Gunsamerica.com was hacked again

General » General Discussion

[ARCHIVED THREAD] - Gunsamerica.com was hacked again

Posted: 2/28/2006 6:48:48 PM EDT

God, I'm sick of this shit. These fucking hackers continually attack the gunsamerica.com site.

Posted: 2/28/2006 6:58:43 PM EDT

[#1]

looks fine to me

Posted: 2/28/2006 7:01:12 PM EDT

[#2]

Hackers suck. If only they would spend their energy doing something constructive. I just don't get their motivation.

Posted: 2/28/2006 7:01:54 PM EDT

[#3]

When I click on my bookmark it says "Pardon our Dust at Gunsamerica BH. " Then it contains the following message:

GunsAmerica is moving...
Most people now have their ISP pointing at the new server in sunny florida!
But your ISP (we know for sure Bellsouth and there are others) may not have updated their cache files yet. You can try accessing us at our new server 216.219.244.51 in the meantime with it's raw IP address, but you might have issues with pictures. Complain to your ISP!! It's a little rediculous almost two days later that they haven't updated it. -mgmt

Posted: 2/28/2006 7:02:26 PM EDT

[#4]

It's not hacked. Your ISP (and mine, incidentaly) have misconfigured name servers and are not observing the 1 hr TTL configured for the domain.

My own name server does, however:


[root@eagle named]# dig a gunsamerica.com

; <<>> DiG 9.2.5 <<>> a gunsamerica.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28172
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;gunsamerica.com.               IN      A

;; ANSWER SECTION:
gunsamerica.com.        3111    IN      A       216.219.244.51

;; AUTHORITY SECTION:
gunsamerica.com.        3111    IN      NS      ns1.primarydns.com.
gunsamerica.com.        3111    IN      NS      ns2.primarydns.com.

;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(localhost)
;; WHEN: Tue Feb 28 21:01:58 2006
;; MSG SIZE  rcvd: 96

[root@eagle named]#

Posted: 2/28/2006 7:07:54 PM EDT

[#5]

You're right! I clicked on the IP link in the note and it took me right to their site. Sorry for the erroneous thread.

Posted: 2/28/2006 7:39:19 PM EDT

[#6]

Actually, there's more to it. They did more than modify an A record. They up and changed name servers.

The old record has a current TTL of about 17 hours, according to my ISP's name server. It's not my ISP's fault, as gunsamerica suggests. It's theirs. The TTL on their old zone file was waaaaaay too long (over two days, I think). My ISP's name server is faithfully doing what it was told, i.e. "Don't resolve this address again for another 17 hours". My name server had never previously resolved gunsamerica.com, so it looked it had no erroneous cache to refer to. It had to do a new lookup (root NS, then authoritive server for domain, etc).

Whoever is responsible for managing DNS at gunsamerica.com (even if they farmed it out) is a fucking moron.


[root@eagle named]$ dig @72.11.0.21 gunsamerica.com

; <<>> DiG 9.2.5 <<>> @72.11.0.21 gunsamerica.com
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54262
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 1

;; QUESTION SECTION:
;gunsamerica.com.               IN      A

;; ANSWER SECTION:
gunsamerica.com.        61907   IN      A       69.25.207.216

;; AUTHORITY SECTION:
gunsamerica.com.        155912  IN      NS      ns2.servercity.com.
gunsamerica.com.        155912  IN      NS      ns5.servercity.com.
gunsamerica.com.        155912  IN      NS      ns.servercity.com.

;; ADDITIONAL SECTION:
ns5.servercity.com.     53831   IN      A       69.25.207.4

;; Query time: 67 msec
;; SERVER: 72.11.0.21#53(72.11.0.21)
;; WHEN: Tue Feb 28 21:30:59 2006
;; MSG SIZE  rcvd: 129

[root@eagle named]#

As you can see, querying my ISP's name server shows the old IP address AND the old authorative name servers for gunsamerica.co. My ISP's name server is doing is exactly what it was told to do.

Posted: 2/28/2006 7:39:34 PM EDT

[#7]

Your ISP's Domain Name Servers (DNS) have not refreshed their Cached look ups. Their DNS servers store normally about 10 folders related to 10 different country IP ranges for NS(name servers) + the .com, .net, .org ect...

