Latest news of the domain name industry

Recent Posts

.blog tops 100,000 names, 66,500 blogs

The new gTLD .blog has gone through the 100,000 registered domain mark, according to its registry.

Knock Knock Whois There said that the milestone was reached with the registration of kitchenmagic.blog today.

It’s a pretty good start for the gTLD, which went into general availability last November, making for an average of 12,500 names added per month.

While KKWT has offered discounts and volume incentives to registrars, its wholesale prices have not approached levels low enough to start attracting abusive use en masse. We’re talking around the $8 mark at the cheapest, I hear.

In fact, the registry said today that it reckons 66.5% of its domains — 66,500, in other words — “have a unique website associated with them”, compared with an industry average under 40%.

Both of those statistics seem to have been supplied by Pandalytics, the DomainsBot service to which KKWT subscribes, and do not appear to be publicly available.

If accurate, 66.5% usage is a much better statistic to brag about than 100,000 registrations, in my view. Usage, of course, drives the virtuous circle that leads to more sales.

.blog renewal prices will not go up, registry promises

Knock Knock Whois There, the .blog registry, has promised not to raise its wholesale fees on existing registrations.

The company, which is affiliated with WordPress, seems to have made the move in response to ongoing registrar discomfort following Uniregistry’s plan to significant raise the price of several of its new gTLDs (which has since been backpedaled).

The promise has been baked into the Registry-Registrar Agreement under which all of its registrars can sell .blog names.

The new RRA reads (with the new text in italics):

5.1.1. Registrar agrees to pay Registry Operator or its designee in accordance with the fee schedule set forth in Exhibit A for initial and renewal registrations and other services provided by Registry Operator to Registrar (collectively, “Fees”). Registry Operator reserves the right, from time to time, to modify the Fees in a manner consistent with ICANN policies and Registry Policies. However, once a domain is registered, Registry Operator will not modify the Renewal Fee of that domain.

This of course leaves the door open for KKWT to increase the price of a new registration, but it seems renewal prices are frozen.

I believe the current wholesale .blog fee starts at $16 per year.

The new RRA also adds ICANN-mandated language concerning the Uniform Rapid Suspension policy and a clarification about registrar legal indemnifications, KKWT said.

.blog gets 600 applications halfway through sunrise

Kevin Murphy, September 19, 2016, Domain Registries

WordPress developer Automattic has received over 600 applications for .blog sunrise registrations halfway through its sunrise period.

The company’s registry subsidiary, Knock Knock Whois There, said Friday that it has passed the 600 mark with about another 30 days remaining on the clock.

While it’s a poor performance by pre-2012 standards, if all the applications to date convert into registrations it’s still enough to put .blog into the top 10 most-popular sunrises of the current round.

According to DI’s data, the top three sunrise performers from the 2012 application round are .porn (2,091), .sucks (2,079) and .adult (2,049).

The most recent successful sunrise, by these standards, was GMO Registry’s .shop, which finished with 1,182 applications.

.blog’s sunrise ends October 17. It seems to be expecting to benefit from a late flood of applications, as is sometimes the case with sunrise periods.

General availability begins November 21.

Customers revolt as GoDaddy buys WordPress tools outfit

Kevin Murphy, September 7, 2016, Domain Registrars

GoDaddy has acquired ManageWP, a provider of software for managing large numbers of WordPress sites, leading to hundreds of complaints from customers.

The two companies announced yesterday that the deal will see GoDaddy integrate ManageWP into its existing suite of WordPress services.

ManageWP said pricing will be unaffected by the move, and that its service will continue to be available to customers using other hosting providers.

Despite these assurances, a few hundred ManageWP customers have over the last 24 hours expressed their dismay in comments on the company’s site.

“This is like my very best friend announcing they’re marrying the arsehole in the office,” wrote one commenter.

ManageWP customers are generally web developers who manage WordPress sites for multiple clients.

The service gives them the ability, for free, to manage these sites from a single console, rather than having to log in to each one individually.

For an extra couple of bucks per site per month, features such as daily backups and white-label client reports are available.

ManageWP said its product development roadmap will remain unchanged, and that GoDaddy may offer some currently premium features to its hosting customers for free.

