Hi!
So let's see.. the users will see this when they log into shell.panix.net (since shell.panix.com is borked).. Somehow, that doesn't seem to help much..
and the hijackers could be, potentially, running a box pretending to be shell.panix.com, gathering userids and passwds :(
Or put up a pop server, thats more likely used by more of their customers anyway.
The other question was a nice one also, did they hve REGISTER-LOCK set for the domain?
Bye, Raymond
