LK domain registry discovers credentials of compromised system user account
The LK domain registry has issued a statement with regard to the recent breakdowns in the system, in which the domains of several websites were accessed without authority by unidentified parties.
The LK Domain Registry maintains the Top-Level country code domains .LK, .ලංකා and .இலங்கை. In addition to the servers which run the domain name system - DNS, the Registry maintains a registration system through which customers may register new domains, renew domains and change details of their domains.
However, around 10 domain names were modified to point to a new IP address on 06 February, after which the LK Domain Registry had temporarily restricted access to the domain registration systems to prevent further damage.
The security partner of the domain registry system, TechCERT identified that the credentials of one system user account has been compromised and the restrictions which normally prevent the admin interface from being accessed from the Internet were bypassed.
The domain registry system states that they have identified shortcomings in the security mechanisms, and have updated the systems to mitigate these vulnerabilities, alongside with several others discovered.
During this time, any urgent requests can be directed to [email protected] or can be contacted via 0114-216-061 and 0114-216-062.