Latest news of the domain name industry

Recent Posts

Demand Media in rumored IPO

Kevin Murphy, April 16, 2010, Domain Registrars

Demand Media, which owns number-two domain registrar eNom, could file to go public this summer, the Financial Times has reported.

Widely thought of as a “content mill”, Demand is in the business of mining search and domain data and pumping out content which it can sell ads against.

The FT, using anonymous sources, reports that an IPO, which could happen by November, would value the firm at $1.5 billion. Revenue is estimated to be around $250 million a year.

While selling domain names does not appear to be Demand’s core business, other domain name registrars have a rocky record when it comes to public listings.

Register.com, which used its early-mover advantage to IPO at the tail end of the dot-com boom, ended up going private after low-cost registrars like Go Daddy started eating its lunch.

Go Daddy itself gave the world a glimpse at its finances when it filed its S-1 back in 2006, but CEO Bob Parsons yanked the IPO at the eleventh hour, citing poor market conditions and his inability to keep his mouth shut during the traditional pre-offering Quiet Period.

Parsons said at the time that it’s hard to show a profit under GAAP as a growing registrar, due to the way registrations are accounted for.

Tucows, meanwhile, has managed to tick along quietly with a listing on the small-cap markets for years.

WordPress founder criticizes NSI’s security

Kevin Murphy, April 13, 2010, Domain Registrars

WordPress founder Matt Mullenweg had a few harsh words for top-five domain registrar Network Solutions today, after a whole bunch of NSI-hosted blogs were hacked over the weekend.

It appears that NSI’s web hosting operation, which includes a one-click WordPress installation service, was failing to adequately secure database passwords on shared servers.

Or, as Mullenweg blogged: “A web host had a crappy server configuration that allowed people on the same box to read each others’ configuration files.”

WordPress, by necessity, stores its database passwords as plaintext in a script called wp-config.php, which is supposed to be readable only by the web server.

If the contents of that file are viewable by others, a malicious user could inject whatever content they like into the database – anything from correcting a typo in a blog post to deleting the entire site.

That appears to be what happened here: for some reason, the config files of WordPress blogs hosted at NSI gave read permissions to unauthorized people.

The cracker(s) who noticed this vulnerability chose to inject an HTML IFrame into the URL field of the WordPress database. This meant visitors to affected blogs were bounced to a malware site.

Mullenweg is evidently pissed that some news reports characterized the incident as a WordPress vulnerability, rather than an NSI vulnerability.

NSI appears to have corrected the problem, resetting its users’ database passwords as a precaution. Anybody making database calls in custom PHP, outside of the wp-config.php file, is going to have to go into their code to update their passwords manually.

Go Daddy follows Google out of China

Kevin Murphy, March 24, 2010, Domain Registrars

Go Daddy is to stop accepting new .cn registrations, after CNNIC demanded that it start collecting photographs and signed registration documents from Chinese customers.

General counsel Christine Jones told the Congressional Executive Committee on China that Go Daddy has also seen an increase in DDoS attacks, specifically against human rights sites that it hosts.

“Domain name registrars, including Go Daddy, were then instructed to obtain photo identification, business identification, and physical signed registration forms from all existing .CN domain name registrants who are Chinese nationals, and to provide copies of those documents to CNNIC,” she said.

Any domain without such documentation would have been blocked by China, she said.

“For these reasons, we have decided to discontinue offering new .CN domain names at this time. We continue to manage the .CN domain names of our existing customers,” she said.

Go Daddy has about 1,200 Chinese customers and 27,000 .cn domains on its books. The company is not going to block Chinese customers. What China will do about them remains to be seen.

The move comes at a tense time for US-China internet relations, with Google grabbing headlines all week due to its ongoing censorship row with the country.

Jones denied the move has anything to do with Google. “We made the decision that we didn’t want to act as an agent of the Chinese government,” she said.

I’ve uploaded a PDF of her written testimony here.

Verizon seeks another registrar scalp

Kevin Murphy, March 21, 2010, Domain Registrars

After killing off small Indian registrar Lead Networks last week, Verizon wasted no time in gunning for a larger target, DirectNIC.

The carrier sued DirectNIC on Friday, claiming the company has been involved in the systematic typosquatting of hundreds of thousands of domains, including at least 288 belonging to Verizon.

There appears to be at least two things going on here.

First, Verizon is claiming that the common registrar practice of parking expired, pre-delete domains, somehow falls foul of US anti-cybersquatting laws if the parked domains are typosquats.

DomainNameWire addresses the possibly discomforting precedents this could set over here.

Second, the Verizon complaint resurrects the theory that DirectNIC’s owners, including CEO Sigmund Solares, are or were themselves typosquatters, using shell (continue reading)

Dynadot sorry for .tv snafu

Kevin Murphy, March 21, 2010, Domain Registrars

Dynadot has apologised to customers for glitches during last week’s .tv landrush that allowed people to register premium domain names at well below market prices.

On Thursday, VeriSign slashed the first-year prices of “premium” .tv names and set the renewal fees to a standard lower registry rate.

While prices were lower, they were still premium, but some domainers discovered they could register domains previously priced in the tens of thousands of dollars for the standard fee at some registrars, Dynadot included.

Dynadot said this weekend that this was because “we were given an incomplete list of the Premium .TV Domain Names… So, any Premium .TV Domain Names that weren’t on the list were displayed at the normal .TV registration price.”

The company further apologised for giving registrants store credit, rather than a cash refund, after it discovered its mistake and deleted the registrations, which was “probably not the best way to handle the situation”. This policy has been reversed, and registrants can now get a “no questions asked” refund.

Demand during the .tv land-rush was evidently so high that Dynadot’s float at VeriSign was quickly drained.

The company said: “We had a problem with the central registry and ran out of funds. This meant we could not process any COM/NET/TV/CC domain registrations, domain transfers, and domain renewals.”