ICANN/GNSO GNSO Email List Archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [ga] Syria-news.com Hijacked

  • To: Danny Younger <dannyyounger@xxxxxxxxx>, ga@xxxxxxxxxxxxxx
  • Subject: Re: [ga] Syria-news.com Hijacked
  • From: Hugh Dierker <hdierker2204@xxxxxxxxx>
  • Date: Fri, 18 Aug 2006 15:42:12 -0700 (PDT)
  • Cc: steve@xxxxxxxxxxxx
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=6C6xFftWdJFp7r8LDVq7iLfF2EowUuZNEKV3O3ttuP3aFw8nmnVJF3oG2ai4Qsiuo96G41b72+lZBHOpQIT4qg9UHId1iomWeBrmIXF+abk01gmBIdJNpAIXVYqUF0/lvnqk9IthfosfWGwXp8JMpogKrv+cYNa3ZT/1nvVwNU0= ;
  • In-reply-to: <20060818195430.38958.qmail@web53309.mail.yahoo.com>
  • Sender: owner-ga@xxxxxxxxxxxxxx

Danny,
   
  I just wonder how and why you just went to all the trouble of teaching techniques of busting down a network owned and operated by a country who has vowed to kill all infidels (including you and me). The Internet is not immune from war neither is war immune from the internet.
  Only an ostrich hiding from prey could stick their feathers so high in the sky.
  I wonder if when the Allies knocked out Axis telephone lines normal folks thought it was offensive?

  
Danny Younger <dannyyounger@xxxxxxxxx> wrote:
  http://aymanh.com/syria-news-com-hijacked

[excerpt] "Syria-news.com is probably the most
popular Syrian website with a rank of ~2000 at Alexa,
and it is part of the daily browsing habits of most
Syrian Internet users. Yesterday the domain name was
hijacked, now it's pointing to a parking page at Sedo,
and the new owner is selling the domain for 10,000
EUR.

I did some investigation to see how it was actually
taken away, the current WHOIS records show GoDaddy's
Domains by Proxy as the owner, which is a service for
hiding real contact info, I checked WebHosting.Info
for a cached version of the old WHOIS records:

ICANN Registrar: BULKREGISTER, LLC.
Creation Date: Oct 17 2004
Expiry Date: Oct 17 2007

[snip]

Record updated date: 2005-09-10 05:16:20
Record created date: 2004-10-17
Record expires on date: 2007-10-17
Database last updated on: 2006-07-13 17:24:23 EST

Domain servers in listed order:

NS1.GOLDENLOGOS.COM 66.225.220.137
NS2.GOLDENLOGOS.COM 66.225.220.138 

TransferGuard LOCK Status => DISABLED

(Here is the page, and here is a screenshot in case
the cache is updated)

Bingo! Transfer lock was disabled, to transfer a
domain from one registrar to another, transfer lock
must be disabled, and the current owner must either
confirm or deny the transfer email sent to them, but
if they don't respond to this email, it's considered
as a confirmation to the transfer process.

These facts lead me to believe that the hijacker
initiated a transfer request after they noticed the
transfer lock disabled, hoping that the domain owner
would not deny it, the previous owner didn't read the
email, or thought it was spam or something, and
several days later, the domain was gone.

Domain owners, lock your domains, it's pretty easy and
straightforward, just look for this option in your
registrar's control panel.

The funny thing is how the domain was quickly blocked
by proxy servers here, I can't access the domain right
now, obviously they blocked it fearing that bogus news
may be posted there, amazing how quick this response
is, while innocent sites like Wired are still blocked
and requests to unblock them are ignored.

Update: To answer a question, Syria-news chances of
getting the domain back are pretty slim, that was an
immense mistake on their part."



__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


 				
---------------------------------
Want to be your own boss? Learn how on  Yahoo! Small Business. 


<<< Chronological Index >>>    <<< Thread Index >>>