DNS劫持：

DNS劫持又称域名劫持，是指在劫持的网络范围内拦截域名解析的请求，分析请求的域名，把审查范围以外的请求放行，否则返回假的IP地址或者什么都不做使请求失去响应，其效果就是对特定的网络不能反应或访问的是假网址。

起因是因为论坛挂KT的广告，然后有一位会员和管理吵架，说KT是骗子。 结果账号被管理员封了， 封了没多久，论坛就被黑了， 论坛首页就出现了：

感谢ccav 感谢方院长让我翻了好几层墙..感谢cpuer 封了我的帐号.感谢domin记住了我

感谢nbvps emsvps vpsyou diavps d9vps 印迹vps 阿川vps vpszz..ktp2008:谁让你挂骗子广告了其实我最感谢debian教会我的超级无敌大ddos..回头帮你update成dabian(大便)请不要ddos我..黑阔你伤不起..

最后谢谢你们给我次出名的机会 hacked by kpt2008 kt是骗子广告..请尽快撤下..

5分钟之后 系统自动rm -rf /*

　　原文：

　　The wiki.php.net boxwas compromised and the attackers were able to collect wiki account credentials. No other machines in the php.net infrastructure appear to have been affected. Our biggest concern is, of course, the integrity of our source code. We did an extensive code audit and looked at every commit since 5.3.5 to make sure that no stolen accounts were used to inject anything malicious. Nothing was found. The compromised machine has been wiped and we are forcing a password change for all svn accounts.
　　We are still investigating the details of the attack which combined a vulnerability in the Wiki software with a Linux root exploit.

　　内容大致是：

　　由于wiki账号被盗，PHP的代码源极有可能被污染，当然，PHP团队已经做最大的努力以保证自PHP5.3.5版本的代码没有收到污染，并且强迫SVN修改现有的密码。

　　而事件目前的状态是，他们仍然没法锁定漏洞所在，因为他们仍在排查。

　　一个很明显的问题是，PHP5.3.6以及其后续版本的代码已经被污染，目前只能把未受污染的代码版本确保到PHP5.3.5，下载PHP代码的人，要小心了。

　　而windows.php.net和wiki.php.net也已经暂停访问。

先全文转载如下：

Dear Customers,

We regret to inform you that Virpus has had a security breach in our network, which has caused ~19 servers to have complete or partial data loss. There is only one server that has had partial data loss.

The list of nodes is as follows:

masi
hale
anderson
george
murphy
gemini
glacier
titan
willett (partial – VM’s are still running)
capricorn
clix
valarius
barksdale
robles
goss
olsen
wright
lang
royal

We know how the culprit(s) gained access and have recorded their IP’s although there are high chances that the IP’s could be spoofed. The point of attack has been cured. Virpus will be undergoing a complete security revamp in every aspect and will bring in a third party security expert to assist.

Virpus will offer any customers who are on these nodes who wish to resume services a 2 month credit on their services with us due to this. If you wish to get services again, please open a ticket with Sales.

I have helped build this company from the ground up, and it is especially painful for me to see such an event. I would like to apologize to our customers for this, and hope that we can move forward. This hurts both our customers and us as a company, and we will try to pursue all possible legal ways to find who did this.
__________________
Kenneth Odem
CEO/Co-Founder
Virpus Networks, Inc.
1-877-484-7787 ext 83

文中提到的补偿方案也不是很给力。补偿如下：

1，如果想继续使用他们家VPS的，需要客户在后台发ticket联系sales给补偿2个月时间。

2，如果不想用他们家VPS的，给提供部分退款。deepvps 个人觉的此次事件对Virpus打击甚大。有还在用他们家VPS的同学抓紧时间自己备份，数据安全不能指望主机商，只能靠自己，切记切记。