Latest news of the domain name industry

Recent Posts

.forum sunrise period will cost less than half the regular reg fee

Kevin Murphy, November 13, 2020, Domain Registries

Trademark owners rejoice! There’s a new gTLD registry seemingly not bent on ripping you off during its sunrise period.

Those defensively registering their marks in .forum, which begins its sunrise period on Monday, in some cases could find themselves paying less than half the regular registration fee.

French registrar Gandi today said that its sunrise retail price is $452.13, versus a genera availability price of $1,042.08, and prices at other participating registrars appear to be roughly in line.

.forum’s is being managed by MMX, though the ICANN gTLD contract appears to still belong to original applicant Fegistry.

The first-come, first-served sunrise period will run until December 16. General availability is due to begin.March 2 next year.

I have to admit to finding the $1,000 base registry fee something of a head-scratcher.

I can just about see why gTLDs such as .cars, representing big-ticket niches, can command four-figure reg fees but, anecdotally, I’ve often heard that web forums can be quite expensive to run and difficult to monetize. Hardly obvious candidates for premium-tier recurring prices.

Over 750 domains hijacked in attack on Gandi

Gandi saw 751 domains belonging to its customers hijacked and redirected to malware delivery sites, the French registrar reported earlier this month.

The attack saw the perpetrators obtain Gandi’s password for a gateway provider, which it did not name, that acts as an intermediary to 34 ccTLD registries including .ch, .se and .es.

The registrar suspects that the password was obtained by the attacker exploiting the fact that the gateway provider does not enforce HTTPS on its login pages.

During the incident, the name servers for up up to 751 domains were altered such that they directed visitors to sites designed to compromise unpatched computers.

The redirects started at 0804 UTC July 7, and while Gandi’s geeks had reversed the changes by 1615 it was several more hours before the changes propagated throughout the DNS for all affected domains.

About the theft of its password, Gandi wrote:

These credentials were likewise not obtained by a breach of our systems and we strongly suspect they were obtained from an insecure connection to our technical partner’s web portal (the web platform in question allows access via http).

It’s not clear why a phishing attack, which would seem the more obvious way to obtain a password, was ruled out.

Gandi posted a detailed timeline here, while Swiss registry Switch also posted an incident report from its perspective here. An effected customer, which just happened to be a security researcher, posted his account here.

Gandi says it manages over 2.1 million domains across 730 TLDs.