Recent Posts
- Amazon delays book and fashion gTLDs
- Lindqvist shuffles the exec deck
- GoDaddy launches “ultra-premium” domain marketplace
- .mobi to get a new rival in .mobile
- Bye-bye .boomer! Blockchain players abandon new gTLD plans
- Decades-old US registrar gets a spanking
- love.you sold in apparent five-figure deal
- Bogus harassment complaints could get you an ICANN ban
- ICANN slaps open-mic ban on conflicted lawyers
- Final GTFO warning for 19 failed new gTLD bids
- Nominet opens $500,000 fund for open source projects
- Com Laude buys larger rival Markmonitor
- Epik took down Charlie Kirk doxing site
- Number of subsidized gTLD bidders far lower than thought
- Another registrar goes AWOL
- gTLD loses its second-largest registrar after breach
- Com Laude buys Fairwinds
- Unstoppable wants to be a registry back-end
- Sixteen new gTLD bids could face the firing squad
- Registry to release one-letter domains tomorrow
- New ICANN funding rules will cost smaller ccTLDs more
- .ai rival lines up gTLD bid
- Team Internet lays off 200
- Sixteen more orgs vie for cheap gTLDs, but…
- So who’s registering sunrise domains these days?
- Cloud gTLD gets launch dates
- Governments say new gTLD program “credibility” at stake
- NIXI planning doomed new gTLD bids
- AI experts replace Chapman on ICANN board
- RDRS may not be dead
- Single-letter .com lawsuit thrown out of court
- Golding challenges McCarthy for Nominet board seat
- Three applicants qualify for cheapo gTLDs
- Blockchain crisis looming for new gTLD next round
- Two more dot-brands leave Verisign for GoDaddy
- ICANN looking at new bulk reg rules
- Reseller loss hits Tucows’ DUM but not revenue
- GoDaddy counts cost of losing .co deal
- Wine producers worried about new gTLDs
- Goodyear tires of its dot-brand
- Team Internet loses Radix to Tucows
- ICANN’s “review of reviews” kicks off
- Huge registrars flee from RDRS
- Namecheap loses attempt to bring back .org price caps
- Registrar shamed for alleged crypto abuse neglect
- Poblete’s ICANN board seat safe
- .com off to strong start in Q3
- .my is growing like crazy
- ICANN settles $77 million sexual harassment suit
- Chinese domain spikiness ends in first half
- Registrars agree to higher ICANN fees
- ICANN to review reviews after review review request fails
- Got junk? June’s biggest gTLD growers do
- ICANN ditches Oman due to Middle-East conflicts
- ICANN’s mighty overlord flexes on transparency
- ICANN faces first pushback over DEI U-turn
- Loads of firms flunk out of next-round gTLD back-end program
- presidenttrump.xxx among thousands of dead .xxx domains suddenly springing to life
- One of the dumbest gTLDs just switched back-ends
- GoDaddy loses .co to Team Internet
- Governments erect bulk-reg barrier to new gTLD next round
- Little interest in cheapo gTLD program
- US government opposes most new gTLDs
- GoDaddy loses last Amazon business to Identity Digital
- Third Amazon gTLD launch dates revealed
- .TOP promises to play nice on DNS abuse
- Court denies ICANN’s #MeToo “cover up” attempt
- Launch dates for two more Amazon gTLDs revealed
- An end to “Club Med for geeks” ICANN?
