Recent Posts
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
- Domain universe grows despite .com drag
GoDaddy hack exposed a million customer passwords
GoDaddy’s systems got hacked recently, exposing up to 1.2 million customer emails and passwords.
The attack started on September 6 and targeted Managed WordPress users, the company’s chief information security officer Demetrius Comes disclosed in a blog post and regulatory filing this week.
The compromised data included email addresses and customer numbers, the original WordPress admin password, the FTP and database user names and passwords, and some SSL private keys.
In cases where the compromised passwords were still in use, the company said it has reset those passwords and informed its customers. The breached SSL certs are being replaced.
GoDaddy discovered the hack November 17 and disclosed it November 22.
It sounds rather like the attack may have been a result of a phishing attack against a GoDaddy employee. The company said the attacker used a “compromised password” to infiltrate its WordPress provisioning system.
Comes wrote in his blog post:
We are sincerely sorry for this incident and the concern it causes for our customers. We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection
You may recall that GoDaddy came under fire last December for punking its employees with a fake email promising an end-of-year bonus, which turned out to be an “insensitive” component of an anti-phishing training program.
About 500 staff reportedly failed the test.
.blog tops 100,000 names, 66,500 blogs
The new gTLD .blog has gone through the 100,000 registered domain mark, according to its registry.
Knock Knock Whois There said that the milestone was reached with the registration of kitchenmagic.blog today.
It’s a pretty good start for the gTLD, which went into general availability last November, making for an average of 12,500 names added per month.
While KKWT has offered discounts and volume incentives to registrars, its wholesale prices have not approached levels low enough to start attracting abusive use en masse. We’re talking around the $8 mark at the cheapest, I hear.
In fact, the registry said today that it reckons 66.5% of its domains — 66,500, in other words — “have a unique website associated with them”, compared with an industry average under 40%.
Both of those statistics seem to have been supplied by Pandalytics, the DomainsBot service to which KKWT subscribes, and do not appear to be publicly available.
If accurate, 66.5% usage is a much better statistic to brag about than 100,000 registrations, in my view. Usage, of course, drives the virtuous circle that leads to more sales.
.blog renewal prices will not go up, registry promises
Knock Knock Whois There, the .blog registry, has promised not to raise its wholesale fees on existing registrations.
The company, which is affiliated with WordPress, seems to have made the move in response to ongoing registrar discomfort following Uniregistry’s plan to significant raise the price of several of its new gTLDs (which has since been backpedaled).
The promise has been baked into the Registry-Registrar Agreement under which all of its registrars can sell .blog names.
The new RRA reads (with the new text in italics):
5.1.1. Registrar agrees to pay Registry Operator or its designee in accordance with the fee schedule set forth in Exhibit A for initial and renewal registrations and other services provided by Registry Operator to Registrar (collectively, “Fees”). Registry Operator reserves the right, from time to time, to modify the Fees in a manner consistent with ICANN policies and Registry Policies. However, once a domain is registered, Registry Operator will not modify the Renewal Fee of that domain.
This of course leaves the door open for KKWT to increase the price of a new registration, but it seems renewal prices are frozen.
I believe the current wholesale .blog fee starts at $16 per year.
The new RRA also adds ICANN-mandated language concerning the Uniform Rapid Suspension policy and a clarification about registrar legal indemnifications, KKWT said.
.blog gets 600 applications halfway through sunrise
WordPress developer Automattic has received over 600 applications for .blog sunrise registrations halfway through its sunrise period.
The company’s registry subsidiary, Knock Knock Whois There, said Friday that it has passed the 600 mark with about another 30 days remaining on the clock.
While it’s a poor performance by pre-2012 standards, if all the applications to date convert into registrations it’s still enough to put .blog into the top 10 most-popular sunrises of the current round.
According to DI’s data, the top three sunrise performers from the 2012 application round are .porn (2,091), .sucks (2,079) and .adult (2,049).
The most recent successful sunrise, by these standards, was GMO Registry’s .shop, which finished with 1,182 applications.
.blog’s sunrise ends October 17. It seems to be expecting to benefit from a late flood of applications, as is sometimes the case with sunrise periods.
General availability begins November 21.
Customers revolt as GoDaddy buys WordPress tools outfit
GoDaddy has acquired ManageWP, a provider of software for managing large numbers of WordPress sites, leading to hundreds of complaints from customers.
The two companies announced yesterday that the deal will see GoDaddy integrate ManageWP into its existing suite of WordPress services.
