Google hacked?
May 8th, 2005 at 10:06am
Update 1: Google wasn’t hacked. Just a DNS glitch as mentioned by google. Everything is normal now.
Update 2: As pointed out by Fred Foobar in the comments, the whois output is sort of joke played by other folks. As mentioned in the comments below : “Some whois services will display all matches for the search string, not just the one you thought you were searching for”. So, these bad guys actually have subdomains like google.com.something.something.com, which shows up on a whois search.
Saw this story on Gizomodo and Om Mallick’s blog.
Everything seems to be fine now, but the Whois records for google looked really wired.
(Please read update 2 above)
Google says its a DNS issue, but i feel that the domain has been hijacked. How did the text “GOOGLE.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI.COM” come in above DNS info?
Here is the full Whois from whois.directi.com :
Domain Name google.com
Whois Server Version 1.3
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Server Name: GOOGLE.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI.COM
IP Address: 80.190.192.24
Registrar: KEY-SYSTEMS GMBH
Whois Server: whois.rrpproxy.net
Referral URL: http://www.key-systems.net
Server Name: GOOGLE.COM.HAS.LESS.FREE.PORN.IN.ITS.SEARCH.ENGINE.THAN.SECZY.COM
IP Address: 209.187.114.130
Registrar: INNERWISE, INC. D/B/A ITSYOURDOMAIN.COM
Whois Server: whois.itsyourdomain.com
Referral URL: http://www.itsyourdomain.com
Domain Name: GOOGLE.COM
Registrar: ALLDOMAINS.COM INC.
Whois Server: whois.alldomains.com
Referral URL: http://www.alldomains.com
Name Server: NS2.GOOGLE.COM
Name Server: NS1.GOOGLE.COM
Name Server: NS3.GOOGLE.COM
Name Server: NS4.GOOGLE.COM
Status: REGISTRAR-LOCK
Updated Date: 03-oct-2002
Creation Date: 15-sep-1997
Expiration Date: 14-sep-2011
>>> Last update of whois database: Sat, 7 May 2005 20:27:29 EDT < <<
Entry Filed under: Net
Related Posts
- One more weekend got over..
- Hacked…
- Google is moving towards Single Sign-On
- Single character search results on google
- Upgraded WordPress
4 Comments »
RSS feed for comments on this post. TrackBack URI
The whois output has nothing to do with a ‘hack’. The owners of gulli.com and seczy.com have just created joke subdomain names and registered them as name servers, which will mean they show up in the whois output. Some whois services will display all matches for the search string, not just the one you thought you were searching for.
Go to http://www.internic.net/whois.html and do a name server whois search and check.
This joke has also been played with a lot of other big domain names, including microsoft.com and yahoo.com. It’s a trick that’s been around for years.
Comment by Fred Foobar — May 8, 2005 #
Thanks for the inputs fred! I have put the updates accordingly.
Comment by Arjun — May 8, 2005 #
No problem! :-)
Something definitely went very wrong for Google, but I’m inclined to believe their explanation that it was a DNS screwup. I saw the site go down, but just got the normal browser errors for a DNS failure, rather than seeing anything that looked like a deliberate hijacking.
Comment by Fred Foobar — May 8, 2005 #
This nothing to do with google getting screwed.
This is happening cause internic servers is making the following query when you ask for whois of google.com
google.com.*
Thus any cns created like
google.com.i.dont.own.it.abc.com
where abc.com is your domain name. So if this name server has been registered by you then when anyone queries internic for google.com then your cns will also be displayed.
Regards,
PJ
Comment by PJ — December 7, 2005 #