Well, perhaps not.. but certainly, something very strange is going on.
Back in June 2008, technology uber-blog TechCrunch announced its own news aggregator service called “TechNews” which had more than a passing similarity to Reddit.
TechCrunch announced that the system was currently on one of its test servers.
Whatever happened next to TechNews is lost in the mists of time.. all I know for sure is that it didn’t set the world on fire.
So, what happens if you visit technews.techcrunch.com today? Here’s what you see:
And yes, that really is technews.techcrunch.com that I have visited. Check the url in the browser’s location bar if you don’t believe me.
Black Oak Asset Management claims to be a legitimate firm based in Cartersville, Georgia. To all intents and purposes the website looks legitimate, the links work and there’s no obvious indication that the page has been set up for the purposes of phishing.
So, the weird thing about it is that it’s on a subdomain at techcrunch.com (in fact, it’s at two subdomains, because it’s also at primaries.techcrunch.com).
Has TechCrunch’s test server been hacked? Or has there been a goof-up involving DNS and IP addresses that means anyone visiting those TechCrunch domains now ends up on an asset management website.
It’s really most peculiar, and maybe the problem will get fixed soon by TechCrunch’s IT team. But in the meantime, it’s a timely reminder for all companies managing web servers to keep a close eye on their old domains, just in case one of them starts to offer webpages that shouldn’t be there.
This isn’t the first time that TechCrunch has had problems with its websites, of course. In September 2010 we reported how TechCrunch Europe was serving up malicious code to web visitors.
Update: The issue now seems to have been fixed, presumably by someone at TechCrunch’s end. Good job!
Further update: Vineet from TechCrunch has been in touch, with an explanation of what went wrong. Here it is..
Thanks for pointing out the subdomain issues on TechCrunch this morning. TC was not hacked 🙂
In the past, we had our own test server on this IP (hosted at MediaTemple) for those subdomains (technews, primaries and so on). We have long stopped using MT as our hosting provider. It seems that the IP is now used by someone else, Black Oak in this case. I believe this is what happened since the subdomains have existed for a long time and no one likely noticed the change of IP ownership.
I have deleted the DNS mappings for the subdomains in question.
Let me know if you have any questions.
Mystery solved. Nice one Vineet!
9 comments on “Has TechCrunch been hacked?”
primaries.techcrunch.com also connects to this site. That is the first item when you search on Google.
looks like MediaTemple is the block owner for 220.127.116.11 but DNS for both is handled by WordPress.com. Any thoughts?
WordPress? Perhaps a screw-up due to today’s web blackout protest against the SOPA/PIPA antipiracy legistlation in the United States? WordPress is one of the sites participating.
TechCrunch, like Naked Security, uses WordPress VIP for its infrastructure.
I doubt that the SOPA/PIPA blackouts are the cause of this glitch however.
Can't do a realtime whois lookup for this domain (too many connections, apparently) but the domain was registered in March 2009. DNS foul-up, I suspect.
technews.techcrunch.com no longer resolves! someone fixed the DNS misconfig!
Good find mate.
I blame SOPA.
DNS screw up. Happens all the time. It happened to me once and I ended up with phenomenal traffic on a dead website ip address