It normally takes 12-48hrs to refresh. But if the HOST of the said website takes 12-48hrs to update all of their records & then the ISPs take another 12-48hrs to refresh...

You get the picture... You have web NAME addresses that point to old IP addresses of hosted website... and there's nothing there anymore 'cause it's been moved to another IP address.

Ok so I'm a bit long winded nerd...

David

Posted: 2/28/2006 7:43:52 PM EDT

[#8]

Quoted:
Your ISP's Domain Name Servers (DNS) have not refreshed their Cached look ups. Their DNS servers store normally about 10 folders related to 10 different country IP ranges for NS(name servers) + the .com, .net, .org ect...

It normally takes 12-48hrs to refresh. But if the HOST of the said website takes 12-48hrs to update all of their records & then the ISPs take another 12-48hrs to refresh...

You get the picture... You have web NAME addresses that point to old IP addresses of hosted website... and there's nothing there anymore 'cause it's been moved to another IP address.

Ok so I'm a bit long winded nerd...

David

They're not refreshing their cache, because the record hasn't expired yet. The record hasn't expired yet, because the person(s) responsible for managing the gunsamerica.com zone file set the TTL at two days or more. The persons responsible for the retarded message on the old server are mouth breathers.

Posted: 2/28/2006 7:53:15 PM EDT

[#9]

Quoted:
Quoted:
Your ISP's Domain Name Servers (DNS) have not refreshed their Cached look ups. Their DNS servers store normally about 10 folders related to 10 different country IP ranges for NS(name servers) + the .com, .net, .org ect...

It normally takes 12-48hrs to refresh. But if the HOST of the said website takes 12-48hrs to update all of their records & then the ISPs take another 12-48hrs to refresh...

You get the picture... You have web NAME addresses that point to old IP addresses of hosted website... and there's nothing there anymore 'cause it's been moved to another IP address.

Ok so I'm a bit long winded nerd...

David

They're not refreshing their cache, because the record hasn't expired yet. The record hasn't expired yet, because the person(s) responsible for managing the gunsamerica.com zone file set the TTL at two days or more. The persons responsible for the retarded message on the old server are mouth breathers.

Someone is

and needs a

David

Posted: 2/28/2006 8:04:09 PM EDT

[#10]

Quoted:
Someone is and needs a

David

It gets worse. If you query the old server listed as authorative for the domain (ns.servercity.com), you see what the original Time To Live was:


[root@eagle named]# dig @ns.servercity.com gunsamerica.com

; <<>> DiG 9.2.5 <<>> @ns.servercity.com gunsamerica.com
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57852
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:
;gunsamerica.com.               IN      A

;; ANSWER SECTION:
gunsamerica.com.        1728000 IN      A       69.25.207.216

;; AUTHORITY SECTION:
gunsamerica.com.        1728000 IN      NS      ns.servercity.com.
gunsamerica.com.        1728000 IN      NS      ns2.servercity.com.
gunsamerica.com.        1728000 IN      NS      ns5.servercity.com.

;; ADDITIONAL SECTION:
ns.servercity.com.      300     IN      A       216.235.252.130
ns2.servercity.com.     300     IN      A       216.235.252.140
ns5.servercity.com.     300     IN      A       69.25.207.4

;; Query time: 83 msec
;; SERVER: 216.235.252.130#53(216.235.252.130)
;; WHEN: Tue Feb 28 21:56:16 2006
;; MSG SIZE  rcvd: 161

[root@eagle named]#

For the math impaired, 1,728,000 seconds is 20 days. I'll say it again - the person(s) responsible for managing their domain are fucking idiots, and need their pee pee slapped.

For the techno-geek impaired, this means that your ISP's name server has 20 days from the last time it resolved gunsamerica.com, before the record will expire and it will try again. If it expired the gunsamerica.com record 5 days ago, you will have to wait 15 days before it will try again. Meanwhile, some moron with his head up his ass and the ability to update the old site insists it's your ISP's fault.