ManageWP said pricing will be unaffected by the move, and that its service will continue to be available to customers using other hosting providers.
Despite these assurances, a few hundred ManageWP customers have over the last 24 hours expressed their dismay in comments on the company’s site.
“This is like my very best friend announcing they’re marrying the arsehole in the office,” wrote one commenter.
ManageWP customers are generally web developers who manage WordPress sites for multiple clients.
The service gives them the ability, for free, to manage these sites from a single console, rather than having to log in to each one individually.
For an extra couple of bucks per site per month, features such as daily backups and white-label client reports are available.
ManageWP said its product development roadmap will remain unchanged, and that GoDaddy may offer some currently premium features to its hosting customers for free.
About 8% of ManageWP sites run on GoDaddy, the company said in a blog post.
Despite the positive spin, a great many customers appear to be deeply unhappy that the six-year-old company is joining the Arizona behemoth.
At time of writing, there are already over 300 comments on the ManageWP post announcing the deal, almost all negative.
The bulk of the comments center on GoDaddy’s allegedly poor customer support and its reputation for constantly trying to up-sell products and services.
Here’s a small sample of comments:
I cancelled my account immediately upon reading this news.
I have never dealt with a worse company in my professional life than GoDaddy, and will never do so again. One of my requirements for taking on a new client is moving them off GoDaddy completely.
…
My main concern from a business perspective is that you are giving away premium features free to GoDaddy hosting customers. That is a direct conflict with the people that offer ManageWP as a service to their clients. The services we provide now seem like they are worth less to our clients who host at GoDaddy.
…
Bummed about this. The minute I see an up-sell notification slammed in my face trying to get me to join the GoDaddy hosting plan, I’m outta here.
Some of the comments appear to be rooted in experiences during the Bob Parsons era at GoDaddy, which came to an end over five years ago.
Commenters cited “sexist” advertising (largely a thing of the past under current CEO Blake Irving), support for the controversial SOPA legislation (spearheaded by a long-gone general counsel) and that time Parsons shot an elephant.
Many commenters said they will stick around post-acquisition, such is the goodwill ManageWP has earned.
Several ManageWP employees engaged directly with their customers comments. In one response, head of growth Nemanja Aleksic wrote:
the feedback here is something that GoDaddy will definitely need to consider. I’ve been asked by several people why I don’t lock the comments or moderate heavily. This is why. Every single bad and good comment is a ManageWP user whose livelihood could be affected by the acquisition. And every single one of the deserves to be heard.
Personally, as somebody who manages multiple WordPress sites on GoDaddy, but has never used ManageWP, I’m rather looking forward to seeing what the company comes up with.
.blog launch date and pricing revealed
The new gTLD .blog will go to general availability in November with a wholesale price tag of $20, it was revealed today.
The registry, Knock Knock Whois There, told registrars that sunrise will kick off August 18 and run for 60 days with a $130 price tag. Disputed sunrise domains will go to auction.
Landrush will follow for a week from November 2 with a $130 application fee and auctions for contested domains a week later.
General availability is then due to begin November 21, with a registry fee of $20.
There will be tiered pricing on reserved “premium” names.
The registry does not seem to have ruled out an Early Access Period either.
This is all fairly consistent with KKWT’s previous statements that its pricing and launch structure will be in line with current industry norms.
The registry is owned by Automattic, the company behind the WordPress blogging software and service.
It emerged as the surprise secret backer of original applicant Primer Nivel earlier this year, following a $19 million auction win.
More WordPress attacks at Go Daddy
The Kneber gang has continued its attacks on Go Daddy this week, again targeting hosting customers running self-managed WordPress installations.
Go Daddy said that several hundred accounts were compromised in order to inject malicious code into the PHP scripts.
“The attack injects websites with a fake-antivirus pop-up ad, claiming the visitor’s computer is infected,” Go Daddy security manager Scott Gerlach blogged.
According to the alarmists-in-chief over at WPSecurityLock, the attacks place a link to a script hosted on cloudisthebestnow.com, a domain registered by “Hilary Kneber”.
The script attempts to install bot software on visitors’ machines.
As I’ve written before, the Kneber botnet has been running since at least December 2009. It generally hosts its malware on domains registered with ICANN-accredited BizCN.com, a Chinese registrar.
Go Daddy said it has contacted the registrar to get the domain yanked. It may have been successfully killed already, but I’m too much of a little girl to check manually.
