Check out gearslutz.com today? - been hacked.

[georgia]

oops... hope jules sorts out the hack soon! i really don't want to show that page to a client today.

[jello]

hope it gets up and running again

[jesse p]

looks like they lost the domain name.

[Dallas Taylor]

Yikes!

Looks to me like they just lost the gear part.

[georgia]

nope, just hacked... Jules still owns it according to InterNIC.

Registrant:
Gearslutz.com LTD
C/O Berg Kapprow Lewis

Registered through: GoDaddy.com, LLC (http://www.godaddy.com)
Domain Name: GEARSLUTZ.COM
Created on: 14-May-02
Expires on: 01-Oct-14
Last Updated on: 01-Mar-12

Administrative Contact:
Standen, Julian
Gearslutz.com LTD
C/O Berg Kapprow Lewis


United Kingdom

[nucelar]

On their facebook there is some explanation
http://www.facebook.com/gearslutz
:)

[Gearslutz Admin]

Hi DUC massive!

Sorry for being off-line on Thurs 1st March!

What happened?

Gearslutz changed web hosts back in June 2011 and the migration went well. During this migration an error was made when the nameservers were configured. One of the nameservers was misspelled and under normal circumstances this would have not caused any issues other than slightly less resilience in the DNS infrastructure.

On 1 March 2012 a hacker noticed this domain exploit and registered the misspelled domain name. They used this domain typo to redirect approximately 1/3rd of visitors to a "branded" web page that makes money off page clicks. Our web host corrected the misspelling as soon as it was identified at 7am GMT.

Why was this not resolved sooner?
The hacker used a domain name with a time to live (TTL) of one day. This TTL means that any forum users who were redirects to this branded web page would have it cached for 24 hours.

Was I hacked?
The aim of this hack was to make money from the hyper link clicks rather than compromise end users PCs and Macs. But to be on the safe side the techs at our server company scanned the web page - and confirmed no viruses or snide scripts. Your computer is clean!

Will this happen again?
No. The changes we've made are permanent and will stop this from happening again. We will also be moving our domain registration to our web hosting provider so any future updates will be handled automatically to prevent any further typos.

The end result was a typo over a year old caused the site to be inaccessible for 1/3rd of its visitors and boring wait until the DNS propagated.

Sorry for the interruption in service!

if you are still getting the bogus site here is a link that tells you how to flush your DNS http://www.tech-faq.com/how-to-flush-dns.html

Thanks

Jules
GS Admin