Re: (Score:2, Informative)

            by Anonymous Coward

            thats not theregisters.co.uk 404, they have a custom 404

            what you are seeing is the result of DNS poisoning of your ISP, the 404 is from someone elses server
            the actual site is fine and has NOT been hacked.
            ps the real IP of the reg is 212.100.234.54

            • Hmmm. I see them at 72.3.246.59 where they are responding to pings. The site called up from that IP looks like the Register.. I never thought about it before, but the page information from opera and konqueror doesn't seem to tell me what the IP I'm looking at is when I feed them a URL. Probably there's a stunningly obvious way to get the IP and I just need some sleep.

    • Picture of the UPS hack [imageshack.us]

      It's DNS, so not much actual harm done to the targeted servers.

  • by Lord_Naikon ( 1837226 ) on Sunday September 04, 2011 @03:25PM (#37304018)

    Lol, why would he care about copyright? Afraid some other hacker might steal his logo?

    • by godrik ( 1287354 ) on Sunday September 04, 2011 @03:29PM (#37304036)

      If they do that would be illegal!

      • Sadly enough if they took that to a US court he would probably win.
      • Reminds me of this super-stupid dude who went to the police to report his 'stash' stolen. He knew who did it and the police went with the dude to the home of the thief, and bingo - there was a big bag of weed. The police then asked him to identify it, and he confirmed "yeah, that is mine!". Presto, the police arrested him for possession and the guy that took it for theft and possession... Stupid...

  • by Anonymous Coward on Sunday September 04, 2011 @03:28PM (#37304028)

    If you saw the "hacked" page, you were being routed to a different server.

    • by Rhodri Mawr ( 862554 ) on Sunday September 04, 2011 @03:38PM (#37304100)
      Mod parent up. This appears to be a case of DNS cache poisoning. Notably www.reghardware.com is unaffected.
    • Uhmmm...actually, I kinda wish the site itself had been hacked? Knowing this makes me feel more than a little queasy...

      Lessee...

      Name servers:
      ns1.yumurtakabugu.com
      ns2.yumurtakabugu.com

      C:\Users\ionotter>ping www.theregister.co.uk

      Pinging theregister.co.uk [68.68.20.116] with 32 bytes of data:
      Reply from 68.68.20.116: bytes=32 time=99ms TTL=41
      Reply from 68.68.20.116: bytes=32 time=90ms TTL=41
      Reply from 68.68.20.116: bytes=32 time=90ms TTL=41
      Reply from 68.68.20.116: bytes=32 time=90ms TTL=41

      Ping statistics fo

  • As of 2025 GMT, I'm still seeing the "hacked" page. Since I haven't specifically been to El Reg in over a week, I'm not seeing a cached copy.

    As for the "hack"?

    Wow. Going to be a very interesting read come Monday morning?

  • People are complain on twitter about him taking down UPS.com too. I only get a DNS error from them. This has to be a DNS hack.
  • Check http://www.zone-h.org/archive/notifier=TurkguvenLigi.info [zone-h.org] From the cache of http://www.theregister.co.uk/2011/08/12/mckinnon_website_defaced/ [theregister.co.uk] "TurkGuvenligi is a serial website defacer whose previous victims include Secunia. An archive of his work can be found here [3]. Defacers typically use search engines to search for vulnerable sites before setting on victims and uploading digital graffiti on these sites. Such hacks, by themselves, are normally trivial and seldom expose more sensitive systems."
    • DNS hack. This is why it doesn't appear for everybody.. yet. Check their whois, they STILL all have these DNS: Domain servers in listed order: ns1.yumurtakabugu.com (NSYUMURT1119540) ns2.yumurtakabugu.com (NSYUMURT1119541)
  • Corrections (Score:5, Informative)

    by Artem S. Tashkinov ( 764309 ) on Sunday September 04, 2011 @04:03PM (#37304222) Homepage

    If cannot live without The Register, put into your hosts file

    Linux: /etc/hosts
    Windows: C:\windows\system32\drivers\etc\host

    these two lines:

    72.3.246.59 theregister.co.uk
    72.3.246.59 www.theregister.co.uk

    And the summary of the article is apparently wrong, someone stole/hacked into TheRegister DNS zone, TheRegister www servers are intact.

    • Re:Corrections (Score:5, Insightful)

      by NickFortune ( 613926 ) on Sunday September 04, 2011 @05:51PM (#37304646) Homepage Journal

      And the summary of the article is apparently wrong, someone stole/hacked into TheRegister DNS zone, TheRegister www servers are intact.