Posted: 2/28/2006 8:23:11 PM EDT

[#11]

Quoted:
Quoted:
Someone is and needs a

David

It gets worse. If you query the old server listed as authorative for the domain (ns.servercity.com), you see what the original Time To Live was:

[root@eagle named]# dig @ns.servercity.com gunsamerica.com

; <<>> DiG 9.2.5 <<>> @ns.servercity.com gunsamerica.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57852
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:
;gunsamerica.com. IN A

;; ANSWER SECTION:
gunsamerica.com. 1728000 IN A 69.25.207.216

;; AUTHORITY SECTION:
gunsamerica.com. 1728000 IN NS ns.servercity.com.
gunsamerica.com. 1728000 IN NS ns2.servercity.com.
gunsamerica.com. 1728000 IN NS ns5.servercity.com.

;; ADDITIONAL SECTION:
ns.servercity.com. 300 IN A 216.235.252.130
ns2.servercity.com. 300 IN A 216.235.252.140
ns5.servercity.com. 300 IN A 69.25.207.4

;; Query time: 83 msec
;; SERVER: 216.235.252.130#53(216.235.252.130)
;; WHEN: Tue Feb 28 21:56:16 2006
;; MSG SIZE rcvd: 161

[root@eagle named]#

For the math impaired, 1,728,000 seconds is 20 days. I'll say it again - the person(s) responsible for managing their domain are fucking idiots, and need their pee pee slapped.

For the techno-geek impaired, this means that your ISP's name server has 20 days from the last time it resolved gunsamerica.com, before the record will expire and it will try again. If it expired the gunsamerica.com record 5 days ago, you will have to wait 15 days before it will try again. Meanwhile, some moron with his head up his ass and the ability to update the old site insists it's your ISP's fault.

That's what I was getting @.

-----------------------------------------------------------------------
Domain Name: GUNSAMERICA.COM
Registrar: REGISTRATION TECHNOLOGIES, INC.
Whois Server: whois.registrationtek.com
Referral URL: http://www.registrationtek.com
Name Server: NS1.PRIMARYDNS.COM
Name Server: NS2.PRIMARYDNS.COM
Status: REGISTRAR-LOCK
Updated Date: 27-feb-2006
Creation Date: 20-sep-1997
Expiration Date: 19-sep-2009
---------------------------------------------------------------------
They moved from one HOST to another, and it looks like it hasn't been changed in the NS pointer.

Some one needs a good

David

Posted: 2/28/2006 8:34:45 PM EDT

[#12]

Holy poop.

Somebody doesn't understand the purpose of a DNS TTL.

I hear the cluephone ringing.

Posted: 2/28/2006 9:52:08 PM EDT

[#13]

Quoted:

It gets worse. If you query the old server listed as authorative for the domain (ns.servercity.com), you see what the original Time To Live was:

For the math impaired, 1,728,000 seconds is 20 days. I'll say it again - the person(s) responsible for managing their domain are fucking idiots, and need their pee pee slapped.

Holy crap...a 20 day TTL???

Who in their right freaking mind would ever set it that long? Either the guy doing it is a complete idiot or there was some of horrendous error when they set things up.

We could invade canada and set up a new government in 20 days, for pete's sake.

Posted: 2/28/2006 9:58:00 PM EDT

[#14]

Quoted:
Actually, there's more to it. They did more than modify an A record. They up and changed name servers.

The old record has a current TTL of about 17 hours, according to my ISP's name server. It's not my ISP's fault, as gunsamerica suggests. It's theirs. The TTL on their old zone file was waaaaaay too long (over two days, I think). My ISP's name server is faithfully doing what it was told, i.e. "Don't resolve this address again for another 17 hours". My name server had never previously resolved gunsamerica.com, so it looked it had no erroneous cache to refer to. It had to do a new lookup (root NS, then authoritive server for domain, etc).

Whoever is responsible for managing DNS at gunsamerica.com (even if they farmed it out) is a fucking moron.

Thats exactly what I thought it was.......

Damn I wish I knew what the hell it was you just said in English.

Posted: 2/28/2006 10:52:03 PM EDT

[#15]

Hackers suck - but from how horribly designed the site is - I would bet the Sys Admin (or lack there of) is also to blame.

I have a friend who gets paid WELL to make sure sites are secure - and he has an exceptional track record.

Posted: 2/28/2006 11:34:38 PM EDT

[#16]

Who in their right freaking mind would ever set it that long?

There's absolutely nothing wrong with setting it to be that long...if you don't plan on changing IP addresses in the near future. Some of the old examples from the O'Reilly book used 7 days as the TTL.

