Tuesday, January 12, 2010, is just an ordinary day for many Chinese people. However, it is a very sad day for Baidu search users around the world: On this day, the information database in their hearts, the Baidu.com domain name, cannot be accessed. According to netizens: "The first one to discover it was an Australian buddy. In the morning He sent a message to the group at around 6 o'clock, saying that he could no longer access Baidu. "As of 11:12 a.m. Beijing time when I wrote this article, the domain name Baidu.com of the Baidu website was still unavailable until around 12 o'clock. Back to normal. If some netizens use the IP address to access, it is confirmed to be successful. Obviously, this is another domain name hijacking incident.
[Domain name information tracing]
The author retrieved the database (Whois) record of the domain name Baidu.com from the Internet:
WHOIS results for baidu.com
Registrant:
Domain Discreet
ATTN: baidu.com
Rua Dr. Brito Camara, n 20, 1
Funchal, Madeira 9000-039
PT
Phone: 1-902-7495331
Email: [email protected]
Registrar Name….: Register.com(Registrar)
Registrar Whois…: whois.register.com
Registrar Homepage: www.register.com
Domain Name: baidu.com
Created on…………..: 1999-10-11
Expires on…………..: 2014-10-11
Administrative Contact:
Domain Discreet
ATTN: baidu.com
Rua Dr. Brito Camara, n 20, 1
Funchal, Madeira 9000-039
PT
Phone: 1-902-7495331
Email: [email protected]
Technical Contact:
Domain Discreet
ATTN: baidu.com
Rua Dr. Brito Camara, n 20, 1
Funchal, Madeira 9000-039
PT
Phone: 1-902-7495331
Email: [email protected]
DNS Servers:
yns1.yahoo.com
yns2.yahoo.com
The previous information has been obtained either directly from the registrant or a registrar of the domain name other than Network Solutions. Network Solutions, therefore, does not guarantee its accuracy or completeness.
Show underlying registry data for this record
Current Registrar: REGISTER.COM, INC. (Registrar)
IP Address: 220.181.6.175 (ARIN & RIPE IP search)
IP Location: CN(CHINA)-BEIJING-BEIJING
Record Type: Domain Name
Server Type: Other 1
Lock Status: clientTransferProhibited
WebSite Status: Active
DMOZ 1 listings
Y! Directory: see listings
Secure: Yes
Ecommerce: No
Traffic Ranking: 4
Data as of: 22-Apr-2008
Found several interesting questions:
1. Management email (Email): [email protected] This is the suffix of the domaindiscreet.com domain name owned by the registrar REGISTER.COM, INC., which means that this domain name is fully managed by the registrar.
2. It has not reached the domain name deletion period. The domain name status (Lock Status) is client Transfer Prohibited and no transfer is allowed. However, the domain name resolution servers (DNS Servers) use two servers of Yahoo:
yns1.yahoo.com
yns2.yahoo.com
Some netizens reported that when they visited the domain name Baidu.com in the morning, they were redirected to the yahoo.com web page, and left words claiming to be Iranian hackers.
3. The database (Whois) record data of the above-mentioned domain name Baidu.com was last updated 2 years ago (Data as of): 22-Apr-2008. However, in fact, it was changed only today, but no information was left. Any data update record is obviously an abnormal update.
The author further visited the Baidu.net domain name, which is also owned by Baidu (Shanghai) Company. The Whois status record was normal. The domain name baidu.cn and the domain name baidu.com.cn were also normal. However, the access was unsuccessful, which seemed to imply that Baidu Company did not There is no analysis of these three important domain names (?).
[History is all similar]
"China Netizen News" ( www.chinanetzen.com.cn ) Issue 392, August 4, 2008, on the first page, there is my humble article: "You dare to stir up trouble even if you are too old: ICANN was hacked and sounded the alarm for network domain name security". It was the hackers who attacked several alternative domain names of the official website of ICANN, the international Internet domain name and address management organization, changed the domain names to their original directions, and left arrogant words on the changed web pages. This seems to many people to be a very ironic thing. ICANN, which has always provided Internet domain name security guidelines, is actually unable to protect itself this time. How did this hacker attack occur? What is the secret behind it? What implications does it have for the domestic domain name security field? With these questions, the author exclusively interviewed John Crain, ICANN's technical director. Story ( http://www.dnsnews.cn/1/2010-01-12/858.htm ).
"Hackers have never entered our website. They have only modified the domain name system pointing to icann.com and so on." In the early morning of July 5, ICANN technical director John Crane said in an interview with this reporter that this is A domain name hijacking incident caused by an attack on the ICANN registrar's registration system. Hackers' methods are very special. They invaded the database from the registrar's port at register.com, and then modified the directions of some domain names related to ICANN. Currently, the registrar has provided ICANN with a comprehensive top-secret security report on the attack.
At the same time, John Crane also pointed out that these misdirected domain names are only mirror points to the main websites of ICANN and IANA. The main domain names of the websites of ICANN and IANA, www.icann.org and www.iana.org, are not the same. Not affected. Once it was discovered that the DNS (Domain Name System) was redirected, ICANN restored it to normal within 20 minutes, and it would take no more than 48 hours to restore normal access to the global Internet.
The author interestingly discovered that the ICANN domain name incident that occurred in July 2008 and the only domain name enabled by Baidu on January 12, 2010 were hackers who invaded the database through the port of register.com and then modified some related domain names. Orientation resulted in an access error. In other words: The backend database loopholes of this registrar, register.com, have not been fixed, and there has been no improvement at all in more than two years!
[Some insights from the Baidu domain name incident]
1. Baidu domain name deployment is imperfect
The main reason is that only one baidu.com domain name is enabled, and the refrigeration of the main domain name baidu.cn is not used, resulting in users being unable to use it in this state. Google should learn from this, even g.cn has been enabled.
2. Baidu is superstitious about .com and has bad consequences.
The first is that they don’t understand that the root server deployment of the .cn domain name in China is far more stable than the root server deployment of .com. Professor Qian Hualin once said in an interview with me a few years ago: Even if China’s export electricity supply is completely cut off, Yes, China’s Internet can operate on its own in just one hour.
Secondly, according to the author’s wife and engineer Wang Xiuyu, who has worked in the CNNIC domain name review team for 10 years, CNNIC’s technical backend does not allow changes to the status of Baidu’s baidu.cn main domain name. Baidu must provide supporting documents and manually Revise. This is a guarantee for all .cn domain name websites included in the protection list.
In the end, Baidu handed over the domain name to the registrar register.com. It wanted the other party to provide technical support immediately, but there was a problem due to the time difference. Moreover, Baidu did not know that the backend technical loopholes of register.com, the registrar, had become a global hacker attack. Entrance.
3. Domain name security has a long way to go
Domain name security issues are an issue of increasing concern to all domain name registration agencies, including ICANN. Take ICANN as an example. In its 2010 budget, it invested approximately 10.3% of the total budget (an amount of nearly US$3 million) to strengthen the security transformation of the root server system.
In terms of domain name security measures for international e-commerce websites, most foreign portals also use domain name server proxy mechanisms to ensure they operate in a more secure environment.
The general summary is: network security is as high as the devil. Only by carefully preparing for domain name security deployment can we avoid losses.