Latest news of the domain name industry

Recent Posts

China connection to Go Daddy WordPress attacks

Go Daddy’s hosting customers are under attack again, and this time it looks like it’s more serious.

Reports are surfacing that WordPress sites hosted at Go Daddy, and possibly also Joomla and plain PHP pages there, are being hacked to add drive-by malware downloads to them.

Go Daddy has acknowledged the attacks, blaming outdated WordPress installations and weak FTP passwords, and has put up a page with instructions for cleaning the infection.

Last week, I was told that the first round of attacks was very limited. Today, the attackers seem to have stepped it up a notch.

As a result, Go Daddy could find itself in a similar situation to Network Solutions, which had a couple of thousand customer sites hacked a few weeks back.

The attacks appear to be linked to a well-known crime gang with a Chinese connection.

According to Sucuri, when a Go Daddy-hosted WordPress page is hacked, JavaScript is injected that attempts to redirect surfers to a drive-by attack from the domain kdjkfjskdfjlskdjf.com (don’t go there).

This domain was registered with BizCN.com, an ICANN-accredited Chinese registrar, but its name servers appear to have been created purely for the attack.

The registrant’s email address is hilarykneber@yahoo.com. This connects the attack to the “Kneber” botnet, a successful criminal enterprise that has been operating since at least December 2009.

A Netwitness study revealed the network comprised at least 74,000 hacked computers, and that the bulk of Kneber’s command and control infrastructure is based in China.

Since Kneber is known to be operated by a financially motivated gang, and it’s by no means certain that they’re Chinese, it’s probably inaccurate to suggest there’s something political going on.

However, I will note that Go Daddy was quite vocal about its withdrawal from the .cn Chinese domain name registration market.

Network Solutions, while it was quieter, also stopped selling .cn domains around the same time as the Chinese government started enforcing strict registrant ID rules last December.

Twenty registrars canned in 2009

Kevin Murphy, April 30, 2010, Domain Registrars

ICANN shut down 20 domain name registrars in 2009, and is on course to do the same this year, according to numbers released today.

That’s up from seven de-accreditations in 2008, and twice as many as the previous record year, 2003.

ICANN can withdraw accreditation from a registrar, stopping its ability to register domains, if the registrar fails to escrow Whois information or pay its ICANN dues.

It looks like 2010 could well see a similar level of de-accreditations.

Five registrars were shuttered in the first quarter, and ICANN has sent warnings to five more this month.

Go Daddy plays down “massive” attack claim

Kevin Murphy, April 26, 2010, Domain Registrars

Malicious hackers have compromised a number of WordPress installations running on Go Daddy hosting, but the company claims very few customers were affected.

Slashdot carried a story a few hours ago, linking to a blog claiming a “massive” breach of security at the domain name registrar.

(EDIT: as noted in the comments, this blog may itself have been hacked, so I’ve removed the link. You can find it in the comments if you want to take the risk.)

But Go Daddy says the problem is not as widespread as it sounds.

“We received reports from a handful of Go Daddy customers using WordPress their websites were impacted by the script in question,” Go Daddy security chief Todd Redfoot said in a statement.

“We immediately opened an investigation into what happened, how it was done and how many sites were affected,” he said. “The investigation is currently ongoing.”

The attack is certainly not ubiquitous. I host a number of WordPress sites with Go Daddy, including this one, and they all appear to be working fine today.

And a Twitter search reveals no references to an attack today prior to the Slashdot post, apart from the blog it was based on.

That doesn’t prove anything, but when Network Solutions’ WordPress hosting was breached last week there was a lot more tweet noise. That attack had thousands of victims.

For those interested in the details of the attack, this WordPress security blog appears to be the best place to get the nitty-gritty.

Go Daddy feature tallies Whois queries on your domain

Kevin Murphy, April 22, 2010, Domain Registrars

I may be a bit late off the blocks, but I just learned about a rather nifty little feature buried within Go Daddy that lets you see when somebody has done a Whois lookup on one of your domains.

Log in to your Domain Manager, click Tools, click Exportable Lists, click Add New Export, then check the relevant boxes in the wizard.

The feature exports a .csv file telling you how many Whois searches have been run against each of your domain names in the last day, week, month and year.

I imagine this could provide a few useful data points when deciding how much interest there is in a domain you’re planning to sell.

I also found it quite interesting that more people executed Whois queries on domainincite.com in March than bothered to click the About tab at the top of the page.

Domain people are an odd bunch.

Demand Media gets pre-IPO board boost

Kevin Murphy, April 19, 2010, Domain Registrars

Demand Media has added two big names to its board of directors, a move certain to feed the rumors that the company is preparing for an IPO this year.

Joining the board is Peter Guber, CEO and chairman of Mandalay Entertainment, a TV and movie production company that also has its fingers in the sports and digital media pies.

Josh James also takes a seat. He co-founded web analytics firm Omniture, now part of Adobe, and took it public during the dot-com boom.

“The experience they bring from two different ends of the spectrum – creative arts and web analytics – will be invaluable as Demand Media continues to focus on creating the content that consumers want,” Demand CEO Richard Rosenblatt said.

Demand Media, which owns domain name registrars eNom and BulkRegister, is mainly in the mass-market, search-driven content business.

It was reported last week that the company has hired Goldman Sachs to help it prepare for a public listing later this year.

Bulking up the board is one of the things companies do before they head to the stockmarket.