Help - DNS hosting - Hacked?

Alec_Tryon · 2011-08-21 03:02:32 UTC

I have hosted my tumblr through dns hosting with dreamhost for the past year with no problem …then last week, a security certificate warning popped up while trying to load the page (criminalwisdom.com) saying that somebody maybe trying to spoof my server and ever since then I have not been able to load the page in my browser …

It just loads and loads until my browser disconnects.
The same thing happens with another tumblr account that I use with dns domain hosting …

Everything seems fine on tumblrs end – the page continues to get traffic (as far as i can detect by monitoring the google cache) etc. so some people are seeing it but I am not.

Nothing seems to be out of order with my dns settings …

Where do I look (and what do i look for) to find out if someone has gained access to my dreamhost account etc.

or something

i am at a loss of what to do - or search for

any ideas of what is going on is greatly appreciated

[additional info …

my antivirus and maleware detectors say my computer is clean … I enlisted a couple friends to try and load the page … the apple users don’t seem to have a problem, it loads fine … but the chrome, firefox users get the loading problem … ggggrrrr!]

jangdaedo · 2011-08-21 03:19:11 UTC

I’ve been having similar problems for the past several days.

Registered a domain through Dreamhost and had it work with Tumblr. Though I haven’t had it redirect elsewhere or have any certificates pop up, it just hangs there until the browser gives up.

It’s not the computer either since I’ve tried on multiple systems (all PC) with no avail.

Any insight to what is exactly going on would be great.

Atropos7 · 2011-08-21 05:27:11 UTC

You set the A record to the tumblr IP address of 72.32.231.8 right?

So if you bypass DNS and the HTTP protocol altogether and try to run the command:

telnet 72.32.231.8 80

And get something like:
Connecting To 72.32.231.8…Could not open connection to the host, on port 80: Connect failed

Then it is not an issue with DNS.

Though it is interesting to note:
My residential ISP in the Texas could not connect .
I was able to fetch the web page via shell account at DreamHost in California.
Also http://web-sniffer.net/ (in Germany) is able to fetch the web page.

So the issue as I see has nothing to do with DreamHost or DNS.

Alec_Tryon · 2011-08-21 05:50:30 UTC

Thanks for trying, atropos7.

Yeah, the dns name and values are set correctly. As are the settings at tumblr.

Upon examining the source code the only thing that I can find that is out of place is this line …

It’s not something that I have in my original code.

Would this be the problem?

And if so, how is it getting into my source code?

Is it something Tumblr is injecting into my page when it loads or is it coming from somewhere else?

Alec_Tryon · 2011-08-21 07:26:16 UTC

Just checked a couple of other tumblrs that run under their own domain names - they aren’t loading either. After Jangdaedo’s comment and now this - methinks the whole thing is (yet another) Tumblr problem.

I’m gonna go start bugging them for answers …

Thanks everyone.