DNS fuckery is still in progress
If you have not already done so, go read my last post on the topic: >>13556866, >>13556868
I think I explained it pretty well. My earlier reports might have been a bit unclear. I also did a DNS check on "sys.8kun.top" and it is also compromised. However, the frequency at which bad IP addresses are being seeded is less than it is with "8kun.top". I don't know if this is a clue. Since "sys.8kun.top" is only used for posting and board administration, it doesn't affect thread updates or the catalog.
I also ran a DNS check on "www.bitchute.com" and "rumble.com". I'm not seeing any fuckery there so it would seem that only 8kun is the subject of this DNS exploit. It also means that what I'm seeing is not the result of a glitch. If no other sites are affected then somebody is definitely setting up an attack on 8kun. Try these links to see for yourself:
https://dnspropagation.net/A/8kun.top
https://dnspropagation.net/A/sys.8kun.top
https://dnspropagation.net/A/www.bitchute.com
https://dnspropagation.net/A/rumble.com
You need to retry the propagation test a few times at one-minute intervals. The attack pattern is random so it is easy to miss. Note that only specific DNS servers are reporting the bad IP addresses. It could be that only some servers are vulnerable to the attack or it could be that the attack is strategically targeted. There are thousands of DNS servers spread around the globe, each serving a specific market. If the ultimate target of the attack is YOUR DNS SERVER then only certain upstream servers feeding that market would need to be targeted. I don't have any idea what upstream server my ISP uses but I can say that it is not Google or Cloudflare or OpenDNS because I'm not finding an issue with those servers.
So what does this mean? It could mean that the attacker is trying to avoid detection. An attack on Google, for example, would set off alarm bells because that system is likely under heavy scrutiny. I do suspect that Google has already been probed and I think that I may have caught the tail end of a test run. Google gave me a bad IP address for "8kun.top" but it only happened once. Of course, I could be mistaken but, if I am correct, then no DNS server is safe.
Which brings me to this eye-opener: what if the recent death of Dan Kaminsky is connected to this? We know that Kaminsky was an Internet security researcher and that he is prominent for his work on patching a DNS "cache poisoning" vulnerability in 2008. Cache poisoning? Like what is happening right now? What was he working on recently? Something to do with DNS? Something that somebody did not want to become public? I'll leave it there.
https://en.wikipedia.org/wiki/DNS_cache_poisoning
https://en.wikipedia.org/wiki/Dan_Kaminsky