百度大宕机 所有二级域名均已无法访问！黑客攻击 or 域名被盗？

天涯海角

1月12日7时20分左右，在站长论坛开始出现了大批站长发帖，称国内知名的搜索引擎百度无法打开，已经上不去了。

7:20分左右第一张帖子

随后大量用户均提出了相同的问题。

8点整左右，热心站长打来电话，告知中国站长站，百度已经长达半个多小时无法访问，所有的二级域名全部停摆。

在对百度服务器执行“Ping”命令时，均返回“请求超时”的信息。

随后编辑登陆网站后台，发现在7点53分已有站长doway投稿，称自己是网通用户，除百度无法打开外，均可访问，用手机登陆Wap.baidu.com也不行。

8点10左右，在各个QQ群内开始有大量站长、网民询问对方是否能登陆百度。截止发稿时，已超过一小时百度仍未恢复访问，像这样长时间大规模的宕机，在百度的历史上也是非常少见的。在2006年9月12日曾发生过一次类似事件。

目前暂不清楚相关原因，欢迎知情站长报料。

感谢热心站长锋一致电、7edu.net站长投稿

---

8:25 来自北京的站长明亮叔称自己Ping百度显示的是雅虎的DNS

C:\Users\inso>ping www.baidu.com Pinging sbs-p11p.asbs.yahoodns.net [98.136.50.138] with 32 bytes of data:

8:27 来自上海的站长ctg称打开百度正常，Ping百度地址显示的IP为119.75.213.61

8:28 热心站长sendmail投稿称百度遭伊朗黑客组织入侵

8:29 热心站长王世伦称百度疑似被伊朗黑客入侵

8:31 来自江苏的热心站长钱先生致电中国站长站 表示自己打开百度也访问到了伊朗黑客入侵的页面，随后中国站长站联系联系了这位江苏不锈钢天地网的钱先生，得到了相关图片如下：

天涯海角

http://220.181.6.6/

百度只能通过IP地址访问了

天涯海角

百度最新消息
目前Baidu.com的DNS服务器被更换,同时主域名已经被解析到一个荷兰的IP,并且访问百度旗下子域名会被跳转到雅虎的错误页面,WHOIS数据也正在不断被刷新中,目前问题并未解决,百度也并没有对此发表回应.

8:20更新:有网友曾经被定向到一个黑页“Iranian Cyber Army”上,域名被盗取或劫持的可能性相当大,不过百度如此大的请求数量是任何一个黑页服务器也无法抵御的,因此只能是访问失败.

回想起twitter上次域名被转向,和这次攻击有着惊人的相似.

8:30更新:百度DNS数据已经被改回,但WHOIS数据依然没有刷新

8:36更新:被黑图像出现,果然是伊朗网军.

天涯海角

baidu.com的注册信息被换?Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

Server Name: BAIDU.COM.ZZZZZZ.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM
IP Address: 203.36.226.2
Registrar: TUCOWS INC.
Whois Server: whois.tucows.com
Referral URL: http://domainhelp.opensrs.net

Server Name: BAIDU.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
IP Address: 69.41.185.203
Registrar: TUCOWS INC.
Whois Server: whois.tucows.com
Referral URL: http://domainhelp.opensrs.net

Server Name: BAIDU.COM.ZZZZZ.DOWNLOAD.MOVIE.ONLINE.ZML2.COM
IP Address: 64.28.187.63
Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Whois Server: whois.PublicDomainRegistry.com
Referral URL: http://www.PublicDomainRegistry.com

Server Name: BAIDU.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM
IP Address: 203.36.226.2
Registrar: TUCOWS INC.
Whois Server: whois.tucows.com
Referral URL: http://domainhelp.opensrs.net

Domain Name: BAIDU.COM
Registrar: REGISTER.COM, INC.
Whois Server: whois.register.com
Referral URL: http://www.register.com
Name Server: DNS.BAIDU.COM
Name Server: NS2.BAIDU.COM
Name Server: NS3.BAIDU.COM
Name Server: NS4.BAIDU.COM
Status: clientTransferProhibited
Updated Date: 03-dec-2008
Creation Date: 11-oct-1999
Expiration Date: 11-oct-2014

>>> Last update of whois database: Mon, 11 Jan 2010 13:59:54 UTC <<<

NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
[whois.register.com]

The data in Register.com's WHOIS database is provided to you by
Register.com for information purposes only, that is, to assist you in
obtaining information about or related to a domain name registration
record. Register.com makes this information available "as is," and
does not guarantee its accuracy. By submitting a WHOIS query, you
agree that you will use this data only for lawful purposes and that,
under no circumstances will you use this data to: (1) allow, enable,
or otherwise support the transmission of mass unsolicited, commercial
advertising or solicitations via direct mail, electronic mail, or by
telephone; or (2) enable high volume, automated, electronic processes
that apply to Register.com (or its systems). The compilation,
repackaging, dissemination or other use of this data is expressly
prohibited without the prior written consent of Register.com.
Register.com reserves the right to modify these terms at any time.
By submitting this query, you agree to abide by these terms.


