Yups, it looks like the website of Universiti Teknologi Mara (UiTM) has been defaced by CuciOtak. Thanks to Arafat aka Trunasuci for pointing this out at #fakap channel. Anyway, one of my colleague told me that he is realized of this incident since yesterday.
Hmmm, is this because of DNS Cache Poisoning? I have performed several queries by using different DNS server and here is the result,
- Using Dreamhost DNS,
[horchata]$ host www.uitm.edu.my
www.uitm.edu.my A 202.58.80.152 - Using Jaring DNS,
[horchata]$ host www.uitm.edu.my jaring.my
www.uitm.edu.my CNAME uitm.edu.my
uitm.edu.my A 66.197.236.37 - Using TM Net DNS,
[horchata]$ host www.uitm.edu.my 202.188.1.5
www.uitm.edu.my CNAME uitm.edu.my
uitm.edu.my A 66.197.236.37 - Using OpenDNS,
[horchata]$ host www.uitm.edu.my 208.67.222.222
www.uitm.edu.my A 202.58.80.152
[horchata]$ host www.uitm.edu.my 208.67.220.220
www.uitm.edu.my A 202.58.80.152 - Using UiTM DNS,
[horchata]$ host www.uitm.edu.my ns1.uitm.edu.my
www.uitm.edu.my A 202.58.80.152
[horchata]$ host www.uitm.edu.my ns2.uitm.edu.my
www.uitm.edu.my A 202.58.80.152
[horchata]$ host www.uitm.edu.my ns3.uitm.edu.my
www.uitm.edu.my A 202.58.80.152 - Using other DNS,
> www.uitm.edu.my
Server: resolver.[undisclosed].net
Address: xx.xxx.135.51Non-authoritative answer:
Name: uitm.edu.my
Address: 66.197.236.37
Aliases: www.uitm.edu.my
From the queries above, I can notice the answers are not always the same.
{ 8 } Comments
yerp… comfirm DNS cache poisoning
(Usingyap.. i’m a computer science student from uitm dgun.. when i noticed this website hacked on sunday i tell my lect.. even she also ddint know about the uitm website has been poisoning.. she said to me.. Saya bukak Ok jer.. so that’s mean server uitm xkene hack.. just DNS poisoning jer.. I’m doing my practical at Optimal rite now n surf the url at office.. i tot my company netwrk is problem but nothing problem at all.. but true la.. i wanna tell sysadmin a certain uitm website seems like a little bit vulnerable.. better check on it.
Tq..
Hidup UiTM
(Using1 more.. yg heran nye.. setahu saya UiTM kan antara anak buah F-Secure.. kerjasama la katakan.. lgpun stahu sy IPTA yg kerjasama ngn F-secure just UiTM n UM.. so mcm mane leh kene poison.. uitm should be advance in security compare to others.. just comment..I’m mad when someone said security uitm adalah paling lemah.. Haiz!! sedangkan UiTM yg anjur kan i-hack tiap2 tahun..
(Usingvery very nice.
(Usingeven hackthisite.org pun pernah di hack :D
(Usingisk isk isk.. takde keje lain diorang ni..
(UsingHi guys, I’m looking for Degree CS student (1 only). pls mail me. Thanks.
polzan@gmail.com ,
(UsingNeed more details….pls go to http://www.willowglen.com.my
Latest attack from same hacker to etiqa maybank and mni
(Using{ 1 } Trackback
[...] the other hand, I was reading Sysadmin’s blog and found out that UITM website has been defaced. More likely it was a DNS cache poisoning since [...]
Post a Comment