Latest news of the domain name industry

Recent Posts

Go Daddy plays down “massive” attack claim

Kevin Murphy, April 26, 2010, Domain Registrars

Malicious hackers have compromised a number of WordPress installations running on Go Daddy hosting, but the company claims very few customers were affected.

Slashdot carried a story a few hours ago, linking to a blog claiming a “massive” breach of security at the domain name registrar.

(EDIT: as noted in the comments, this blog may itself have been hacked, so I’ve removed the link. You can find it in the comments if you want to take the risk.)

But Go Daddy says the problem is not as widespread as it sounds.

“We received reports from a handful of Go Daddy customers using WordPress their websites were impacted by the script in question,” Go Daddy security chief Todd Redfoot said in a statement.

“We immediately opened an investigation into what happened, how it was done and how many sites were affected,” he said. “The investigation is currently ongoing.”

The attack is certainly not ubiquitous. I host a number of WordPress sites with Go Daddy, including this one, and they all appear to be working fine today.

And a Twitter search reveals no references to an attack today prior to the Slashdot post, apart from the blog it was based on.

That doesn’t prove anything, but when Network Solutions’ WordPress hosting was breached last week there was a lot more tweet noise. That attack had thousands of victims.

For those interested in the details of the attack, this WordPress security blog appears to be the best place to get the nitty-gritty.

Go Daddy feature tallies Whois queries on your domain

Kevin Murphy, April 22, 2010, Domain Registrars

I may be a bit late off the blocks, but I just learned about a rather nifty little feature buried within Go Daddy that lets you see when somebody has done a Whois lookup on one of your domains.

Log in to your Domain Manager, click Tools, click Exportable Lists, click Add New Export, then check the relevant boxes in the wizard.

The feature exports a .csv file telling you how many Whois searches have been run against each of your domain names in the last day, week, month and year.

I imagine this could provide a few useful data points when deciding how much interest there is in a domain you’re planning to sell.

I also found it quite interesting that more people executed Whois queries on domainincite.com in March than bothered to click the About tab at the top of the page.

Domain people are an odd bunch.

Demand Media gets pre-IPO board boost

Kevin Murphy, April 19, 2010, Domain Registrars

Demand Media has added two big names to its board of directors, a move certain to feed the rumors that the company is preparing for an IPO this year.

Joining the board is Peter Guber, CEO and chairman of Mandalay Entertainment, a TV and movie production company that also has its fingers in the sports and digital media pies.

Josh James also takes a seat. He co-founded web analytics firm Omniture, now part of Adobe, and took it public during the dot-com boom.

“The experience they bring from two different ends of the spectrum – creative arts and web analytics – will be invaluable as Demand Media continues to focus on creating the content that consumers want,” Demand CEO Richard Rosenblatt said.

Demand Media, which owns domain name registrars eNom and BulkRegister, is mainly in the mass-market, search-driven content business.

It was reported last week that the company has hired Goldman Sachs to help it prepare for a public listing later this year.

Bulking up the board is one of the things companies do before they head to the stockmarket.

Network Solutions under attack again

Kevin Murphy, April 18, 2010, Domain Registrars

Network Solutions’ hosting operation is under attack for the second time in a week, and this time it’s definitely not a WordPress problem.

The company has acknowledged that it has “received reports that Network Solutions customers are seeing malicious code added to their websites”, but has not yet released further details.

Sucuri.net, which was intimately involved in the news of the hack against NSI’s WordPress installations last week, blogged that this time the attacks appear to have compromised not only WordPress, but also Joomla-based and plain HTML sites.

Last week’s attacks were eventually blamed on insecure file permissions, which enabled shared-server hosting customers to look at each other’s WordPress database passwords.

But today NSI, one of the top-five domain name registrars, said: “It may not be accurate to categorize this as a single issue such as ‘file permissions’.”

Sucuri said that malicious JavaScript is being injected into the sites, creating an IFrame that sends visitors to drive-by download sites.

It’s a developing story, and not all the facts are out yet.

But it’s clear that NSI has a public relations problem on its hands. Some customers are already using Twitter to declare that they will switch hosts as a result.

And if it’s true, as Sucuri reports, that Google is already blocking some of the affected sites, who can blame them?

Demand Media in rumored IPO

Kevin Murphy, April 16, 2010, Domain Registrars

Demand Media, which owns number-two domain registrar eNom, could file to go public this summer, the Financial Times has reported.

Widely thought of as a “content mill”, Demand is in the business of mining search and domain data and pumping out content which it can sell ads against.

The FT, using anonymous sources, reports that an IPO, which could happen by November, would value the firm at $1.5 billion. Revenue is estimated to be around $250 million a year.

While selling domain names does not appear to be Demand’s core business, other domain name registrars have a rocky record when it comes to public listings.

Register.com, which used its early-mover advantage to IPO at the tail end of the dot-com boom, ended up going private after low-cost registrars like Go Daddy started eating its lunch.

Go Daddy itself gave the world a glimpse at its finances when it filed its S-1 back in 2006, but CEO Bob Parsons yanked the IPO at the eleventh hour, citing poor market conditions and his inability to keep his mouth shut during the traditional pre-offering Quiet Period.

Parsons said at the time that it’s hard to show a profit under GAAP as a growing registrar, due to the way registrations are accounted for.

Tucows, meanwhile, has managed to tick along quietly with a listing on the small-cap markets for years.