I can’t believe it.

I would never have thought that one of my favourite tech news sites could ever be hacked. Yet a few minutes ago I captured the following screenshot when browsing.

Come on guys, what is going on?

*Updated – 10:00pm 4th September 2011

After further investigation, it seems that The Register’s website was not hacked as such, but rather the DNS for that domain has been hijacked.

The bad A record IP appears to be 68.68.20.116 instead of 212.100.234.54 which is a rackspace server where the register is hosted.

If you go to all-nettools.com and do a nameserver lookup you’ll see the register has the following nameservers now:

theregister.co.uk. 86129 IN NS ns4.yumurtakabugu.com.

theregister.co.uk. 86129 IN NS ns2.yumurtakabugu.com.

theregister.co.uk. 86129 IN NS ns1.yumurtakabugu.com.

theregister.co.uk. 86129 IN NS ns3.yumurtakabugu.com.

Which isn’t right.

It should probably look something like:

theregister.co.uk nameserver = ns1.theregister.co.uk

theregister.co.uk nameserver = ns2.theregister.co.uk

theregister.co.uk nameserver = ns3.theregister.co.uk

theregister.co.uk nameserver = ns4.theregister.co.uk

theregister.co.uk nameserver = ns5.theregister.co.uk

theregister.co.uk nameserver = ns6.theregister.co.uk

*Updated – 11:00pm 4th September 2011

It appears that ups.com has also been hacked.

*update again… Sites that have also been defaced include

betfair.com

acer.com

vodafone.com

telegraph.co.uk

http://www.zone-h.org/archive/notifier=TurkguvenLigi.info

*Updated – 7:15am 5th September 2011

The Guardian have interviewed the Turkish hackers that instigated the attack on the various high-profile websites. http://www.guardian.co.uk/technology/2011/sep/05/dns-hackers-telegraph-interview

*Updated – 8:10am 5th September 2011

The Register have now posted an article explaining a little about what happened.

http://www.theregister.co.uk/2011/09/05/dns_hijack_service_updated/