dyndns hacked?
Posted: Thu May 23, 2019 7:31 pm
Hi,
Running Gargoyle 1.8.1 on TP-Link TL-WR1043N/ND v1.
I have my own domain "somedomain.com" with namecheap.com, hosting I do myself on my own server, so DNS record at namecheap (a hosting provider) for "somedomain.com" should be my home IP address. I use the Dynamic DNS feature of Gargoyle to update namecheap's DNS record in case my ISP assigns me another IP address. I have set the Dynamic DNS Service to check every 5 minutes and the force update interval is 1 day.
Whenever I check what my IP address is (eg whatsmyip.org) I get the same answer, my IP address is quasi static (it's technically dynamic but has been the same for as long as I can remember).
Lately I have noticed that often when I (try to) visit my personal website (that I host myself) it won't show it. When I then check the DNS entry for somedomain.com it is NO longer my home IP address but ALWAYS some IP address that belongs to Amazon Australia (I live in New Zealand myself).
If I then do a 'Force Update' in Gargoyle it will soon be back to normal.
What I would like to know is WHAT is updating namecheap's DNS records!?
I have asked my ISP if it could be the case that every now and then I - for whatever reason - get assigned a different IP address. They have assured me that that is NOT the case and they certainly wouldn't be able to assign me an address that belongs to Amazon Australia.
I have asked namecheap if they could see WHO was causing the updates to their DNS records. They couldn't tell. They could see the records were indeed updated to the Amazon Australia IP address and then reverted back to my actual IP address. I have then changed the password that you need to update the Dynamic DNS record and changed it accordingly in Gargoyle. But again the DNS entry for somedomain.com would suddenly be replaced with some Amazon Australia IP address and then with my actual address again.
So I am beginning to think that MAYBE Gargoyle is for some reason sending false updates to namecheap with an Amazon Australia IP address. But that too strikes me as very odd!
I now wrote a little program (I am a software developer) that compares my IP address every minute to the DNS entry for somedomain.com, and will bark if they are not equal. I have been running it for the last half an hour and have already noticed 1 occurence where my IP address (that stayed the same) did NOT match the DNS entry anymore, this lasted for 3 minutes, then they were equal again.
Is there ANY way that I can get Gargoyle to log its Dynamic DNS activity so I can see if it's indeed Gargoyle sending false updates (not even triggered by an actual change in IP address)?
Again, the ONLY device knowing my Dynamic DNS password that I changed just a few days ago is my router running Gargoyle. So it has to be either Gargoyle or namecheap is falsely updating their own records before Gargoyle corrects them.
Any advice tips are very welcome. It's very annoying if I am at work with an open FTP connection to somedomain.com and that suddenly crashes because somedomain.com suddenly points no longer to my home server but to Amazon.
Thanks!
Running Gargoyle 1.8.1 on TP-Link TL-WR1043N/ND v1.
I have my own domain "somedomain.com" with namecheap.com, hosting I do myself on my own server, so DNS record at namecheap (a hosting provider) for "somedomain.com" should be my home IP address. I use the Dynamic DNS feature of Gargoyle to update namecheap's DNS record in case my ISP assigns me another IP address. I have set the Dynamic DNS Service to check every 5 minutes and the force update interval is 1 day.
Whenever I check what my IP address is (eg whatsmyip.org) I get the same answer, my IP address is quasi static (it's technically dynamic but has been the same for as long as I can remember).
Lately I have noticed that often when I (try to) visit my personal website (that I host myself) it won't show it. When I then check the DNS entry for somedomain.com it is NO longer my home IP address but ALWAYS some IP address that belongs to Amazon Australia (I live in New Zealand myself).
If I then do a 'Force Update' in Gargoyle it will soon be back to normal.
What I would like to know is WHAT is updating namecheap's DNS records!?
I have asked my ISP if it could be the case that every now and then I - for whatever reason - get assigned a different IP address. They have assured me that that is NOT the case and they certainly wouldn't be able to assign me an address that belongs to Amazon Australia.
I have asked namecheap if they could see WHO was causing the updates to their DNS records. They couldn't tell. They could see the records were indeed updated to the Amazon Australia IP address and then reverted back to my actual IP address. I have then changed the password that you need to update the Dynamic DNS record and changed it accordingly in Gargoyle. But again the DNS entry for somedomain.com would suddenly be replaced with some Amazon Australia IP address and then with my actual address again.
So I am beginning to think that MAYBE Gargoyle is for some reason sending false updates to namecheap with an Amazon Australia IP address. But that too strikes me as very odd!
I now wrote a little program (I am a software developer) that compares my IP address every minute to the DNS entry for somedomain.com, and will bark if they are not equal. I have been running it for the last half an hour and have already noticed 1 occurence where my IP address (that stayed the same) did NOT match the DNS entry anymore, this lasted for 3 minutes, then they were equal again.
Is there ANY way that I can get Gargoyle to log its Dynamic DNS activity so I can see if it's indeed Gargoyle sending false updates (not even triggered by an actual change in IP address)?
Again, the ONLY device knowing my Dynamic DNS password that I changed just a few days ago is my router running Gargoyle. So it has to be either Gargoyle or namecheap is falsely updating their own records before Gargoyle corrects them.
Any advice tips are very welcome. It's very annoying if I am at work with an open FTP connection to somedomain.com and that suddenly crashes because somedomain.com suddenly points no longer to my home server but to Amazon.
Thanks!