Latest news of the domain name industry

Recent Posts

AOL loses ICANN accreditation

AOL, one of the first five companies to become an ICANN-accredited registrar, appears to have let its accreditation expire.

The former internet giant is no longer listed on ICANN’s Internic registrar page, and DotAndCo.net’s data shows it lost its .com, .net and .org accreditations on April 27.

It’s hardly surprising. AOL’s profits are falling and it has been reorganizing itself ever since Time Warner returned it to life as an independent company last year.

It’s noteworthy because AOL was one of the first five registrars to challenge Network Solutions’ monopoly, when ICANN introduced competition to the domain name market in 1999.

In April 1999, the company participated in ICANN’s limited registrar “test-bed” experiment, alongside CORE, France Telecom, Melbourne IT and Register.com.

But domain names were never a big deal at the company.

AOL peaked at about 150,000 domains a few years ago and tailed off to a little more than a dozen at the end of 2009. Apparently, the company has decided to let its accreditation simply expire.

China connection to Go Daddy WordPress attacks

Go Daddy’s hosting customers are under attack again, and this time it looks like it’s more serious.

Reports are surfacing that WordPress sites hosted at Go Daddy, and possibly also Joomla and plain PHP pages there, are being hacked to add drive-by malware downloads to them.

Go Daddy has acknowledged the attacks, blaming outdated WordPress installations and weak FTP passwords, and has put up a page with instructions for cleaning the infection.

Last week, I was told that the first round of attacks was very limited. Today, the attackers seem to have stepped it up a notch.

As a result, Go Daddy could find itself in a similar situation to Network Solutions, which had a couple of thousand customer sites hacked a few weeks back.

The attacks appear to be linked to a well-known crime gang with a Chinese connection.

According to Sucuri, when a Go Daddy-hosted WordPress page is hacked, JavaScript is injected that attempts to redirect surfers to a drive-by attack from the domain kdjkfjskdfjlskdjf.com (don’t go there).

This domain was registered with BizCN.com, an ICANN-accredited Chinese registrar, but its name servers appear to have been created purely for the attack.

The registrant’s email address is hilarykneber@yahoo.com. This connects the attack to the “Kneber” botnet, a successful criminal enterprise that has been operating since at least December 2009.

A Netwitness study revealed the network comprised at least 74,000 hacked computers, and that the bulk of Kneber’s command and control infrastructure is based in China.

Since Kneber is known to be operated by a financially motivated gang, and it’s by no means certain that they’re Chinese, it’s probably inaccurate to suggest there’s something political going on.

However, I will note that Go Daddy was quite vocal about its withdrawal from the .cn Chinese domain name registration market.

Network Solutions, while it was quieter, also stopped selling .cn domains around the same time as the Chinese government started enforcing strict registrant ID rules last December.

Twenty registrars canned in 2009

Kevin Murphy, April 30, 2010, Domain Registrars

ICANN shut down 20 domain name registrars in 2009, and is on course to do the same this year, according to numbers released today.

That’s up from seven de-accreditations in 2008, and twice as many as the previous record year, 2003.

ICANN can withdraw accreditation from a registrar, stopping its ability to register domains, if the registrar fails to escrow Whois information or pay its ICANN dues.

It looks like 2010 could well see a similar level of de-accreditations.

Five registrars were shuttered in the first quarter, and ICANN has sent warnings to five more this month.

Go Daddy plays down “massive” attack claim

Kevin Murphy, April 26, 2010, Domain Registrars

Malicious hackers have compromised a number of WordPress installations running on Go Daddy hosting, but the company claims very few customers were affected.

Slashdot carried a story a few hours ago, linking to a blog claiming a “massive” breach of security at the domain name registrar.

(EDIT: as noted in the comments, this blog may itself have been hacked, so I’ve removed the link. You can find it in the comments if you want to take the risk.)

But Go Daddy says the problem is not as widespread as it sounds.

“We received reports from a handful of Go Daddy customers using WordPress their websites were impacted by the script in question,” Go Daddy security chief Todd Redfoot said in a statement.

“We immediately opened an investigation into what happened, how it was done and how many sites were affected,” he said. “The investigation is currently ongoing.”

The attack is certainly not ubiquitous. I host a number of WordPress sites with Go Daddy, including this one, and they all appear to be working fine today.

And a Twitter search reveals no references to an attack today prior to the Slashdot post, apart from the blog it was based on.

That doesn’t prove anything, but when Network Solutions’ WordPress hosting was breached last week there was a lot more tweet noise. That attack had thousands of victims.

For those interested in the details of the attack, this WordPress security blog appears to be the best place to get the nitty-gritty.

Go Daddy feature tallies Whois queries on your domain

Kevin Murphy, April 22, 2010, Domain Registrars

I may be a bit late off the blocks, but I just learned about a rather nifty little feature buried within Go Daddy that lets you see when somebody has done a Whois lookup on one of your domains.

Log in to your Domain Manager, click Tools, click Exportable Lists, click Add New Export, then check the relevant boxes in the wizard.

The feature exports a .csv file telling you how many Whois searches have been run against each of your domain names in the last day, week, month and year.

I imagine this could provide a few useful data points when deciding how much interest there is in a domain you’re planning to sell.

I also found it quite interesting that more people executed Whois queries on domainincite.com in March than bothered to click the About tab at the top of the page.

Domain people are an odd bunch.