Finishing | Wu Xingling

Produced | Life program (ID: coder_life)

Recently, the new crown pneumonia epidemic of global concern occasion, the hacker has frequent moves, attack:

GitHub suspected to have been the middleman attacks, can not access

From 26 pm, friends said domestic access GitHub Pages displays an error, this morning visited Github homepage also being given in the following figure:

GitHub suspected hit man in the middle attacks. Middle attack (Man-in-the-MiddleAttack, referred to as "MITM attack") is an "indirect" intrusion attacks, which mode is selected by various technical means will be subject to the control of a computer intruder placed in a virtual network communication connection between two computers, the computer which is called "middlemen." This is a time-honored means of network intrusion, and still today has a broad space for development, such as SMB session hijacking, DNS spoofing attacks are typical of MITM attack.

QQ is a number from the promulgation of this certificate is not trusted by hints of view: [email protected].

Currently this QQ numbers can search:

The incident affected the GitHub several major sites, as well as China Mobile, China Unicom, China Telecom hijacking can reproduce the problem, but the foreign network to access these sites did not show abnormalities.

The event greater impact, but also left QQ number, some people speculated that it was caused when an event for beginners to practice. But does not rule out the signature information and QQ mailbox is false clues left by the attacker, but in reality is deliberately and for the large-scale attacks.

Blue Dot Net users guess: The attack appears to be hijacked 443 port waged through the backbone network, the DNS system to resolve has been tested and is completely normal.

This morning, as of 11:44 this writing, Github has been unable to open:

But GitHub has returned to normal, it can be accessed.

Although it has been returned to normal, but the attack already left their mark. Coincidentally, the recent hacker attacks more and more rampant, such as the Dark Web 's largest free fee net network prop pipe provider Daniel's Hosting (DH) is one example, caused no small trouble.

Maximum Dark custodian network was attacked, reducing the 7,600 sites

According to ZDNet reported that the darknet largest free web hosting provider Daniel's Hosting (DH), in the 16 months was the second time hacker attacks: an attacker to delete the entire database of Web hosting, nearly 7600 sites offline.

March 10, German software developer Daniel Winzen said in a statement attackers to access back-end DH, and removed all related to the host database, the database also deleted Winzen account and create a new account to operate . Winzen was found the next day invasion, but it was too late, the worst thing is, he did not design a backup (if you have a backup, then custodian may receive court summons).

Winzen said he did not know how a hacker invasion, expressed now busy with other projects, no time to look into the matter. Because the hosting site for him more a hobby, so Winzen and not value.

Winzen pointed out that the event will only affect the DH backend database account, will not affect the user account on the DH hosting platform hosting site.

But at the same Winzen cautioned DH user account password should be regarded as "leak" if other accounts with the same password, you need to modify.

Experience this event, Winzen indicates that the hosted service will be shut down.

After all, this is only a part-time project Winzen outside the full-time job, "trying to get away from illegal and fraudulent Web site server is very time consuming.".

But he would follow plans to introduce new features and improved service. "Do not have to manage these services will give me more time for actual development, however, ready to re-start may take several months."

Reference links:

https://www.landiannews.com/archives/71707.html

https://www.zdnet.com/article/dark-web-hosting-provider-hacked-again-7600-sites-down/

【End】