|
Yeah, sputnik.lunarpages.com is our current server node, so that would make sense... I believe the stargate address is just where suspended accounts get redirected to, not sure though.
Regardless, it is all worked out now. I even tracked the IP of the SOB that did this from the server logs and reported it to Cyota. It was a well done hack and it happens to a lot of sites, but I hope they can figure out some of the larger sources of these hacks.
T. G - yeah, it was DNS Poisioning Pharming for sure... meaning they will change the IP or DNS entries on a real banking site and have the user be redirected to TFF to finish the account in a 'fake' database that was nested here.
Really strange stuff for sure, took most of the day to fix.
EDIT: No we dont have to change any forum passwords. I just had to change the admin control panel and main FTP account passwords, so don't worry about it, we're safe.
|