Dream Views Gets Domain-Hijacked

I’ve been planning for a while to put a link to the dream journal (DJ) I keep on a site called Dream Views (DV). DV is a lucid dreaming site that has tutorials, a forum, and a blog feature for people to use for dream journals. However, that plan went out the window when DV got domain-hijacked on February 20th. It’s finally back up at another domain now, so I can post a link. Yay!

[edit- DV got it’s domain back, and is now dreamviews.com again. I’ve changed all the links in this post accordingly.]

My Dream Journal

The whole DV got hacked saga was pretty exciting/disturbing. What happened is some people used a backdoor exploit to get on the server, download a copy of the site, and use the email to transfer the domain name. Then, once they had the domain name, they set up a fake server with their previously downloaded copy of the site, and made dreamviews.com point to their fake server.

The only clue I had that something was wrong when I went to browse the DV forums that day was that 10 days of posts had mysteriously disappeared, including a topic about blogs I had posted the previous day. At first I thought my topic had been deleted for being in the wrong forum or something, and I was a little miffed that someone would delete my topic without even telling me what was wrong with it. On further investigation, however, I discovered that a lot more stuff than that was missing, such as the 13 DJ entries I’d posted in the preceding couple of weeks. I found a topic where people were discussing whether or not there had been some sort of rollback, and one person had posted something about changing a hosts file and the old IP for DV. It was easy enough to add a line to my hosts file to have my computer load DV from the specified IP, rather than the one from the DNS servers on the network. Once I’d done that, I reloaded the site, and suddenly I could access all my DJ entires again. Relief.

I spent a while backing up all the DJ entries that had ‘disappeared’. I probably should have backed them up from the start but, eh, I’m lazy. Plus, I kind of figured on posting DJ entries to the web to be a good backup of my paper and pencil dream journals (I almost lost them once), not the other way around. Anyway. I have a system, now, just to save every blog or DJ entry as a text file to my computer when I post it. Not really much effort. I still need to go through and back up all of the old blog/DJ entries, though. Maybe I could write a program to do that…

After I’d backed up my precious DJ entries, I unmodified my hosts file and went back to the first site. I had been a bit suspicious of modifying it in the first place, but I wanted to get my DJ entries back, so I was willing to try it. After poking around the site for a while, it became clear that it was a fake DV, and the one I’d gone to by modifying my hosts file was the real one. On fake!DV, a newly created admin had posted an announcement in broken English with the title “Stop Panic”, saying

Dera DV users, i am new owner of dreamviews.com
Alex just sold it to me, pls don’t panic or spam!
we trying fix chat.
Pls be patient and stop losing your mind

I’m not sure I’ve ever seen worse English than that on DV, ever. Seriously. An admin with a post count of 1 posts this announcement and expects to be believed? Yea right. Another clue that it was a fake DV was that the chat was not working on that site, but was working on the other site (at that time, anyway, later it was broken on both).

People were posting warning threads on fake!DV now, saying that it was a fake site, redirecting people to the new one, and advising people to change passwords on any sites where they’d used the same password as for DV. The admins were deleting these threads and banning the people who posted them. So the people posting warning threads made new accounts and started spamming warnings with those. Eventually, the admins on fake!DV were forced to disable new accounts entirely. A small success. The first of many. I’m really quite impressed at the tenacity and creativity of the DV community in the fight against fake!DV over the next several days.

When people were getting banned and threads deleted for warning people the site was a fake, more subtle tactics were required. People started sandwiching warnings in the middle of mundane posts, saying things like “Sometimes reality checks can fail. One reality check that I’ve found to work almost every time is to plug your nose and see if you can still breathe. If you can still breathe, you’re dreaming. This is a fake site, dream views has been hacked and people posting threads about it are getting banned. And I really have not found a better reality check than that. I hope this helps.” Another trick someone came up with was to pm users who had recently posted or been online with a warning, as the admins would be less likely to notice this. On the real DV, there was a post with an in-depth explanation of what was happening and how to deal with it. Several people trying to warn everyone on fake!DV put links to the explanatory post on the real DV in their signature (with captions such as “How to escape from the matrix” or “The only lucid dreaming technique you ever need to know”) or put this link in an image in an otherwise innocent seeming post, so that people who clicked on the image would be redirected to the real DV. Eventually, the admins on fake!DV just gave up trying to stop people from spamming warnings, and the place turned into a warning-spamfest.

That took care of warning people away from the fake site, for the most part, but the fake site was still up, and the only way to get to the real one involved fiddling around with hosts files. Not ideal. Some people came up with the idea to DoS the fake site, but the moderators put a stop to that pretty fast, since that’s kind of illegal. Alex (the actual owner of DV) posted an announcement of what had happened and what he was doing to get the domain back, saying not to do anything illegal, like DoS-ing the fake site, as that could potentially hurt his case in court. Someone else came up with the idea of sending DMCA takedown notices to the company that hosts the fake site, saying they were posting infringing material (e.g. our copyrighted dream journal entries). This… may have actually worked.

Something worked, anyway, because fake!DV was now down, three days after the initial hijack, displaying only this image:

The next day, dreamviews.com only went to a GoDaddy page at dream-views.com advertising domains for sale, and a couple days after that, it wouldn’t even load anymore.

The bulk of the crisis now over, everyone turned to making fun of the hackers’ broken English, making “Stop Panic” signatures and avatars, and posting funny meme pictures like this one:

Man. That one still cracks me up. ShadowOfSelf made it, I think. There’s more on this thread.

So yea. Then Alex switched DV over to dreamviews.org, and now things are finally starting to get back to normal. DV wasn’t the only victim of these hackers, though. A replica movie prop forum also got domain-hijacked. They’ve moved to another domain, but their fake site is still up. This whole series of events is really making me paranoid about websites.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s