This article is from the WeChat public account: Program Life (ID: coder_life) , finishing: Wu Xingling
GitHub is suspected of being attacked by a man-in-the-middle and cannot be accessed
From the afternoon of the 26th, some netizens said that the domestic access to GitHub Pages displayed errors. When visiting the Github homepage this morning, the following error was reported:
GitHub is suspected of being a man-in-the-middle attack. Man in the middle attack (Man-in-the-MiddleAttack, “MITM attack”) is an “indirect” intrusion attack, this attack mode A computer controlled by an intruder is virtually placed between two communication computers in a network connection through various technical means. This computer is called a “man in the middle”. This is a long-established means of network intrusion, and there is still room for extensive development today. Attacks such as SMB session hijacking and DNS spoofing are all typical MITM attacks.
From the prompt of the issuer of this untrusted certificate, it is a QQ number: 346608453@qq.com.
Currently this QQ number can be searched:
This incident affected several major GitHub websites, as well as China Mobile, China Unicom, and China Telecom. The hijacking problem can be reproduced, but there are no abnormalities in accessing these sites by foreign networks.
This event has a large impact, leaving a QQ number, Some people speculate that this is an event caused by beginners’ practice . But it is not excluded that the signature information and QQ mailbox are fake clues left by the attackers, but are intentionally large-scale attacks .
Blue dot netizens speculate that the attack seems to be launched through the backbone network hijacking port 443. At present, the DNS system analysis under the test is completely normal.
As of press time, Github cannot be opened:
The largest dark web hosting company was attacked, reducing 7,600 websites
< / p>
According to ZDNet, Daniel’s Hosting (DH) , the largest free web hosting provider on the Dark Web, was hit for the second time in 16 months. Hacking: The attacker deleted the entire database hosted by the Web, and nearly 7,600 websites went offline.
On March 10th, German software developer Daniel Winzen issued a statement saying that the attacker accessed the backend of DH, deleted all the databases related to the host, deleted the database account of Winzen, and created a new one. Account. Winzen discovered the invasion the next day, but it was too late. Worst of all, he did not design a backup. (If there is a backup, the host may receive it. To the court) .
Winzen said he did not know how the hacker had invaded, and said that he was busy with other projects and had no time to investigate the matter. Because this hosting site is more of a hobby for him, Winzen doesn’t take it seriously.
Winzen pointed out that this incident will only affect DH back-end database accounts, and will not affect user accounts for sites hosted on the DH hosting platform.
But at the same time, Winzen reminded that users should regard the password of their DH account as “leakage”, if other accounts use the same password, it needs to be modified.
After this incident, Winzen said the hosting service will be shut down.
After all, this is just a part-time project for Winzen outside of full-time work, “trying to keep the server away from illegalAnd fraudulent websites are very time consuming. “.
However, he plans to introduce new features and improved services in the future. “Not having to manage these services all the time will give me more time for actual development. However, preparing to restart may take several months.”
Reference:
https://www.landiannews.com/archives/71707.html
https://www.zdnet.com/article/dark-web-hosting-provider-hacked-again-7600-sites-down/
This article comes from WeChat public account: Program Life (ID: coder_life) , Finishing: Wu Xingling