{"id":9299,"date":"2008-12-09T12:55:00","date_gmt":"1999-11-29T20:00:00","guid":{"rendered":"https:\/\/aidanfinn.com\/?p=9299"},"modified":"2008-12-09T12:55:00","modified_gmt":"1999-11-29T20:00:00","slug":"digiweb-hacked-microsoft-ireland-appears-like-it-was-hacked","status":"publish","type":"post","link":"https:\/\/aidanfinn.com\/?p=9299","title":{"rendered":"Digiweb Hacked? Microsoft Ireland “Appears” Like It Was Hacked"},"content":{"rendered":"

One of my colleagues told me to look at www.microsoft.ie<\/a>.\u00a0 I did and I took a screen shot:\n<\/p>\n

\"MsIEhacked\"<\/a>\n<\/p>\n

That, on the face of it, would look like Microsoft were hacked and someone had defaced the Irish site.\u00a0 I checked the genuine MS Ireland URL<\/a> and it was OK.\u00a0 A quick lookup on DNSTools and I found this:\n<\/p>\n

% Information related to ‘80.93.17.0 – 80.93.17.255’
inetnum:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 80.93.17.0 – 80.93.17.255
netname:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 nov-sh
descr:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Novara Shared Hosting
country:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 IE
admin-c:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 nov23-ripe
tech-c:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 nov23-ripe
status:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ASSIGNED PA
mnt-by:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mnt-novara32
mnt-lower:\u00a0\u00a0\u00a0\u00a0\u00a0 mnt-novara32
mnt-routes:\u00a0\u00a0\u00a0\u00a0 mnt-novara32
source:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 RIPE # Filtered
person:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Eoin Costello
address:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 3, North Earl Street Dublin 1, Ireland
phone:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 +35318583091
nic-hdl:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 nov23-ripe
source:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 RIPE # Filtered
% Information related to ‘80.93.16.0\/20AS31122’
route:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 80.93.16.0\/20
descr:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Novara Route Object
origin:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 AS31122
mnt-by:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 DIGIWEB-MNT
source:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 RIPE # Filtered<\/em>\n<\/p>\n

Novara was acquired by Digiweb a while ago.\u00a0 It looks like someone set up a DNS record to point to a site hosted on their shared service web servers.\u00a0 Ouch!\n<\/p>\n

EDIT:\n<\/p>\n

This looks<\/em> like a DNS hack was perpetrated on Digiweb.\u00a0 I cannot say for definite but that’s what it smells like to me.\u00a0 It looks like stuff that was 100% outside of MS’s control.\n<\/p>\n

EDIT #2:\n<\/p>\n

And for the twits wearing tinfoil hats: No, the Microsoft Ireland site was not<\/strong> actually defaced.\u00a0 The\u00a0.ie DNS record just redirects to the Ireland subpages of corporate.\u00a0 That record (it looks as if it was Novara hosted but I could be wrong) was altered and a fake<\/strong> page on a Novara\/Digiweb server was set up.<\/p>\n","protected":false},"excerpt":{"rendered":"

One of my colleagues told me to look at http:\/\/www.microsoft.ie.\u00a0<\/a> I did and I took a screen shot: That, on the face of it, would look like Microsoft were hacked and someone had defaced the Irish site.\u00a0 I checked the genuine MS Ireland URL and it was OK.\u00a0 A quick lookup on DNSTools and I … Continue reading “Digiweb Hacked? Microsoft Ireland “Appears” Like It Was Hacked”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-9299","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"jetpack_featured_media_url":"","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/9299","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9299"}],"version-history":[{"count":0,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/9299\/revisions"}],"wp:attachment":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9299"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9299"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9299"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}