About 8% of ManageWP sites run on GoDaddy, the company said in a blog post.

Despite the positive spin, a great many customers appear to be deeply unhappy that the six-year-old company is joining the Arizona behemoth.

At time of writing, there are already over 300 comments on the ManageWP post announcing the deal, almost all negative.

The bulk of the comments center on GoDaddy’s allegedly poor customer support and its reputation for constantly trying to up-sell products and services.

Here’s a small sample of comments:

I cancelled my account immediately upon reading this news.

I have never dealt with a worse company in my professional life than GoDaddy, and will never do so again. One of my requirements for taking on a new client is moving them off GoDaddy completely.

My main concern from a business perspective is that you are giving away premium features free to GoDaddy hosting customers. That is a direct conflict with the people that offer ManageWP as a service to their clients. The services we provide now seem like they are worth less to our clients who host at GoDaddy.

Bummed about this. The minute I see an up-sell notification slammed in my face trying to get me to join the GoDaddy hosting plan, I’m outta here.

Some of the comments appear to be rooted in experiences during the Bob Parsons era at GoDaddy, which came to an end over five years ago.

Commenters cited “sexist” advertising (largely a thing of the past under current CEO Blake Irving), support for the controversial SOPA legislation (spearheaded by a long-gone general counsel) and that time Parsons shot an elephant.

Many commenters said they will stick around post-acquisition, such is the goodwill ManageWP has earned.

Several ManageWP employees engaged directly with their customers comments. In one response, head of growth Nemanja Aleksic wrote:

the feedback here is something that GoDaddy will definitely need to consider. I’ve been asked by several people why I don’t lock the comments or moderate heavily. This is why. Every single bad and good comment is a ManageWP user whose livelihood could be affected by the acquisition. And every single one of the deserves to be heard.

Personally, as somebody who manages multiple WordPress sites on GoDaddy, but has never used ManageWP, I’m rather looking forward to seeing what the company comes up with.

.blog launch date and pricing revealed

The new gTLD .blog will go to general availability in November with a wholesale price tag of $20, it was revealed today.

The registry, Knock Knock Whois There, told registrars that sunrise will kick off August 18 and run for 60 days with a $130 price tag. Disputed sunrise domains will go to auction.

Landrush will follow for a week from November 2 with a $130 application fee and auctions for contested domains a week later.

General availability is then due to begin November 21, with a registry fee of $20.

There will be tiered pricing on reserved “premium” names.

The registry does not seem to have ruled out an Early Access Period either.

This is all fairly consistent with KKWT’s previous statements that its pricing and launch structure will be in line with current industry norms.

The registry is owned by Automattic, the company behind the WordPress blogging software and service.

It emerged as the surprise secret backer of original applicant Primer Nivel earlier this year, following a $19 million auction win.

More WordPress attacks at Go Daddy

The Kneber gang has continued its attacks on Go Daddy this week, again targeting hosting customers running self-managed WordPress installations.

Go Daddy said that several hundred accounts were compromised in order to inject malicious code into the PHP scripts.

“The attack injects websites with a fake-antivirus pop-up ad, claiming the visitor’s computer is infected,” Go Daddy security manager Scott Gerlach blogged.

According to the alarmists-in-chief over at WPSecurityLock, the attacks place a link to a script hosted on cloudisthebestnow.com, a domain registered by “Hilary Kneber”.

The script attempts to install bot software on visitors’ machines.

As I’ve written before, the Kneber botnet has been running since at least December 2009. It generally hosts its malware on domains registered with ICANN-accredited BizCN.com, a Chinese registrar.

Go Daddy said it has contacted the registrar to get the domain yanked. It may have been successfully killed already, but I’m too much of a little girl to check manually.

I must confess, as somebody with a number of WordPress installations on Go Daddy servers, it makes me a little nervous that these attacks are now well into their second month and I still don’t know whether I should be worried or not.

China connection to Go Daddy WordPress attacks

Go Daddy’s hosting customers are under attack again, and this time it looks like it’s more serious.

Reports are surfacing that WordPress sites hosted at Go Daddy, and possibly also Joomla and plain PHP pages there, are being hacked to add drive-by malware downloads to them.

