Pages: [1]
Dr Who Fan
BAM!ID: 1075
Joined: 2006-05-31
Posts: 699
Credits: 100,655,234
World-rank: 8,230

2018-03-18 03:30:22
last modified: 2018-03-18 03:31:57

Cosmology@home is down / Has been HIJACKED!

I was on the Cosmology@home site about 5 minutes before it suddenly went down and noticed someone had indicated the DNS & Domain registration had been "hacked"/taken over by nefarious individuals.

Just checked and it appears to be Chinese hackers have pointed the domain name to a Chinese "parked" site supposedly in France.

UNTIL THE RIGHTFUL OWNERS CAN GAIN BACK CONTROL... I WOULD STAY AWAY FROM IT AND SUSPEND ANY BOINC COMMUNICATION WITH THE SITE.

Whois Record ( last updated on 2018-03-17 )
Code:
Domain Name: COSMOLOGYATHOME.ORG
Registry Domain ID: D148862867-LROR
Registrar WHOIS Server: whois.gandi.net
Registrar URL: http://www.gandi.net
Updated Date: 2018-03-17T12:24:03Z
Creation Date: 2007-08-13T19:09:40Z
Registry Expiry Date: 2019-08-13T19:09:40Z
Registrar Registration Expiration Date:
Registrar: Gandi SAS
Registrar IANA ID: 81

Registry Registrant ID: C203218727-LROR
Registrant Name: Benjamin Wandelt
Registrant Organization:
Registrant Street: Obfuscated whois Gandi-63-65 boulevard Massena
Registrant City: Obfuscated whois Gandi-Paris
Registrant State/Province: Paris
Registrant Postal Code: 75013
Registrant Country: FR



(Ryle)
    Donator
BAM!ID: 23282
Joined: 2007-04-15
Posts: 112
Credits: 1,742,855,033
World-rank: 1,048

2018-03-20 12:29:28

Thanks for the heads up, Dr. Who Fan.
It doesn't sound good. Should we change passwords for our projects?
Or is it only the domain name that is affected and not the database on Cosmology?
Dr Who Fan
BAM!ID: 1075
Joined: 2006-05-31
Posts: 699
Credits: 100,655,234
World-rank: 8,230

2018-03-20 14:50:01

[quote=(Ryle)]
Thanks for the heads up, Dr. Who Fan.
It doesn't sound good. Should we change passwords for our projects?
Or is it only the domain name that is affected and not the database on Cosmology?
[/quoteI

No need to change any passwords, etc.

For now only the Domain Name Service (DNS) and IP Registration have been hijacked.

The CORRECT site can be reach by its ASSIGNED IP ADDRESS of 194.57.221.140 in your web browser.

Sending completed and/or receiving BOINC work via modification to your routers routing table or by modifying your PC's hosts file may not work for everyone.

Several messages have been posted on the COSMOLOGY@home site but the project admins/scientists probably do not even know it has been hijacked.
Dr Who Fan
BAM!ID: 1075
Joined: 2006-05-31
Posts: 699
Credits: 100,655,234
World-rank: 8,230

2018-03-20 18:48:44

The Domain Name hijacking for cosmologyathome.org appears to have been resolved as everything is pointing to the correct location {cosmos.iap.fr [194.57.221.140]} and the correct web page now loads in my web browser.

NOTE: It may take up to 24 hours to fully work its way throughout all the DNS servers across the www.

If after 24 hours you still have problems accessing the correct web site or BOINC can not find the site you probably will need to flush your DNS cache either on your main modem/router or all your computers.
anothermoon
  Donator
BAM!ID: 181809
Joined: 2015-02-20
Posts: 8
Credits: 3,825,254,944
World-rank: 557

2018-04-02 13:44:32

Yep ....confirmed here in Philadelphia, PA USA:

user@host:~$ nslookup cosmos.iap.fr
Server: 192.168.0.10
Address: 192.168.0.10#53

Non-authoritative answer:
Name: cosmos.iap.fr
Address: 194.57.221.140

I am still seeing lots of computation errors on this project - perhaps changes in host configuration on my end? (e.g.hardware changes)
Pages: [1]

Index :: The Projects :: Cosmology@home is down / Has been HIJACKED!
Reason: