Oooh, a nice lead-in for some more scary stuff...
Back in 2000 I believe it was, I had a telephone conversation with a very respected peer of mine. At the time, we were discussing DNS Hijacking. They wouldn't tell me how it was done but, I was made an example of during the phone conversation. The schmucks managed to hijack "my" DNS on a personal domain and serve their content. To this day, I still don't fully understand how they did it and I've always had this "nagging" suspicion in the back of my mind that there is a bit of more of this going on than we may realize. They did it in a matter of 10 minutes. And you know what, I was so freakin' excited that I forgot all about the hijack. I had to call them back a week later to "get out of jail".
I've really immersed myself into this and I have some highly educated people assisting too. We are building applications to alert us when the potential for this arises. I know, some of it we cannot fight, yet. And, when we figure out how to do it, I'm retiring for good!
Are you a potential victim of DNS Hijacking? Let's outline some things you may want to look for "first" before assuming that you've been jacked.
1. These days, the first thing I'm suggesting is that you mine your logfiles. Hire a professional log analyzer and have them scour those files for anamolies.
2. The next on the list would be traffic patterns. You'll need to be "totally" in tune with the day to day patterns of your traffic and sales.
Those two suggestions should get you started down the right track to see if there is anything unusual going on with the "under pinnings" of your website.
For example, if you were viewing your traffic and sales over an extended period of time, do you notice any anamolies in the graphs? Things such as "no sales" during specific time periods and/or "sales" during specific time periods? Does it seem as though your traffic is being throttled at certain times?
Another example, "what the heck are all those entries in the logfiles for queries that are not part of your taxonomy?" Could it be that someone was probing for technical flaws? They may have even generated a few 404s (by mistake) prior to all those 200 queries, a signal to be on the lookout for. And guess what? That long, long, long, list of queries may find its way on to a cloaked 301 page somewhere and you'll never see it coming or know what hit you.
There are a few around here who know what I'm on to. Its only a matter of time...
Ouch, argh, oooh, stop with the rocks already! Me Tin Hat has enough damn dents in it!
[edited by: pageoneresults at 4:55 pm (utc) on June 22, 2008]