[outages] NameCheap down, was it hacked?

Chuck Anderson cra at WPI.EDU
Fri Feb 20 12:48:36 EST 2015 

Well, it is back up now.  They claim Emergency Maintenance:

http://status.namecheap.com/archives/18453

Still pending from them on whether the below notification is fake or
not.  The DNS zone itself appears to be correct.

On Fri, Feb 20, 2015 at 12:18:14PM -0500, Chuck Anderson via Outages wrote:
> It looks like NameCheap is down.  It may have been hacked, because I
> got a Security Notification from them about a domain I have.
> 
> https://www.namecheap.com/
> 
> Website is offline
> 
> No cached version of this page is available.
> Error 522 Ray ID: 1bbc4b52c02609be
> Connection timed out
> 
> 
> 
> http://downforeveryoneorjustme.com/www.namecheap.com
> 
>  It's not just you! http://www.namecheap.com looks down from here.
> 
> Check another site?
> 
> 
> 
> The e-mail says:
> 
> Received: from mta.messagebus.com (mba1056.namecheap.messagebus.com [108.175.18.57])
> From: "Namecheap.com - Security Notification" <support at namecheap.com>
> Subject: Security Notification
> 
> ----------------------------------------------------------------------
> Namecheap.com
> Activity Notification
> ----------------------------------------------------------------------
> Dear <name>
> 
> There was some activity in your namecheap account. Information on what
> type of change occurred is available below.
> 
> Notification For : HOSTS
> Date : 2/20/2015 11:36:09 AM 
> IP Address : 192.168.1.10
> Username : <username>
> Domain (if relevant) : <domain>.org
> 
> 
> Old Details
> -----------
> 
> Host Information
> ------------------
> 
> New Details
> -----------
> 
> Host Information
> ------------------
> 
>   Name: www
>   Type: CNAME
>   Address:parkingpage.namecheap.com.
>   Name: @
>   Type: URL
>   Address: http://www.<domain>.org/?from=@
> 
> Additional Information
> ----------------------
> N/A
> 
> 
> Thanks,
> Namecheap.com
> http://www.namecheap.com
> 
> 
> 
> >host 108.175.18.57
> 57.18.175.108.in-addr.arpa domain name pointer mba1056.namecheap.messagebus.com.
> >whois 108.175.18.57
> [Querying whois.arin.net]
> [Redirected to whois.messagebus.com:4321]
> [Querying whois.messagebus.com]
> [whois.messagebus.com]
> %rwhois V-1.5:003fff:00 rwhois.messagebus.com (by Network Solutions, Inc. V-1.5.10-pre6)
> network:Class-Name:network
> network:ID:MESSAGEBUS-BLOCK1.108.175.16.0/20
> network:Auth-Area:108.175.16.0/20
> network:Network-Name:MESSAGEBUS-BLOCK1.108.175.106.0
> network:IP-Network:108.175.16.0/20
> network:IP-Network-Block:108.175.16.0-108.175.24.0
> network:Organization;I:Message Bus
> network:Tech-Contact;I:hostmaster at labs.messagebus.com
> network:Admin-Contact;I:hostmaster at labs.messagebus.com
> network:Created:20120706
> network:Updated:20130313
> network:Updated-By:hostmaster at labs.messagebus.com
> 
> %referral rwhois://whois.messagebus.com:4321/auth-area=108.175.16.0/20
> _______________________________________________
> Outages mailing list
> Outages at outages.org
> https://puck.nether.net/mailman/listinfo/outages

More information about the Outages mailing list