LeaseWeb gets DNS Hijacked

Mon, 7th October 2013, 15:08

LeaseWeb is confirming in a post, that this past weekend for a short period of time some visitors to were redirected to another, non-LeaseWeb IP address, after the DNS was changed at the registrar. Affected users were redirected to a web page crediting a hacker group called KDMS Team for the attack.

The unauthorized name server change for took place at our registrar on Saturday 5 October, around 19:00 hours CET / 1 PM EST. While the hijack was soon detected and mitigated, it took some time before our adjustments in the DNS cache were propagated across the internet. During this period the following systems and services were affected:

  • Some visitors of were redirected to a non-LeaseWeb IP address
  • E-mails sent to addresses during the DNS hijack were not received by LeaseWeb
  • Domain name registration and server reinstallation via our Self Service Center was disabled


screenshot of the redirected leaseweb hompage after a DNS highjack


This company says the DNS hijack was quickly detected and rectified by LeaseWeb’s security department.

Although it seems to have had only superficial effects, we seriously regret this event from happening. Our security investigation so far shows that no domains other than were accessed and changed. No internal systems were compromised. One of the security measures we have in place is to store customer data separately from any publicly accessible servers; we have no indication that customer data was compromised as a result of this DNS hijack.

Right now, it appears that the hijackers obtained the domain administrator password and used that information to access the registrar. We will continue to investigate this incident thoroughly and take decisive action accordingly.

Details of how exactly the hijack could have happened are not yet 100% clear although some have suggested the recently vulnerability in WHMCS billing software used by many webhosting companies.  This doesn't appear to be the case as LeaseWeb uses its billing software for its customer panel.

At LeaseWeb we take security and cybercrime prevention very seriously. By partnering with various third parties through our Community Outreach Project, we are often able to stop cybercrime in its tracks. In addition, our security teams continuously research, implement and upgrade a broad variety of security systems and protocols to prevent any attacks from doing harm. These measures go beyond technical solutions. For example, as part of our continued ISO27001 security certification maintenance, all our staff receives regular security awareness trainings.

We sincerely apologize for any inconvenience this unfortunate event might have caused. Security will always be a battle between good and evil, with one trying to outsmart the other in whatever way possible. We will learn from this incident, intensively review our security systems and protocols, and adjust where necessary.

Some would argue 'its not if you get hacked, rather when'. The LeaseWeb post appears to suggest a social hack rather than a physical one. Either way, touche. 

 Server Mania web hosting special