- Some people paid premiums for .hot domain hacks
- .io questions in sharp focus as UK signs Chagos treaty
- Big .gdn registrar at risk
- ICANN “reaffirms its commitment to diversity and inclusion”
- ICANN kills off diversity and inclusion
- Kaufmann picked for ICANN board
- Conflicted? STFU under new ICANN rules
- .hot is for hookers? Amazon’s first premium regs revealed
- Gname adds another 200 registrars
- New Pope’s .com domain was registered the day Francis died
- Two deadbeat registrars get their ICANN marching orders
- DotMusic has sold a lot of names, but not many are turned on
- .med is a deeply weird gTLD, but it wants to be more normal
- ICANN cuts off money to UASG
- Web.com getting dumped
- .es and .pt riding out massive power outage
- .com is back as Verisign discounts bear fruit
- Dot-brand actually being used to get deleted
- Verisign gave Trump $100,000
- Private Whois requests hit new low after Tucows quits RDRS
- Zoom says GoDaddy took it down for hours
- The Soviet Union might be safe after all
- Google says its ccTLDs “are no longer necessary”
- Facebook thinks ICANN is a bit rubbish
- ICANN spending $365,000 a year on coffee and booze
- Regulator going after suicide site that even Epik banned
- .ai sees $600,000 auction sales in a month
- Pru trims its dot-brand portfolio
- UK’s Nigel Hickson has died
- .blog registry ordered to change name to Knock Knock RDAP There
- WordPress buys Canadian, swaps CentralNic for CIRA
- Latest ICANN salary porn ruins my terrible pun
- .co deal worth $77 million up for grabs
- I get a wrongful kicking as .su registry denies turn-off plan
- Sales and profits dip at Team Internet
- Four deadbeat registrars get terminated
- “No timeline” to retire Soviet Union from the DNS
- ICANN to kill off 60-day domain transfer lock
- Lancaster bags up its dot-brand
- Google readying its next batch of gTLD launches?
- NomCom confirms Americans rejected from ICANN board
- Nova announces $45 million of new gTLD applications
- Registry makes .ai an option for Koreans
- it.com now bigger than Guatemala
- ICANN turns to AI and crowdsourcing for new gTLD program
- Amazon lawyer DiBiase elected to ICANN board
- Is .io safe now? Identity Digital now running Mauritian ccTLD
- Tucows quits ICANN’s Whois disclosure pilot
- Toshiba goes all-in on its dot-brand
- Google scuppers Team Internet acquisition after profit warning
- .ai channel doubles under new management
- Trump inclined to back deal that threatens .io
- As .com shrinks, China adds another 1.2 million domains
- Second new gTLD contention set revealed
- UK intros global domain takedown law
- No more Americans as Holland wins ICANN board seat
WordPress founder criticizes NSI’s security
WordPress founder Matt Mullenweg had a few harsh words for top-five domain registrar Network Solutions today, after a whole bunch of NSI-hosted blogs were hacked over the weekend.
It appears that NSI’s web hosting operation, which includes a one-click WordPress installation service, was failing to adequately secure database passwords on shared servers.
Or, as Mullenweg blogged: “A web host had a crappy server configuration that allowed people on the same box to read each others’ configuration files.”
WordPress, by necessity, stores its database passwords as plaintext in a script called wp-config.php, which is supposed to be readable only by the web server.
If the contents of that file are viewable by others, a malicious user could inject whatever content they like into the database – anything from correcting a typo in a blog post to deleting the entire site.
That appears to be what happened here: for some reason, the config files of WordPress blogs hosted at NSI gave read permissions to unauthorized people.
The cracker(s) who noticed this vulnerability chose to inject an HTML IFrame into the URL field of the WordPress database. This meant visitors to affected blogs were bounced to a malware site.
Mullenweg is evidently pissed that some news reports characterized the incident as a WordPress vulnerability, rather than an NSI vulnerability.
NSI appears to have corrected the problem, resetting its users’ database passwords as a precaution. Anybody making database calls in custom PHP, outside of the wp-config.php file, is going to have to go into their code to update their passwords manually.
Go Daddy follows Google out of China
Go Daddy is to stop accepting new .cn registrations, after CNNIC demanded that it start collecting photographs and signed registration documents from Chinese customers.
General counsel Christine Jones told the Congressional Executive Committee on China that Go Daddy has also seen an increase in DDoS attacks, specifically against human rights sites that it hosts.
“Domain name registrars, including Go Daddy, were then instructed to obtain photo identification, business identification, and physical signed registration forms from all existing .CN domain name registrants who are Chinese nationals, and to provide copies of those documents to CNNIC,” she said.
Any domain without such documentation would have been blocked by China, she said.
“For these reasons, we have decided to discontinue offering new .CN domain names at this time. We continue to manage the .CN domain names of our existing customers,” she said.
Go Daddy has about 1,200 Chinese customers and 27,000 .cn domains on its books. The company is not going to block Chinese customers. What China will do about them remains to be seen.
The move comes at a tense time for US-China internet relations, with Google grabbing headlines all week due to its ongoing censorship row with the country.