I must confess, as somebody with a number of WordPress installations on Go Daddy servers, it makes me a little nervous that these attacks are now well into their second month and I still don’t know whether I should be worried or not.
China connection to Go Daddy WordPress attacks
Go Daddy’s hosting customers are under attack again, and this time it looks like it’s more serious.
Reports are surfacing that WordPress sites hosted at Go Daddy, and possibly also Joomla and plain PHP pages there, are being hacked to add drive-by malware downloads to them.
Go Daddy has acknowledged the attacks, blaming outdated WordPress installations and weak FTP passwords, and has put up a page with instructions for cleaning the infection.
Last week, I was told that the first round of attacks was very limited. Today, the attackers seem to have stepped it up a notch.
As a result, Go Daddy could find itself in a similar situation to Network Solutions, which had a couple of thousand customer sites hacked a few weeks back.
The attacks appear to be linked to a well-known crime gang with a Chinese connection.
According to Sucuri, when a Go Daddy-hosted WordPress page is hacked, JavaScript is injected that attempts to redirect surfers to a drive-by attack from the domain kdjkfjskdfjlskdjf.com (don’t go there).
This domain was registered with BizCN.com, an ICANN-accredited Chinese registrar, but its name servers appear to have been created purely for the attack.
The registrant’s email address is hilarykneber@yahoo.com. This connects the attack to the “Kneber” botnet, a successful criminal enterprise that has been operating since at least December 2009.
A Netwitness study revealed the network comprised at least 74,000 hacked computers, and that the bulk of Kneber’s command and control infrastructure is based in China.
Since Kneber is known to be operated by a financially motivated gang, and it’s by no means certain that they’re Chinese, it’s probably inaccurate to suggest there’s something political going on.
However, I will note that Go Daddy was quite vocal about its withdrawal from the .cn Chinese domain name registration market.
Network Solutions, while it was quieter, also stopped selling .cn domains around the same time as the Chinese government started enforcing strict registrant ID rules last December.
Network Solutions under attack again
Network Solutions’ hosting operation is under attack for the second time in a week, and this time it’s definitely not a WordPress problem.
The company has acknowledged that it has “received reports that Network Solutions customers are seeing malicious code added to their websites”, but has not yet released further details.
Sucuri.net, which was intimately involved in the news of the hack against NSI’s WordPress installations last week, blogged that this time the attacks appear to have compromised not only WordPress, but also Joomla-based and plain HTML sites.
Last week’s attacks were eventually blamed on insecure file permissions, which enabled shared-server hosting customers to look at each other’s WordPress database passwords.
But today NSI, one of the top-five domain name registrars, said: “It may not be accurate to categorize this as a single issue such as ‘file permissions’.”
Sucuri said that malicious JavaScript is being injected into the sites, creating an IFrame that sends visitors to drive-by download sites.
It’s a developing story, and not all the facts are out yet.
But it’s clear that NSI has a public relations problem on its hands. Some customers are already using Twitter to declare that they will switch hosts as a result.
And if it’s true, as Sucuri reports, that Google is already blocking some of the affected sites, who can blame them?
WordPress founder criticizes NSI’s security
WordPress founder Matt Mullenweg had a few harsh words for top-five domain registrar Network Solutions today, after a whole bunch of NSI-hosted blogs were hacked over the weekend.
It appears that NSI’s web hosting operation, which includes a one-click WordPress installation service, was failing to adequately secure database passwords on shared servers.
Or, as Mullenweg blogged: “A web host had a crappy server configuration that allowed people on the same box to read each others’ configuration files.”
WordPress, by necessity, stores its database passwords as plaintext in a script called wp-config.php, which is supposed to be readable only by the web server.
If the contents of that file are viewable by others, a malicious user could inject whatever content they like into the database – anything from correcting a typo in a blog post to deleting the entire site.
That appears to be what happened here: for some reason, the config files of WordPress blogs hosted at NSI gave read permissions to unauthorized people.
The cracker(s) who noticed this vulnerability chose to inject an HTML IFrame into the URL field of the WordPress database. This meant visitors to affected blogs were bounced to a malware site.
Mullenweg is evidently pissed that some news reports characterized the incident as a WordPress vulnerability, rather than an NSI vulnerability.
NSI appears to have corrected the problem, resetting its users’ database passwords as a precaution. Anybody making database calls in custom PHP, outside of the wp-config.php file, is going to have to go into their code to update their passwords manually.
Recent Comments