Registrant:
Domain Discreet
ATTN: baidu.com
Rua Dr. Brito Camara, n 20, 1
Funchal, Madeira 9000-039
PT
Phone: 1-902-7495331
Email: 036f37850a14115101201f9483195f63@domaindiscreet.com


Registrar Name....: Register.com
Registrar Whois...: whois.register.com
Registrar Homepage: www.register.com

Domain Name: baidu.com
Created on..............: 1999-10-11
Expires on..............: 2014-10-11

Administrative Contact:
Domain Discreet
ATTN: baidu.com
Rua Dr. Brito Camara, n 20, 1
Funchal, Madeira 9000-039
PT
Phone: 1-902-7495331
Email: 036f376a0a14115100199c0316d64ebb@domaindiscreet.com


Technical Contact:
Domain Discreet
ATTN: baidu.com
Rua Dr. Brito Camara, n 20, 1
Funchal, Madeira 9000-039
PT
Phone: 1-902-7495331
Email: 036f37860a14115101c8a6d69ced14a8@domaindiscreet.com


DNS Servers:
ns4.baidu.com
ns3.baidu.com
ns2.baidu.com
dns.baidu.com


[HiChina Format]
Domain Name ..................... baidu.com
Administrative Name ............. ATTN: baidu.com
Administrative Organization ..... Domain Discreet
Administrative Address .......... Rua Dr. Brito Camara, n 20, 1
Funchal, Madeira 9000-039
PT
Administrative City ............. Funchal
Administrative Province/State ... Madeira
Administrative Postal Code ...... 9000-039
Administrative Country Code ..... PT
Administrative Phone Number ..... 1-902-7495331
Administrative Email ............ 036f376a0a14115100199c0316d64ebb@domaindiscreet.com
Expiration Date ................. 2014-10-11

f5q3007

目前百度依然无法访问  ORZ

天涯海角

baidu.com WHOISRegistrant:
      Domain Discreet
      ATTN: baidu.com
      Rua Dr. Brito Camara, n 20, 1
      Funchal, Madeira 9000-039
      PT
      Phone: 1-902-7495331
      Email: 036f37850a14115101201f9483195f63@domaindiscreet.com


   Registrar Name....: Register.com
   Registrar Whois...: whois.register.com
   Registrar Homepage: www.register.com

   Domain Name: baidu.com
      Created on..............: 1999-10-11
      Expires on..............: 2014-10-11

   Administrative Contact:
      Domain Discreet
      ATTN: baidu.com
      Rua Dr. Brito Camara, n 20, 1
      Funchal, Madeira 9000-039
      PT
      Phone: 1-902-7495331
      Email: 036f376a0a14115100199c0316d64ebb@domaindiscreet.com


   Technical  Contact:
      Domain Discreet
      ATTN: baidu.com
      Rua Dr. Brito Camara, n 20, 1
      Funchal, Madeira 9000-039
      PT
      Phone: 1-902-7495331
      Email: 036f37860a14115101c8a6d69ced14a8@domaindiscreet.com


   DNS Servers:
      dns204.a.register.com
      dns190.b.register.com
      dns050.c.register.com
      dns010.d.register.com


[Whois Source: whois.register.com]









域名状态 clientTransferProhibited
所属注册商 REGISTER.COM, INC.
DNS服务器 YNS1.YAHOO.COM
DNS服务器 YNS2.YAHOO.COM
注册日期 11-oct-1999
过期日期 11-oct-2014




Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

BAIDU.COM.ZZZZZZ.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM
BAIDU.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
BAIDU.COM.ZZZZZ.DOWNLOAD.MOVIE.ONLINE.ZML2.COM
BAIDU.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM
BAIDU.COM

To single out one record, look it up with "xxx", where xxx is one of the
of the records displayed above. If the records are the same, look them up
with "=xxx" to receive a full display for each record.

>>> Last update of whois database: Tue, 12 Jan 2010 00:26:06 UTC <<<

天涯海角

今天早上7时许，百度出现访问中断的情况，查询域名baidu.com的WHOIS信息后发现百度域名出现不可理解的问题。
目前Baidu.com的DNS服务器被更换，同时主域名已经被解析到一个荷兰的IP，并且访问百度旗下子域名会被跳转到雅虎的错误页面，WHOIS数据也正在不断被刷新中，目前问题并未解决，百度也并没有对此发表回应。8:20更新:有网友曾经被定向到一个黑页“Iranian Cyber Army”上，域名被盗取或劫持的可能性相当大，不过百度如此大的请求数量是任何一个黑页服务器也无法抵御的，因此只能是访问失败。

回想起twitter上次域名被转向，和这次攻击有着惊人的相似。

8:30更新:百度DNS数据已经被改回，但WHOIS数据依然没有刷新

8:36更新:被黑图像出现,果然是伊朗网军。

Bad6oy

太深奥了。。

天涯海角

百度台湾

台灣百度公告

台灣百度日前遭受有心人士破壞，導致主機系統癱瘓。

為有更好服務與品質，目前正在搶救資料訊息，請網友靜待佳音。

台灣百度非營利網站，請有心人士切勿以私心破壞大眾網友利益為重。

　
　
有心人士留言如下
Hello ,I am a Chinese Hacker,sorry to enter your server

I make a mistake that I thange your administrator's password

I am so sorry

you can write mail to me admin@0days.net.cn

My main aim is not doing some bad things.....

laoyuwoai

好快啊。。我也正纳闷呢

金澜

{:2_164:}我刚想搜东西。。。
原来不是我网速问题

独爱依人

金狼，是你网速的问题{:2_130:}