Jones denied the move has anything to do with Google. “We made the decision that we didn’t want to act as an agent of the Chinese government,” she said.
I’ve uploaded a PDF of her written testimony here.
Verizon seeks another registrar scalp
After killing off small Indian registrar Lead Networks last week, Verizon wasted no time in gunning for a larger target, DirectNIC.
The carrier sued DirectNIC on Friday, claiming the company has been involved in the systematic typosquatting of hundreds of thousands of domains, including at least 288 belonging to Verizon.
There appears to be at least two things going on here.
First, Verizon is claiming that the common registrar practice of parking expired, pre-delete domains, somehow falls foul of US anti-cybersquatting laws if the parked domains are typosquats.
DomainNameWire addresses the possibly discomforting precedents this could set over here.
Second, the Verizon complaint resurrects the theory that DirectNIC’s owners, including CEO Sigmund Solares, are or were themselves typosquatters, using shell (continue reading)
Dynadot sorry for .tv snafu
Dynadot has apologised to customers for glitches during last week’s .tv landrush that allowed people to register premium domain names at well below market prices.
On Thursday, VeriSign slashed the first-year prices of “premium” .tv names and set the renewal fees to a standard lower registry rate.
While prices were lower, they were still premium, but some domainers discovered they could register domains previously priced in the tens of thousands of dollars for the standard fee at some registrars, Dynadot included.
Dynadot said this weekend that this was because “we were given an incomplete list of the Premium .TV Domain Names… So, any Premium .TV Domain Names that weren’t on the list were displayed at the normal .TV registration price.”
The company further apologised for giving registrants store credit, rather than a cash refund, after it discovered its mistake and deleted the registrations, which was “probably not the best way to handle the situation”. This policy has been reversed, and registrants can now get a “no questions asked” refund.
Demand during the .tv land-rush was evidently so high that Dynadot’s float at VeriSign was quickly drained.
The company said: “We had a problem with the central registry and ran out of funds. This meant we could not process any COM/NET/TV/CC domain registrations, domain transfers, and domain renewals.”
Cybersquatting registrar goes into receivership
Lead Networks Domains, an Indian domain name registrar, has been handed to a California receiver after a cybersquatting lawsuit filed by Verizon.
ICANN said today that Bret Fausset has been appointed receiver for the Mumbai-based company, which had about 130,000 domains under management when Verizon sued it.
Verizon sued Lead in January 2008, claiming the registrar’s customers had registered 238 misspellings of Verizon trademarks.
The company further claimed that Lead ignored UDRP rulings that went against it and supplied UDRP avoidance services to its users.
ICANN yanked Lead’s accreditation last July. Fausett said he will now transition any of its remaining domain names to a new registrar.
Is Go Daddy’s size a competition concern?
Go Daddy is undoubtedly the runaway success story of the domain name industry.
It may not be as big as VeriSign, but unlike VeriSign it was not simply handed a multi-billion dollar resource to manage. It was essentially scratch-built. It didn’t even have first-mover advantage – Register.com and Network Solutions had that, and Go Daddy’s been eating their lunches for years.
The company has got where it is today through, in my opinion, a combination of cheap prices, decent customer service and populist marketing. Mainly the cheap prices, but I doubt that putting a great big pair of boobs on TV during the Super Bowl can have hurt sales.
But how big is the company? And with the introduction of new gTLDs, is its size now a cause for concern? (continue reading)
Big claims from small registrar
You’ve got to admire the cojones on Domainmonster, an upstart registrar from the UK.
In a delightfully hyperbolic press release out today, the company reveals it is “the world’s largest new domain name supplier” and compares itself to Go Daddy.
Because I think it’s funny, I’ll post the meat of the press release before de-constructing it. (continue reading)
Go Daddy busts through 40 million mark
Go Daddy has registered its 40 millionth domain, and it’s closing in on a 50% market share.
The company said that it is now three times the size of its nearest competitor, eNom, and is registering, renewing or transferring one domain per second on average.
Adding domains at a rate of one million per month, Go Daddy could feasibly break through 50 million by the end of the year, but seasonal ups and downs may make early 2011 a more likely timeframe. Go Daddy tends to see a spike in sales after its notorious Super Bowl commercials.
The registrant of the company’s 40 millionth domain does not want his or her identity revealed.
Recent Comments