Crackers briefly hijacked hacking tools website Metasploit on Monday.

Metasploit (http://www.metasploit.com) is an open-source toolkit widely used by both hackers and security admins to test for website vulnerabilities. But visitors to the site on Monday were redirected to a page announcing the site was "hacked by sunwear ! just for fun", as recorded (http://sunbeltblog.blogspot.com/2008/06/metasploit-hacked.html) by Sunbelt Software.

Unidentified miscreants used an ARP poisoning attack aimed at the network of Metasploit's hosting provider in order to pull off the hack. The Metasploit project was quickly restored. H D Moore, the creator of the project, explained (http://www.haloscan.com/comments/alexeck/964311044981251862) what happened in response to online reports of the hack.

"Another customer on the same ISP was compromised and used to ARP poison all servers in that subnet. I corrected the problem by setting a static ARP entry and notifying the ISP. To make it very clear - the metasploit.com servers were not compromised, nor have been to this date," he said. ®

Related stories

• German hacker-tool law snares...no-one (7 June 2009)

  http://www.theregister.co.uk/2009/06/07/germany_hacker_tool_law/

• Ankle-biting hackers storm net's overlords, hijack their domains (27 June 2008)

  http://www.theregister.co.uk/2008/06/27/iana_and_icann_hijacked/

• After Debian's epic SSL blunder, a world of hurt for security pros (21 May 2008)

  http://www.theregister.co.uk/2008/05/21/massive_debian_openssl_hangover/

• Attackers turn Bank of India site into malware bazaar (1 September 2007)

  http://www.theregister.co.uk/2007/09/01/bank_of_india_website_takeover/

• Cyber crooks hijack 10,000 websites (18 June 2007)

  http://www.theregister.co.uk/2007/06/18/hijacked_sites_install_malware/

• Day dawns for Metasploit 3.0 (2 April 2007)

  http://www.theregister.co.uk/2007/04/02/metasploit_3/

• Daily flaws ratchet up debate (17 July 2006)

  http://www.theregister.co.uk/2006/07/17/disclosure_debate/