      ... which is actually kind of cool, seeing as how the Slashdot Effect seems to be wreaking it's usual havoc on the hacker's servers.

      Every now and then, reality self-organises in the direction of justice.

      • Even without slashdot, I imagine the Reg gets a fair amount of traffic.

        I wonder if the hacker realised just how much...

        You wanna impersonate them? here, have their traffic...see how your servers cope. Who pays for the bandwidth in this case?

        • by Bert64 ( 520050 )

          Someone else, i imagine the hackers are using another hacked server to host the defacement.

    • I'm honestly not trolling here, but has anyone else stopped reading the register as much these days? They really seem to be sinking to tabloid levels, and their editorial line has jumped sharply to the right. Even BOFH just seems to be rinsing and repeating the same old formula. Maybe it's just me ...
  • theregister.co.uk seems to be down but the same group has cracked ups.com and the source shows that they used a Microsoft product.

    There you are, Microsoft aid crackers.

    /sarcasm
  • host -t NS theregister.co.uk
    theregister.co.uk name server ns2.yumurtakabugu.com.
    theregister.co.uk name server ns3.yumurtakabugu.com.
    theregister.co.uk name server ns1.yumurtakabugu.com.
    theregister.co.uk name server ns4.yumurtakabugu.com.

    • by nomad63 ( 686331 ) on Sunday September 04, 2011 @04:27PM (#37304328)
      it means egg shell for the uninitiated ... I happen to be bilingual :) In Turkish and English...
      On the technical side, I think if you are clever enough to come to /., you can check with any whois gateway to see who yumurtakabugu.com it belongs to. But I bet dollars to your pocket lint that, it is also a hacked site.
      • it means egg shell for the uninitiated ... I happen to be bilingual :) In Turkish and English...

        Okay, WHERE WERE YOU when The Register's DNS provider was hacked?

  • Gateworld.net is down too. FYI:

    NS1.DNSPARK.NET
    NS2.DNSPARK.NET
    NS3.DNSPARK.NET
    NS4.DNSPARK.NET
    NS5.DNSPARK.NET

    Also, i do not see what good is in slashdotting them at this time.

  • Several sites, including the register and ups.com were redirected by DNS to a defacement page...

    A list of the sites is at:
    http://www.zone-h.org/archive/notifier=TurkguvenLigi.info/page=1 [zone-h.org]

    It does not seem to be a DNS poisoning, since the whois servers also reported the hacker's dns servers.

    Also zone-h reports that the site was running Linux, but it is clearly whatever server the hackers redirected the DNS to that runs linux, it was not necessarily a linux system that was breached in order to actually carry ou

    • by WoOS ( 28173 )

      Hmm, seems to be a bit more complicated. At least in the vodafone net itself (DSL from Arcor/Vodafone).

      --- snip ---
      $ nslookup
      > set type=ns
      > theregister.co.uk
      Server: 192.168.0.1 [The nameserver on the DSL router which forwards to vodafones DNS servers]
      Address: 192.168.0.1#53

      Non-authoritative answer:
      theregister.co.uk nameserver = ns3.theregister.co.uk.
      theregister.co.uk nameserver = ns4.theregister.co.uk.
      theregister.co.uk nameserver = ns2.theregister.co.uk.
      theregister.co.uk nameser

  • Their back..

    Looks like they have got themselves sorted again.

  • by WoOS ( 28173 ) on Sunday September 04, 2011 @06:22PM (#37304738)

    1) Get some SSL keys [slashdot.org]

    2) Redirect the DNS Servers

    3) Profit!

    • Once the DNS is redirected, you can get Godaddy to get you an SSL cert in about 1 hour. Just need access to create a txt record or modify your webpage, which shouldnt be a big deal, and since the entire thing is automated I dont think youd have any issues.

  • biting the hand that feeds it, (pun intended)
  • The seem to have declared it 'world hacking day'. I wouldn't mind a world hacking day where everyone tries to attack websites. That way at least companies will pull up their pants once a year and it will be 'open season' on sites with crappy security. Could help.

  • h4ck1n9 is not a cr1m3

    Can somebody please shut the freaking script-kiddie who thinks he's cool up? I mean seriously...it's going on my nerves that those guys are called hackers. I mean, I'm not a hacker, not even close...hell, I'm not even a network coder because I suck at it...but I respect the real hacker community enough to exclude those guys from them.

It's currently a problem of access to gigabits through punybaud. -- J. C. R. Licklider

Working...