Kang shengchuangxiang claimed that the domain name was hijacked and caused a hacker attack.

Sina Technology news on the afternoon of October January 8 message, for today a large number of webmasters reflect that the forum cannot enter suspect Discuz! In the event of a hacker attack, Kang shengchuangxiang just published an announcement saying that the reason was that the domain name service provider of Discuz.net suffered a vulnerability and caused a hacker attack, resulting in a failure to access the forum.

Today, a large number of webmasters responded that they could not access the forum, and the page showed "Hacked by ring04h, just for fun !" It may be caused by a vulnerability in the Discuz7.0 software. The related technical personnel of Kang shengchuangxiang checked and said that the security problem was caused by domain name hijacking, Discuz! The software code of each version is safe.

Kang shengchuangxiang believes that this incident is a serious and malicious attack, and its behavior has exceeded the ethics and professional ethics of a person engaged in security technology. In this regard, Kang shengchuangxiang claimed that he had retained all the logs that could prove the crime and transferred them to the judicial department for processing.

The full text of the announcement is as follows:

Users and webmasters:

At on November 11, January 8, 2009, some webmasters reported that their forums could not be accessed and the page shown "Hacked by ring04h, just for fun !" . In order to be responsible for the majority of users, we immediately organized technical staff to conduct security checks on the Forum program, and all the troubleshooting results showed that the program had no problems. At the same time, we noticed that the customer.discuz.net domain name was hijacked and directed to an unknown server (203.86.236.236 ).
   
The Customer site is Discuz! An emergency interface used to send Forum patches and security patch notifications. Hackers first use the vulnerability of the domain name service provider that Discuz.net belongs to, log on to and modify the customer's domain name address, and write a piece of attack code in advance to store it on a server. During this period, if the webmaster logs on to the homepage of the Forum background, the domain name of the Forum notification server is hijacked to the new server, so that the attack code can run and imitate the identity of the webmaster, submitted and modified the SEO settings of the Forum. As a result, the forum cannot be accessed normally, resulting in domain name hijacking and access failure.
   
In this regard, we quickly contacted the domain name service provider and corrected the domain name address as soon as possible. At noon, we released an emergency correction solution to avoid the spread of domain name hijacking.

Use Discuz! If the webmaster accesses the background within this period (about one hour), the domain name hijacking background may be modified by attackers, as a result, the website cannot be accessed and an illegal attack occurs. However, it is determined that the attack will not affect the data of the Forum.

Currently, for affected websites, you can directly access the admin program admincp. php in the background, and then modify the SEO settings of the Forum. At the same time, the solution product package has been released on the official forum.

The domain name is a basic Internet service. This security issue is caused by domain name hijacking. Discuz! The software code of each version is safe, so Discuz! In addition to the release of restoration methods and restoration tools, no new patches have been released.
   
We believe this incident is a serious and malicious attack, and its behavior has exceeded the ethics and professional ethics of a person engaged in security technology. In this regard, we have kept all the logs that may prove crimes and transferred them to the judicial department for processing!