Latest news of the domain name industry

Recent Posts

ICANN threatens to shut down registrar flipper

ICANN has said it will terminate one of its registrars for non-payment of fees, the thirteenth such threatening letter the organization has sent out this year.

The unfortunate recipient is #1 Host Brazil, which has just a couple hundred domains under its belt in the generic top-level domains.

I may be wrong, but based on some cursory research I’m inferring that the registrar is basically a shell accreditation, acquired in order to flip to a larger registrar.

There are 10 other “‘#1 Host” registrars, such as #1 Host Australia and #1 Host Canada, listed on ICANN’s list of accredited registrars, almost all of which were awarded in late 2005 to the same Texan.

They all use the same logos and, due to the hash sign, all appear at the top of alphabetical lists of ICANN-accredited registrars.

Apart from the Brazil and Israel variants, most of the other “#1” accreditations have been acquired by Moniker at various times over the last few years, according to Internic and Whois records.

#1 Host Brazil faces de-accreditation (pdf) on August 24 unless it pays almost $9,000 in ICANN fees and provides evidence of $500,000 in commercial liability insurance.

Chinese TLDs now live, broad adoption achieved in just seven days

Check it out: 教育部。中国.

That’s one, but by no means the only, of the first live, fully Chinese-script domain names. It’s China’s Ministry of Education.

Previously, it had been announced that the .中国 internationalized country-code TLD would not go live until August.

But on Friday CNNIC said that 90% of China’s ministries have got their .中國 domains already, along with 95% of news websites, 90% of universities and 40% of China’s Top 500 enterprises.

Not only was that level of adoption achieved very quietly, it was also achieved very quickly. According to IANA, .中國 was delegated just seven days earlier, on July 9.

IANA also reports that .中國, the IDN for Hong Kong went live on July 12. Taiwan’s .中國 was delegated on July 14.

All of these Chinese-script TLDs were approved by ICANN’s board at the conclusion of the Brussels meeting last month.

It’s perhaps not surprising that ICANN did not broadly announce the latest delegations. It got burnt for pre-empting Arab nations’ publicity when the first IDN TLDs went live in May.

I wonder whether this will help CNNIC reverse the trend of declining registrations in its namespace. According to the latest statistics, the .cn has halved in size over the last year.

More WordPress attacks at Go Daddy

The Kneber gang has continued its attacks on Go Daddy this week, again targeting hosting customers running self-managed WordPress installations.

Go Daddy said that several hundred accounts were compromised in order to inject malicious code into the PHP scripts.

“The attack injects websites with a fake-antivirus pop-up ad, claiming the visitor’s computer is infected,” Go Daddy security manager Scott Gerlach blogged.

According to the alarmists-in-chief over at WPSecurityLock, the attacks place a link to a script hosted on cloudisthebestnow.com, a domain registered by “Hilary Kneber”.

The script attempts to install bot software on visitors’ machines.

As I’ve written before, the Kneber botnet has been running since at least December 2009. It generally hosts its malware on domains registered with ICANN-accredited BizCN.com, a Chinese registrar.

Go Daddy said it has contacted the registrar to get the domain yanked. It may have been successfully killed already, but I’m too much of a little girl to check manually.

I must confess, as somebody with a number of WordPress installations on Go Daddy servers, it makes me a little nervous that these attacks are now well into their second month and I still don’t know whether I should be worried or not.

Domain name industry growth slowed by China crackdown

The massive slump in Chinese domain name registrations appears to have hit the overall domain name market significantly in the first quarter 2010, slowing its growth.

According to the latest VeriSign Domain Name Industry Brief, only one million net new domains were registered across all TLDs in the period, a paltry 0.6% increase.

There were about 193 million domains active at the end of March, up from 192 million at the start of the year.

A million might seem like a lot, until you consider that the market grew by 11 million domains in the fourth quarter and by three million in the first quarter of 2009.

The slump is certainly due to the rapid decline in .cn domains.

China’s ccTLD had about 13.4 million names at the end of last year, and only 8.8 million at the end of March. April’s numbers show the decline continued, with 8.5 million names registered.

The China drag has been caused by a combination of pricing and the Draconian new identification requirements the communist government placed on the registry, CNNIC.

Chinese registrants now have to present photo ID before they can register a domain.

VeriSign’s own .com/.net business did a decent trade in the quarter, up 7% compared to the same quarter last and 2.7% on December to 99.3 million names in total.

With registrations growing by 2.7 million per month, this means VeriSign already has more than 100 million names in its com/net database.

Google blocks Go Daddy for ‘hosting malware’

(UPDATED) Google is currently blocking Go Daddy’s web site, calling it dangerous, because one of its image-hosting domains has been flagged for hosting malware.

Chrome users visiting pages on godaddy.com, including its storefront, currently see the standard Google alert page: “Warning: Visiting this site may harm your computer!”

Go Daddy’s main page seems to be affected because it uses images hosted at img5.wsimg.com, a Go Daddy domain.

A bit of a poke around reveals that the whole of wsimg.com is currently considered a malware site by Google’s toolbar on non-Chrome browsers, and also by the Google search engine.

The question is, of course, whether this is a simple false positive or whether bad guys have somehow managed to inject malware onto Go Daddy’s servers.

Go Daddy’s web site takes revenue in the six figures every hour, so if this is a false positive I can only imagine the content of the phone calls between Scottsdale and Mountain View right now.

But Go Daddy has been a target for the bad guys in recent weeks, with attacks against its hosting customers proving an irritant that the company can’t seem to shake off.

The company was also the victim of a phishing attack yesterday. I’d be surprised if the two incidents are connected.

UPDATE: Warren Adelman, Go Daddy’s chief operating officer, just called to say that this was indeed a false positive.

“Google erroneously flagged some of our image servers,” he said. “We need to go into this with Google, but there wasn’t any malware on our end.”

Adelman said Go Daddy has a pretty good idea what happened, but that it proved hard to get hold of the relevant people at Google on a Sunday morning during Memorial Day weekend.

Further details may be forthcoming later this week. For now, Google has apparently unflagged the servers in question, and Adelman expects the situation to be resolved within the hour.