User Registration
Customer Login

Knowledgebase

Portal Home > Knowledgebase > Industry Announcements > Web Hosting Main Forums > Providers and Network Outages and Updates > Mydomain.com (dotster) DNS/MX hack or broken


Mydomain.com (dotster) DNS/MX hack or broken




Posted by gordonrp, 01-11-2012, 05:22 PM
Check your domains on mydomain.com/dotster.com, specifically the MX record. I see malicious MX entries with priority 0 being injected into results:
m1.dnsix.com

MX example (even though control panel only shows google MX records):
http://img1.uploadscreenshot.com/ima...85599-orig.png

This appears to be registered to them, but its a non official looking page.

Either they messed up, or they've been hacked.
Posted by gordonrp, 01-11-2012, 05:25 PM
Now their homepage seems to be messed up:
http://img1.uploadscreenshot.com/ima...24855-orig.jpg
Posted by icydog, 01-11-2012, 05:29 PM
It looks like they enabled email forwarding and URL forwarding on all domains without a prefix (e.g. example.com not www.example.com). It affects all my domains and while not a total loss for websites (since they usually have www.), it totally breaks email.
Posted by icydog, 01-11-2012, 05:52 PM
Just got off the phone with mydomain after exactly 30 minutes hold. They are aware of the issue and said that the zone file got corrupted and some "old" stuff got inserted in there. (Not sure how true that is... my domains have never had email/URL forwarding turned on before.)

The ETA is 3-3.5 hr + propagation from now.
Posted by Rolopuente, 01-11-2012, 05:58 PM
Unfortunately I wasn't that lucky... couldn't get with them on the phone... Is it still a reliable hosting company..? We are going to be in the dark for how much, 48 hours? That if they actually fix this...

Man I'm pissed off...

Thanks for the info, was looking all over the net, couldn't find a clue about this until I used dnsstuff.com to see that I had a bogus mx record. Let's hope this get's fixed soon.
Posted by icydog, 01-11-2012, 06:07 PM
BTW: TTL on all my domains at Mydomain (I can't see a way to change it) is 86326 (1 day). So even if they fix it in 3 hours it'll be 27 hours before all polite nameservers are returning the right thing.
Posted by gordonrp, 01-11-2012, 06:08 PM
I just changed out nameservers to point to our own dns (should of done that ages ago), hopefully that will sync up a bit quicker in the root servers.
Posted by BuffaloBill, 01-11-2012, 06:36 PM
Wow.... and this is why people are told.... FREE DNS is NOT quality DNS.... look at mydomain... they are allowing full zone transfers for their domains! They are allowing this for any of their domains! You can grab all 274k of their full zones right now.....

But... I'm sure these users will go right back to using the quality free DNS products that these registrars offer.


