ANN Down!?



  • I don't know if you're having the same problem but as far as I know. Anime News Network is down.



  • Yup and has been all night



  • @MRy27 I think it has been hacked or something.



  • According to people on Twitter the domain was actually compromised and transferred. Whois backs this up. I'd advise staying off ANN until you know it is fixed.

    Edit: ANN staff are posting to go here: http://www.animenewsnetwork.cc/ until the breach is fixed.



  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • I have deleted all posts relating to the derailment that occurred in this thread. The reason was more that the thread was completely derailed and not so much the inappropriate language that was used.

    Let's please keep the thread on topic and not resort to name calling.



  • @Sophie thanks for stepping in!



  • ...did they ever fix the site domain yet? Haven't been paying attention...



  • @thegrandalliance Nope. They got back everything else though.



  • LoL, so funny. The noobs...

    No matter...... But thank u for the report, nonetheless.



  • You know, when i see all the deletions from the back and forth on this thread... i hate to even think what was being said {:-o



  • @thegrandalliance said in ANN Down!?:

    LoL, so funny. The noobs...

    The loss of the domain is mostly down to bad security on the part of one person's wireless carrier.

    Per http://www.animenewsnetwork.cc/site-news/2017-08-11/how-ann-was-hacked/.120038 :

    "On August 7th, a hacker contacted my cell phone company to initiate the transfer of my number to a new sim-card. The hacker called 3 times, and each time they failed the security authentication. After three failures, they tried my cell phone company's online chat feature where they were able to convince a customer service representative (CSR) to make the transfer."

    This comes into play because sending a code to a listed cell phone is often one of the ways to reset a "lost or forgotten" password on an account.

    As I stated over in the ANN forum, the second attempt, and certainly the third should have caused the account to be flagged, and any changes barred until the carrier contacted the customer (rather the "customer" calling them).



  • @TheAncientOne

    Pardon me for one second, but... WTF does a SIM card for a cell phone have anything to do with a domain registrar service? I see the Answerman making total excuses for his /epicfail.

    Ownership transfer privileges of a domain, especially one as trafficked as ANN, should not be accessible via anything not requiring the Answerman to physically get on a airplane and fly to the registrar office for in person authentication. Furthermore, multi-step physical protocols should be in place that requires multiple passes and checks along the way, and timeout procedures.

    If your registrar doesn't do this; and it seems even now ANN is using "fly by night" registrar services... Well, don't blame the hacker for ur noobishness. Blame your choice of domain services.


    O wait, there goes Gen Fukunaga's SIM card. He got hacked. FUNimation under control of the Chinese!

    O wait, but now Bank of America just had their domain registration moved! What is going on here?

    un.org, the United Nations... TRANSFERED to the RUSSIANS!........


    See, this stuff simply just doesn't happen. There are literally safeguards in place to make this almost virtually impossible.

    And what is worse, is that his primary email for the domain was on his phone. That email account is worth more then gold; it should be a one off exclusive, away from servers that u control, and sure as hell not on your phone.

    And this is comming from one who owns several domains myself, BTW. This is indeed further evidence that, whether in regards anime or in basic Internet management, the Answerman is still, a total bumbling fool.


    @Series5Ranger

    This was only was possible, because he had his life on his phone. You dont do that. Simple as that.

    If you don't have multilayered security levels anticipating stages of breach, you have no business in Internet security.

    If this was so easy to hack, I wonder what else vulnerabilities he had. The point is, your domain name should never be accessible from your phone. If you don't understand how one thing leads to another, then pay someone who does.

    I am super paranoid with my stuff; still probably not enough, and yet me not some owner of a major site. So it can be done, regardless.

    No excuse.....


    Lastly, @TheAncientOne ye fail to mention Mr. Chrisy here already incriminated himself thus,

    On ANN's side, we're moving all our domain registrations to more secure domain registrars. Once we get AnimeNewsNetwork.com back, it will go to an extremely secure (and expensive) registrar that will not make domain changes without offline confirmation. Our other, secondary domains will go to a normal registrar with a good reputation for security. (Our current registrar bites; I've been with them since the '90s because they did some very cool things back then, but I let my emotional attachment to their early achievements blind me to their lack of security today.)

    Furthermore, among many other things, we'll be reviewing the 2-factor and, more importantly, account recovery settings for all our of ANN's accounts; they certainly won't be tied to well known phone numbers.

    OH NO! NOW THET HAVE TO SPEND $20/YEAR INSTEAD OF $7 TO REGISTRAR WITH A REAL SERVICE! THE SKY IS FALLING, EVERYONE IS DIEING!!!!!!!............

    /guiltyascharged

    22344



  • @thegrandalliance

    The point of failure was the customer Service Representative of his cell phone company , and he admitted that his registrar service wasn't up to snuff as far as security practices were concerned. Once the hacker(s) had his cell phone number (which he probably had as his point of contact for his domain registration), the hackers easily transferred ownership of the site. The article is still a good read on how easily one point of failure (in this case the Customer Service Rep) can lead to the rest of your security being compromised.



  • This post is deleted!

Log in to reply