Latest news of the domain name industry

Recent Posts

Iron Mountain gets into bed with CRS

Iron Mountain and Central Registry Solutions have made a deal to referrer prospective new gTLD applicants to each other’s services.

The companies said that Iron Mountain will refer wannabe registries to CRS for registry services and CRS will refer them to Iron Mountain for data escrow services.

It strikes me that the deal is probably better news for Iron Mountain, given that CRS is actively engaged in seeking out new TLD applicants to partner with whereas Iron Mountain, presumably, is not.

Iron Mountain already does a lot of work with registries and registrars that have to escrow their Whois information under the terms of their ICANN contracts.

Some of these contracts specify the company as the only escrow agent allowed, whereas the current Draft Applicant Guidebook for new gTLD applicants is less prescriptive.

CRS is a partnership of Network Solutions and CentralNIC, manager of the .la ccTLD and a handful of geographical second-level domains such as uk.com and us.com.

2 Comments Tagged: , , , , ,

China connection to Go Daddy WordPress attacks

Go Daddy’s hosting customers are under attack again, and this time it looks like it’s more serious.

Reports are surfacing that WordPress sites hosted at Go Daddy, and possibly also Joomla and plain PHP pages there, are being hacked to add drive-by malware downloads to them.

Go Daddy has acknowledged the attacks, blaming outdated WordPress installations and weak FTP passwords, and has put up a page with instructions for cleaning the infection.

Last week, I was told that the first round of attacks was very limited. Today, the attackers seem to have stepped it up a notch.

As a result, Go Daddy could find itself in a similar situation to Network Solutions, which had a couple of thousand customer sites hacked a few weeks back.

The attacks appear to be linked to a well-known crime gang with a Chinese connection.

According to Sucuri, when a Go Daddy-hosted WordPress page is hacked, JavaScript is injected that attempts to redirect surfers to a drive-by attack from the domain kdjkfjskdfjlskdjf.com (don’t go there).

This domain was registered with BizCN.com, an ICANN-accredited Chinese registrar, but its name servers appear to have been created purely for the attack.

The registrant’s email address is hilarykneber@yahoo.com. This connects the attack to the “Kneber” botnet, a successful criminal enterprise that has been operating since at least December 2009.

A Netwitness study revealed the network comprised at least 74,000 hacked computers, and that the bulk of Kneber’s command and control infrastructure is based in China.

Since Kneber is known to be operated by a financially motivated gang, and it’s by no means certain that they’re Chinese, it’s probably inaccurate to suggest there’s something political going on.

However, I will note that Go Daddy was quite vocal about its withdrawal from the .cn Chinese domain name registration market.

Network Solutions, while it was quieter, also stopped selling .cn domains around the same time as the Chinese government started enforcing strict registrant ID rules last December.

Comment Tagged: , , , , , , , , ,

Twenty registrars canned in 2009

Kevin Murphy, April 30, 2010, Domain Registrars

ICANN shut down 20 domain name registrars in 2009, and is on course to do the same this year, according to numbers released today.

That’s up from seven de-accreditations in 2008, and twice as many as the previous record year, 2003.

ICANN can withdraw accreditation from a registrar, stopping its ability to register domains, if the registrar fails to escrow Whois information or pay its ICANN dues.

It looks like 2010 could well see a similar level of de-accreditations.

Five registrars were shuttered in the first quarter, and ICANN has sent warnings to five more this month.

2 Comments Tagged: , ,

Remember CFIT? Buy its domain for $250

Kevin Murphy, April 29, 2010, Domain Sales

Remember CFIT? The Coalition For ICANN Transparency is an ironically opaque organization created and backed by Momentous.ca, owner of Pool.com.

It emerged in 2005 to sue ICANN and VeriSign on antitrust grounds, around the same time as they were negotiating .com price increases.

I’d almost forgotten CFIT existed, until CEO Mark McLaughlin mentioned it on VeriSign’s Q1 earnings conference call last night.

The antitrust lawsuit is still pending, after CFIT won an appeal last June. Tenacious organization indeed.

Its domain name did not have the same longevity, however.

CFIT.info now belongs to a domainer, who appears to have picked it up last December. I offered him twenty bucks for it today and he countered with a $250 offer, which is a bit rich for me.

Whatever PageRank it accrued from all its press coverage appears to have dried up, and its parking page is not especially inspiring.

Any takers?

Comment Tagged: , , , ,

Hostway wants non-existent domain patent

Kevin Murphy, April 29, 2010, Domain Tech

Hostway, the large web hosting company, has applied for a US patent on a system of intercepting and redirecting requests for non-existent domains names.

The application describes “A system and method for controlling internet traffic controls internet traffic directed to a non-existing domain in a centralized manner.”

It appears to cover a service that could be offered to local ISPs, enabling them to show their users monetized search pages rather than domain-not-found error messages.

Under the system, ISPs would intercept NXDOMAIN responses to their users’ DNS lookups.

Instead of passing the error on to the browser, the ISP would consult a centralized controller for the IP address of a context-appropriate landing page to redirect the user to.

It’s not at all clear to me whether Hostway is using the technology or has plans to do so. The application was filed in October 2008.

ISPs using NXDOMAIN substitution to monetize error traffic is widespread but controversial.

ICANN president Rod Beckstrom strongly complained about the practice, which also has security implications, during a rant at the Nairobi meeting last month.

VeriSign’s Site Finder, and later Cameroon’s .cm, both controversially did similar things when they “wildcarded” non-existent domains at the TLD registry level.

Other interesting US patent applications published today include:

20100106650 – covering Go Daddy’s auction services.

20100106793 and 20100106794 – covering email forwarding under Go Daddy’s private registration services.

20100106731 – assigned to VeriSign, covering a method of offering alternative domain names for registration when a buyer’s first choice is unavailable.

1 Comment Tagged: , , , , , ,