panix.com recovery in progress

Henry_Yen · January 16, 2005, 11:01pm

The latest shell host motd's:

. Hijack recovery underway (elr) Sun Jan 16 17:43:28 2005
.
. Recovery is underway from the panix.com domain hijack.
.
. The root name servers now have the correct information, as does the
. WHOIS registry. Portions of the Internet will still not be able to
. see panix.com until their name servers expire the false data. More
. info soon.
.
. panix.net status update (elr) Sun Jan 16 16:06:41 2005
.
. As some of our customers have noticed, there have been a few problems
. with using panix.net as a substitute for panix.com. We've fixed most
. of them:
.
. * if you change your return address to username@panix.net, it now works.
. Previously, it was getting re-written back to username@panix.com. Customers
. may need to do this to send mail to domains that use "Sender Address
. Verifcation" since the fake panix.com mail servers don't seem to be
. accepting mail right now.
.
. * The URL "http://www.panix.net/~USERNAME" automatically redirects to
. panix.com/~USERNAME. You can get around this by appending a / to the URL:
.
. http://www.panix.net/~USERNAME/
.
. * Addresses of the form xxxx@USERNAME.users.panix.net are working now.
.
. Of course, we're still working around the clock to solve the underlying
. problem with the hijacked domain.

Thor_Lancelot_Simon · January 16, 2005, 11:12pm

Yes, some folks with serious mojo got involved and things seem to be
on the way to "operationally fixed". AFAIK there is still no progress as
to the question of how this kind of transfer can happen without notice
to the transferred-from registrar (it's possible that there's progress
I don't know about).

I have just spoken to the tremendously tired and overworked ops staff at
Panix again. They would appreciate it very much if network operators
would reload their nameservers to help the good data for panix.com
propagate over the bad. Some Panix customer email now seems to be being
relayed to the actual Panix mail servers by the fake ones in the UK, which
is not such a good thing for obvious reasons.

Thor

Ken · January 16, 2005, 11:37pm

It seems to be working for myself, however it appears as though SSH is
listening on port 80 on that machine.

<message>
SSH-1.99-OpenSSH_3.9p1 Protocol mismatch.
</message>

I can connect "correctly" via ssh on port 80.

Ken

Alexei_Roudnev · January 17, 2005, 6:44am

There is more sertious problem here.

I can image 2 kinds of transfer:
- (1) domain is transferred WITHOUT CHANGES to the new registrar. Notice -
WITHOUT CHANGES. New registrar
should not change diomain without explicit order from owner.

- (2) Domain is expired and, after reasonable HOLD period, is transferred to
the new owner (and more likely new registrar). I can happen with the unused
domain only, or with domain which is expired.

In no case can 2 events happen together; if it happen, it is 100% indication
of hajacking. If someone want domain to be delegated to the new owner, he
91) change registrar if necessary, and (2) change donain owner.

All other approaches are very dangerous.