Crackers briefly hijacked hacking tools website Metasploit on Monday.

Metasploit is an open-source toolkit widely used by both hackers and security admins to test for website vulnerabilities. But visitors to the site on Monday were redirected to a page announcing the site was "hacked by sunwear ! just for fun", as recorded by Sunbelt Software.

Unidentified miscreants used an ARP poisoning attack aimed at the network of Metasploit's hosting provider in order to pull off the hack. The Metasploit project was quickly restored. H D Moore, the creator of the project, explained what happened in response to online reports of the hack.

"Another customer on the same ISP was compromised and used to ARP poison all servers in that subnet. I corrected the problem by setting a static ARP entry and notifying the ISP. To make it very clear - the metasploit.com servers were not compromised, nor have been to this date," he said. ®

Related stories

• German hacker-tool law snares...no-one (7 June 2009)

  https://www.theregister.com/2009/06/07/germany_hacker_tool_law/

• Ankle-biting hackers storm net's overlords, hijack their domains (27 June 2008)

  https://www.theregister.com/2008/06/27/iana_and_icann_hijacked/

• After Debian's epic SSL blunder, a world of hurt for security pros (21 May 2008)

  https://www.theregister.com/2008/05/21/massive_debian_openssl_hangover/

• Attackers turn Bank of India site into malware bazaar (1 September 2007)

  https://www.theregister.com/2007/09/01/bank_of_india_website_takeover/

• Cyber crooks hijack 10,000 websites (18 June 2007)

  https://www.theregister.com/2007/06/18/hijacked_sites_install_malware/

• Day dawns for Metasploit 3.0 (2 April 2007)

  https://www.theregister.com/2007/04/02/metasploit_3/

• Daily flaws ratchet up debate (17 July 2006)

  https://www.theregister.com/2006/07/17/disclosure_debate/