Recent Posts
- ICANN board seat up for reelection
- Verisign: our DNS was not hacked
- New gTLD applications briefly vanish after glitch
- .sas could be the first contested dot-brand gTLD
- .com passed 100 million mark in October
- Startup America obtains s.co and offers free .co domains to entrepreneurs
- Hackers stole data from Verisign, Blacknight
- .me beating .co in start-ups?
- Moniker and SnapNames join Key-Systems stable
- Exclusive: StarHub confirms dot-brand gTLD bid
- Cybersquatters face jail time in the Philippines
- ICANN advertises new gTLDs on Twitter
- ARI signs up 21 new gTLD clients
- Five amusing Twitter accounts to follow
- Verisign to apply for a dozen new gTLDs
- Manwin files its first cybersquatting complaint
- ICANN tells Congressmen to chillax
- Sedari wins .moscow contract
- Ombudsman dealing with new gTLDs complaint
- One-year .co.uk domains will be more expensive
Go Daddy confirms .xxx pricing, will host porn sites
Go Daddy has revealed its pricing scheme for .xxx domain names and confirmed that it will indeed host the porn sites that use them.
When .xxx goes into general availability in December, Go Daddy will charge $100 per name per year.
That’s surprisingly high – a $40 markup on the $60 ICM Registry fee – for a registrar generally known for its reasonable prices.
I know of at least two registrars planning to sell .xxx more cheaply – the UK’s DomainMonster ($75 if bought in bulk) and Spain’s DinaHosting ($67). There may be others I haven’t come across yet.
Sunrise period pricing at Go Daddy is $210 for applications from the adult entertainment industry and $200 for trademark holders from outside the industry. Landrush prices will be $200 too.
Those fees represent some of the better deals I’ve seen for .xxx’s pre-launch phases.
The prices have not yet been published on the Go Daddy web site, but a company spokesperson confirmed that some of its larger customers have been privately notified.
That apparently includes Mike Berkens, who broke the news last week.
Go Daddy also confirmed that it will host .xxx porn sites, though only on its paid-for hosting accounts.
I’ve always been a little confused by Go Daddy’s hosting terms of service. By my reading, porn was outright banned. Apparently I was dead wrong.
The company’s general counsel, Christine Jones, said in a statement:
Go Daddy’s Web hosting agreement does not currently prohibit pornography, except in the case of ad-supported hosting. Those terms will continue for all TLDs, including .xxx, unless otherwise prohibited by our agreements with the various registry operators.
I know I’m not the only person out there who was confused by the ToS, but I can’t think of a better person to clarify the situation than the company’s top lawyer.
WordPress founder criticizes NSI’s security
WordPress founder Matt Mullenweg had a few harsh words for top-five domain registrar Network Solutions today, after a whole bunch of NSI-hosted blogs were hacked over the weekend.
It appears that NSI’s web hosting operation, which includes a one-click WordPress installation service, was failing to adequately secure database passwords on shared servers.
Or, as Mullenweg blogged: “A web host had a crappy server configuration that allowed people on the same box to read each others’ configuration files.”
WordPress, by necessity, stores its database passwords as plaintext in a script called wp-config.php, which is supposed to be readable only by the web server.
If the contents of that file are viewable by others, a malicious user could inject whatever content they like into the database – anything from correcting a typo in a blog post to deleting the entire site.
That appears to be what happened here: for some reason, the config files of WordPress blogs hosted at NSI gave read permissions to unauthorized people.
The cracker(s) who noticed this vulnerability chose to inject an HTML IFrame into the URL field of the WordPress database. This meant visitors to affected blogs were bounced to a malware site.
Mullenweg is evidently pissed that some news reports characterized the incident as a WordPress vulnerability, rather than an NSI vulnerability.
NSI appears to have corrected the problem, resetting its users’ database passwords as a precaution. Anybody making database calls in custom PHP, outside of the wp-config.php file, is going to have to go into their code to update their passwords manually.