# dig axfr mydomain.com @ns1.mydomain.com.

; <<>> DiG 9.8.1 <<>> axfr mydomain.com @ns1.mydomain.com.
;; global options: +cmd
mydomain.com. 2560 IN SOA ns1.mydomain.com. hostmaster.MYDOMAIN.COM. 1326317507 16384 2048 1048576 2560
mydomain.com. 259200 IN NS ns1.mydomain.com.
mydomain.com. 259200 IN NS ns2.mydomain.com.
mydomain.com. 259200 IN NS ns3.mydomain.com.
mydomain.com. 259200 IN NS ns4.mydomain.com.
mydomain.com. 1800 IN A 63.251.171.80
mydomain.com. 1800 IN A 63.251.171.81
mydomain.com. 1800 IN A 66.150.161.141
mydomain.com. 1800 IN A 66.150.161.140
mydomain.com. 1800 IN A 69.25.27.170
mydomain.com. 1800 IN A 69.25.27.173
*.mydomain.com. 1800 IN A 63.251.171.80
*.mydomain.com. 1800 IN A 63.251.171.81
*.mydomain.com. 1800 IN A 66.150.161.141
*.mydomain.com. 1800 IN A 66.150.161.140
*.mydomain.com. 1800 IN A 69.25.27.170
*.mydomain.com. 1800 IN A 69.25.27.173
mydomain.com. 1800 IN MX 0 m1.dnsix.com.
mydomain.com. 1800 IN NS ns1.mydomain.com.
mydomain.com. 1800 IN NS ns2.mydomain.com.
mydomain.com. 1800 IN NS ns3.mydomain.com.
mydomain.com. 1800 IN NS ns4.mydomain.com.
mydomain.com. 86400 IN MX 0 mx.mailix.net.
dev.mydomain.com. 1800 IN A 216.34.94.184
ns1.mydomain.com. 1800 IN A 64.94.117.193
ns2.mydomain.com. 1800 IN A 64.94.31.95
ns3.mydomain.com. 1800 IN A 64.94.117.197
ns4.mydomain.com. 1800 IN A 63.251.83.74
ns5.mydomain.com. 1800 IN A 64.94.117.199
ns6.mydomain.com. 1800 IN A 63.251.83.72
www.mydomain.com. 300 IN CNAME dotster.vo.llnwd.net.
origin.mydomain.com. 300 IN A 64.85.73.93
telhosting.mydomain.com. 86400 IN CNAME r00105.cth.nic.tel.
ote-telhosting.mydomain.com. 300 IN A 195.253.40.2
redirect.mydomain.com. 1800 IN A 216.34.94.186
mydomain.com. 300 IN A 64.14.143.57
mydomain.com. 300 IN A 66.150.120.131
*.mydomain.com. 300 IN A 216.34.94.184
chat.mydomain.com. 86400 IN A 64.85.73.20
forum.mydomain.com. 1800 IN A 216.34.94.181
promo.mydomain.com. 300 IN A 66.11.225.183
blog.mydomain.com. 300 IN A 66.11.225.178
bounce.mydomain.com. 86400 IN A 64.85.73.100
mkt.mydomain.com. 86400 IN A 64.85.73.100
notification.mydomain.com. 86400 IN A 64.85.73.28
renewals.mydomain.com. 86400 IN A 64.85.73.103
lists.mydomain.com. 86400 IN A 216.234.106.37
lists.mydomain.com. 86400 IN MX 0 10.mx.lists.mydomain.com.
lists.mydomain.com. 86400 IN MX 0 20.mx.lists.mydomain.com.
lists.mydomain.com. 86400 IN TXT "v=spf1 a -all"
lyradmin.mydomain.com. 86400 IN A 216.234.106.44
mailix.mydomain.com. 300 IN A 66.11.225.85
webmail.mydomain.com. 300 IN A 66.11.225.86
images.mydomain.com. 1800 IN A 216.34.94.185
scripts.mydomain.com. 300 IN A 66.11.225.85
beta.mydomain.com. 1800 IN A 193.230.129.57
fig.mydomain.com. 1800 IN A 216.34.94.184
fun.mydomain.com. 1800 IN A 216.34.13.250
newsletter.mydomain.com. 1800 IN A 216.112.64.102
partner.mydomain.com. 1800 IN A 216.34.13.250
afs.mydomain.com. 300 IN A 66.11.225.88
cadomains.mydomain.com. 1800 IN A 216.34.94.177
members.mydomain.com. 86400 IN A 212.100.224.151
training.mydomain.com. 86400 IN A 212.100.224.151
tutorials.mydomain.com. 86400 IN A 212.100.224.151
securemx.mydomain.com. 300 IN A 66.11.225.84
cache.mydomain.com. 86400 IN CNAME cache.mydomain.com.c.footprint.net.
pop.mydomain.com. 300 IN CNAME mx.mailix.net.
smtpauth.mydomain.com. 300 IN CNAME smtpauth.namezero.com.
updates.mydomain.com. 300 IN A 64.85.73.16
emailer.mydomain.com. 300 IN A 67.207.221.5
mydomain.com. 86400 IN TXT "v=spf1 mx include:_netblocks.mydomain.com includealesforce.com include:emailbrain.com include:rnmk.com include:custhelp.com -all"
kesp._domainkey.mydomain.com. 86400 IN TXT "k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC61RrUNTIcNbf/+f5Co2V37GMvPQdbUVyjgvLXrUKAXeJDwYVumAtE9BovuDZNYxcgG2oy7mkcZX/3rBF2SJX9Cp5yw0axuMpzkuzPQq26h+2+MLuvtJtfDIaHgNeEJOjMeq7s9RFQHRr9g26lkZQTRAob8YevaA9KHiNNyIaZuQIDAQAB"
_netblocks.mydomain.com. 86400 IN TXT "v=spf1 mx ip4:69.63.211.0/25 ip4:64.85.73.0/25 ip4:70.103.251.0/24 ip4:63.251.171.160/27 ip4:216.34.94.189 -all"
emailbrain.mydomain.com. 3600 IN A 69.93.186.217
secure.mydomain.com. 300 IN A 64.85.73.73
mydomain.com. 2560 IN SOA ns1.mydomain.com. hostmaster.MYDOMAIN.COM. 1326317507 16384 2048 1048576 2560
;; Query time: 23658 msec
;; SERVER: 64.94.117.193#53(64.94.117.193)
;; WHEN: Wed Jan 11 22:29:18 2012
;; XFR size: 77 records (messages 77, bytes 4314)
Posted by TObject, 01-11-2012, 06:42 PM
I am unable to change nameservers through the dotster control panel, I get the following errors on the couple of domains I tried:

Unable to Change Name Servers with Registry, or invalid Name Server.

Any ideas how to push the update through? The support is unresponsive. The new name servers are valid; in fact they are already used by some of my dotster domains...
Posted by icydog, 01-11-2012, 07:55 PM
All of my domains seem to be fixed now on ns{1,2,3,4}.mydomain.com. It will of course still take time to propagate.
Posted by newscloud, 01-11-2012, 08:14 PM
I'm seeing it seems to be fixed now too - but cname records don't seem to be appearing in dns lookups.
Posted by icydog, 01-11-2012, 08:21 PM
Everything (including CNAME) is working for me if I go straight to the authoritative nameservers. It will take up to 24 hrs for propagation to occur.
Posted by BuffaloBill, 01-11-2012, 09:37 PM
This proves that if you are relying on your domain to run a business, and you use mydomain.com for DNS... then you do not belong to be in business.

Mydomain.com is fine for hobby users and non-business sites. But if you are using mydomain.com for DNS services.... you are a fool.

Who needs SOPA when the DNS provider itself will poison the Internet?


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
2amnetwork down (Views: 1173)
Ecatel website and all servers offline. (Views: 1163)
GuardHosts offline topic: Contacting all current and new customers [ Merged ] (Views: 1219)
limestone networks having issues? (Views: 1005)
KnownHost vz66-tx server down (Views: 1325)

Language:

Our Services

Client Menu

Legal

+1 512-782-9732

Find any answers
you need...



  • PCI Secure
  • Verefied by VISA
  • MasterCard SecureCode

    • Terms of Service | Privacy Policy | FAQs | Affiliates | Email
    Copyright © 2015 BraginHos / CHS Gateway inc. - All Rights Reserved.
    Our address: CHS GATEWAY INC c/o Regus Offices, 2598 E. Sunrise Blvd Ste 2104, Fort Lauderdale, Florida 33304, contact phone number: (+1) 512-782-9732, email: support@chsgatewayinc.com