Regarding February 18th Incident
Written by KF
Saturday, 23 February 2008
For those who browsed our site on february 18th, you may have noticed the domain "xssed.com" (.net and .org were unaffected) redirected to a different location than the usual site.
A malicious attacker managed to get access to the ENOM reseller account of our registrar (Namecheap) and changed the DNS of this domain, he could have changed the DNS of the other 59,000 domains at this registrar but (according to our information) only did it to ours to get fame, as "xssed.com" might be seen as a "special" site.
The registrar didn't say how their account got hacked, but a XSS or CSRF vulnerability may have been used. Here is what they told us after investigating:
"We apologize for the inconvenience in which this has caused you. We had made proper adjustments to our security due to this issue and will continue to make sure such an issue does re-occur."
This incident shows once more that nothing in the world can be "hacker safe", just as we explained in recent news.
But we would like to say to the attacker and our visitors that there are other ways to express your love for xssed.com, one of them is to make publicity by telling your friends to visit it, or by linking to our site.