Does anyone know anything about the recent spate of defaced pages on some free sites recently?
One host I use recently managed to mess up and deleted a whole bunch of their free members sites. Not only that but they managed to lose the account information too. Shortly afterwards the sites became defaced, this seems to be because the accounts were taken over before the original owners could reregister them.
I had a look at some of these sites and Googled some of the text found in the new pages.
Using different phrases, as far as I can tell, around 100,000 sites have been defaced. The hosts affected include 0Catch and their affiliates, Freeservers, Homestead, Lycos Europe (especially France) and SimpleNet.
Also, as far as I can tell, they look like sites that were orginally made with the hosts online template building tools. It's hard to say for sure though as the HEAD sections of the sites are damaged.
The text also contains a couple of screen names that have been used to flood some forums.
0Catch for one says their servers were not hacked and that someone may have checked for expired or near-expired domains - http://www.google.com/search?q=expired+domains
The problem with that explanation is that this software does exactly that - it looks for expired domains not the subdomains that these free hosts use.
I'd like to know if anyone has more information on this, or if possible, someone to explain how someone would get the DNS CNAME information for these subdomains.
I've had to edit this post, the AI this forum uses didn't like some of the words. Unfortunately, these words were the ones I searched on. See http://boards.cexx.org/viewtopic.php?p=44027#44027
for the full text.