The TTL's on my domain names are set for longer than that (31 days, 2678400) since I haven't had to change addresses since switching to Sprint in 1994. It's just good netiquette to set the TTL as high as you can to minimize DNS traffic and the load on name servers. If you are planning on changing IP addresses, you simply reduce the TTL to an hour or so.z

Posted: 3/1/2006 6:36:31 AM EDT

[#17]

Quoted:
Who in their right freaking mind would ever set it that long?

There's absolutely nothing wrong with setting it to be that long...if you don't plan on changing IP addresses in the near future. Some of the old examples from the O'Reilly book used 7 days as the TTL.

The TTL's on my domain names are set for longer than that (31 days, 2678400) since I haven't had to change addresses since switching to Sprint in 1994. It's just good netiquette to set the TTL as high as you can to minimize DNS traffic and the load on name servers. If you are planning on changing IP addresses, you simply reduce the TTL to an hour or so.z

My personal policy is to match the TTL with my project planning expactations. In other words, if I think it's possible that the total time to change an IP address - from "hey, I've got an idea" to "Hey, it's done" - is 10 days, then I will never make the TTL any longer than that. In all honesty, I keep most of them at about a day. Hell, ar15.com (more DNS requests than any of my domains by a long shot) has a 1 day TTL. Between 80+ domains, hundreds of thousands of requests, and zone transfers to 4 other name servers, named processor utilization is all of 3% on a bad day on my box. Most zone files are configured with a 1 day TTL on my server.

Personally, I think it's more convienient to just keep the TTL reasonably low. The additional burden on name servers is negligible. Now, if everybody used a 300 sec TTL as a matter of policy...

Posted: 3/1/2006 6:40:01 AM EDT

[#18]

Quoted:
Who in their right freaking mind would ever set it that long?

There's absolutely nothing wrong with setting it to be that long...if you don't plan on changing IP addresses in the near future.

You can't plan for the unexpected, and a high TTL can really hurt when the unexpected happens. I keep my TTLs at around a day or so in most cases.

Posted: 3/1/2006 7:18:19 AM EDT

[#19]

I am good friends with Emmanual Goldstein (alt.2600) and he says that most hacks todays are "script kiddies" who dont even know what a linux shell is but they just do it to be assholes.
Maybe if they spent 1% of thier time learning C++ or Java they could be halfway decent programmers. And the plain fact is most sites are secure thanks to linux and unix. These tards get off hacking some bullshit knitting site for grannies. where did i meet Emmanual? (not his real name

) Why at a SCI-FI convention of course!

+

=

Posted: 3/1/2006 7:56:27 AM EDT

[#20]

Quoted:
I am good friends with Emmanual Goldstein (alt.2600) and he says that most hacks todays are "script kiddies" who dont even know what a linux shell is but they just do it to be assholes.
Maybe if they spent 1% of thier time learning C++ or Java they could be halfway decent programmers. And the plain fact is most sites are secure thanks to linux and unix. These tards get off hacking some bullshit knitting site for grannies. where did i meet Emmanual? (not his real name ) Why at a SCI-FI convention of course! + =

That's all true more or less, but it appears that gunsamerica suffers from stupid sysadmins, not script kiddie attacks.

Posted: 3/1/2006 8:43:47 AM EDT

[#21]

Gunsamerica.com is a joke. People want insane prices for most items there. I tried to buy several guns from there fro my customers and everytime it was a royal pain in the butt working with the dealers on that site. Gunbroker.com is the only way to go from what I have seen.

Posted: 3/1/2006 8:50:15 AM EDT

[#22]

Quoted:
Who in their right freaking mind would ever set it that long?

There's absolutely nothing wrong with setting it to be that long...if you don't plan on changing IP addresses in the near future. Some of the old examples from the O'Reilly book used 7 days as the TTL.

The TTL's on my domain names are set for longer than that (31 days, 2678400) since I haven't had to change addresses since switching to Sprint in 1994. It's just good netiquette to set the TTL as high as you can to minimize DNS traffic and the load on name servers. If you are planning on changing IP addresses, you simply reduce the TTL to an hour or so.z

There's a problem that things don't always go as planned, so you keep your TTL times reasonable enough to adapt to what happens.

[ARCHIVED THREAD] - Gunsamerica.com was hacked again

General » General Discussion

Warning

Confirm Action

About AR15.COM

Stay Connected

Newsletter

Contact Us