If you are like me, you browse music forums a lot, and I recently found that one of my favorites, Gearslutz.com, is redirecting to a porn parking page right now. Luckily, this is temporary. From the Gearslutz Facebook page:
Gearslutz moved web hosts back in June 2011 and the migration went well. During this migration an error was made when the name servers where configured. One of the nameservers was miss spelt and in normal circumstances this would have not caused any issues other than slightly less resilience in the dns infrastructure.
On the 1st of march 2012 a hacker noticed this domain exploit and registered the domain name miss spelling. They used this domain miss spelling to redirect some users to a special branded web page that makes money off page clicks. Our web host corrected the miss spelling as soon as it was indentified at 7am gmt.
Why was this not resolved sooner?
The hacker used a domain name with a “time to live” (ttl) of one day. This ttl means that any forum users who were redirects to this special branded web page would have it cached for 24 hours.
Was I hacked?
The aim of this hack was to make money from the hyper link clicks rather than compromise end users pcs and macs. However we have scanned this web page our selves and confirmed that no viruses on the site or branded web site.
Will this happen again?
No. The changes weve made are permanent and will stop this from happening again. We will also be moving our domain registration to our web hosting provider so any future updates will be handled automatically to prevent any further typos.
Summary, its a boring wait until the DNS propagates
Will be AOK tomorrow am..
This was posted at about 145 PST on 3.1.12, so hopefully, the site we all love will be back up soon.