¿Fueron hackeados?
Realmente no, tan solo perdieron la clave de su registar de DNS.
Aquí el paso a paso para diagnosticar el problema. Desde una terminal Linux
[juriel@sonic ~]$ nslookup
> NS29.WORLDNIC.COM
Server: 192.168.0.1
Address: 192.168.0.1#53
Non-authoritative answer:
Name: NS29.WORLDNIC.COM
Address: 207.204.40.115
> eltiempo.com
Server: 192.168.0.1
Address: 192.168.0.1#53
Non-authoritative answer:
Name: eltiempo.com
Address: 141.8.225.31
> www.eltiempo.com
Server: 192.168.0.1
Address: 192.168.0.1#53
Non-authoritative answer:
Name: www.eltiempo.com
Address: 141.8.225.31
>
El comando NSLOOKUP nos indica que los servidores DNS de el tiempo están en WORLDNIC.com.Pero www.eltiempo.com apunta a 141.8.225.31 dirección que no corresponde a los servidores de ELTIEMPO
Revisamos que hay en ese servidor
[juriel@sonic ]$ telnet 141.8.225.31 80
Trying 141.8.225.31...
Connected to 141.8.225.31.
Escape character is '^]'.
GET / HTTP/1.1
Host: www.eltiempo.com
HTTP/1.1 302 Found
Date: Sun, 14 Feb 2016 17:54:58 GMT
Server: Apache
Set-Cookie: gvc=913vr2030180986413490; expires=Fri, 12-Feb-2021 17:54:58 GMT; path=/; domain=www.eltiempo.com; httponly
Location: http://dp.g.doubleclick.net/apps/domainpark/domainpark.cgi?client=ca-dp-rookmedia32_3ph_js&domain_name=eltiempo.com&channel=033001&drid=as-drid-2959215220667262&output=html
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Connection closed by foreign host.
[juriel@sonic ]$
Ahora revisamos ICANN que son los amos y señores de los dominios de Internet. https://whois.icann.org/en/lookup?name=eltiempo.com
Domain Name: ELTIEMPO.COM
Registry Domain ID: 598862_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.networksolutions.com
Registrar URL: http://networksolutions.com
Updated Date: 2016-02-14T16:49:16Z
Creation Date: 1995-10-11T04:00:00Z
Registrar Registration Expiration Date: 2020-10-10T04:00:00Z
Registrar: NETWORK SOLUTIONS, LLC.
Registrar IANA ID: 2
Registrar Abuse Contact Email: abuse@web.com
Registrar Abuse Contact Phone: +1.8003337680
Reseller:
Domain Status: clientDeleteProhibited https://www.icann.org/epp#clientDeleteProhibited
Domain Status: clientHold https://www.icann.org/epp#clientHold
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://www.icann.org/epp#clientUpdateProhibited
Registry Registrant ID:
Registrant Name: Casa Editorial El Tiempo
Registrant Organization: Casa Editorial El Tiempo
Registrant Street: Av. Calle 26 # 68B-70
Registrant City: Bogota
Registrant State/Province: Cundinamarca
Registrant Postal Code: CO
Registrant Country: CO
Registrant Phone: +57.12940100
Registrant Phone Ext:
Registrant Fax: +57.12940100
Registrant Fax Ext:
Registrant Email: juaagu@eltiempo.com.co
Registry Admin ID:
Admin Name: Sanchez, German
Admin Organization: EL TIEMPO Casa Editorial
Admin Street: Avenida Calle 26 No 68B 70
Admin City: Bogota
Admin State/Province: DC
Admin Postal Code: na
Admin Country: CO
Admin Phone: +57.12940100
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: dns@eltiempo.com.co
Registry Tech ID:
Tech Name: Role Account, DNS
Tech Organization: Casa Editorial El tiempo
Tech Street: AV EL DORADO # 59-70
Tech City: Bogota
Tech State/Province: DC
Tech Postal Code: 00000
Tech Country: CO
Tech Phone: +57.14266550
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: dns@eltiempo.com.co
Name Server: NS29.WORLDNIC.COM
Name Server: NS30.WORLDNIC.COM
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of whois database: Sun, 14 Feb 2016 19:14:34 GMT <<<
The data in Networksolutions.com's WHOIS database is provided to you by
Networksolutions.com for information purposes only, that is, to assist you in
obtaining information about or related to a domain name registration
record. Networksolutions.com makes this information available "as is," and
does not guarantee its accuracy. By submitting a WHOIS query, you
agree that you will use this data only for lawful purposes and that,
under no circumstances will you use this data to: (1) allow, enable,
or otherwise support the transmission of mass unsolicited, commercial
advertising or solicitations via direct mail, electronic mail, or by
telephone; or (2) enable high volume, automated, electronic processes
that apply to Networksolutions.com (or its systems). The compilation,
repackaging, dissemination or other use of this data is expressly
prohibited without the prior written consent of Networksolutions.com.
Networksolutions.com reserves the right to modify these terms at any time.
By submitting this query, you agree to abide by these terms.
La información que ahí aparece nos indica que el REGISTAR, es decir la empresa donde se compró el dominio eltiempo.com es NETWORKSOLUTIONS . La información de el administrador del dominio indica que es Germán Sanchez y que dns@eltiempo.com.co y juaagu@eltiempo.com.co son los administradores de dicho dominio.
Esto indica que el dominio no ha sido robado, ni tranferido. Y que el dominio se encuentra a nombre de sus verdaderos propietarios.
¿Entonces que pasó?
La información nos indica que no fueron hackeados. Que ellos no administran su propio DNS, si no que dejan que NETWORKSOLUTIONS.COM lo maneje. Entonces lo que realmente ocurrió es que la contraseña del administrador del dominio en NETWORKSOLUTIONS.COM fue robada por un hacker. Y este remplazo los registros A de www.eltiempo.com para poner a apuntar la página a su propio servidor.