Go Daddy has acknowledged the attacks, blaming outdated WordPress installations and weak FTP passwords, and has put up a page with instructions for cleaning the infection.

Last week, I was told that the first round of attacks was very limited. Today, the attackers seem to have stepped it up a notch.

As a result, Go Daddy could find itself in a similar situation to Network Solutions, which had a couple of thousand customer sites hacked a few weeks back.

The attacks appear to be linked to a well-known crime gang with a Chinese connection.

According to Sucuri, when a Go Daddy-hosted WordPress page is hacked, JavaScript is injected that attempts to redirect surfers to a drive-by attack from the domain kdjkfjskdfjlskdjf.com (don’t go there).

This domain was registered with BizCN.com, an ICANN-accredited Chinese registrar, but its name servers appear to have been created purely for the attack.

The registrant’s email address is hilarykneber@yahoo.com. This connects the attack to the “Kneber” botnet, a successful criminal enterprise that has been operating since at least December 2009.

A Netwitness study revealed the network comprised at least 74,000 hacked computers, and that the bulk of Kneber’s command and control infrastructure is based in China.

Since Kneber is known to be operated by a financially motivated gang, and it’s by no means certain that they’re Chinese, it’s probably inaccurate to suggest there’s something political going on.

However, I will note that Go Daddy was quite vocal about its withdrawal from the .cn Chinese domain name registration market.

Network Solutions, while it was quieter, also stopped selling .cn domains around the same time as the Chinese government started enforcing strict registrant ID rules last December.

Network Solutions under attack again

Kevin Murphy, April 18, 2010, Domain Registrars

Network Solutions’ hosting operation is under attack for the second time in a week, and this time it’s definitely not a WordPress problem.

The company has acknowledged that it has “received reports that Network Solutions customers are seeing malicious code added to their websites”, but has not yet released further details.

Sucuri.net, which was intimately involved in the news of the hack against NSI’s WordPress installations last week, blogged that this time the attacks appear to have compromised not only WordPress, but also Joomla-based and plain HTML sites.

Last week’s attacks were eventually blamed on insecure file permissions, which enabled shared-server hosting customers to look at each other’s WordPress database passwords.

But today NSI, one of the top-five domain name registrars, said: “It may not be accurate to categorize this as a single issue such as ‘file permissions’.”

Sucuri said that malicious JavaScript is being injected into the sites, creating an IFrame that sends visitors to drive-by download sites.

It’s a developing story, and not all the facts are out yet.

But it’s clear that NSI has a public relations problem on its hands. Some customers are already using Twitter to declare that they will switch hosts as a result.

And if it’s true, as Sucuri reports, that Google is already blocking some of the affected sites, who can blame them?

WordPress founder criticizes NSI’s security

Kevin Murphy, April 13, 2010, Domain Registrars

WordPress founder Matt Mullenweg had a few harsh words for top-five domain registrar Network Solutions today, after a whole bunch of NSI-hosted blogs were hacked over the weekend.

It appears that NSI’s web hosting operation, which includes a one-click WordPress installation service, was failing to adequately secure database passwords on shared servers.

Or, as Mullenweg blogged: “A web host had a crappy server configuration that allowed people on the same box to read each others’ configuration files.”

WordPress, by necessity, stores its database passwords as plaintext in a script called wp-config.php, which is supposed to be readable only by the web server.

If the contents of that file are viewable by others, a malicious user could inject whatever content they like into the database – anything from correcting a typo in a blog post to deleting the entire site.

That appears to be what happened here: for some reason, the config files of WordPress blogs hosted at NSI gave read permissions to unauthorized people.

The cracker(s) who noticed this vulnerability chose to inject an HTML IFrame into the URL field of the WordPress database. This meant visitors to affected blogs were bounced to a malware site.

Mullenweg is evidently pissed that some news reports characterized the incident as a WordPress vulnerability, rather than an NSI vulnerability.

NSI appears to have corrected the problem, resetting its users’ database passwords as a precaution. Anybody making database calls in custom PHP, outside of the wp-config.php file, is going to have to go into their code to update their passwords manually.