Comments on: Comments on 17487

Post number 17487

mcwetboy — Thu, 30 May 2002 04:53:23 -0800

MacSlash is the latest victim of domain hijacking. Depending on how the DNS fairies have propagated themselves, you may be able to read MacSlash's own thread on the situation, or you may be taken to a generic Dotster page. I got Dotster at work yesterday but I'm still getting MacSlash at home. Not yet clear how this will turn out.

By: Blake

Blake — Thu, 30 May 2002 05:10:37 -0800

Can someone point to a mirror of the MacSlash thread?

By: mcwetboy

mcwetboy — Thu, 30 May 2002 05:38:39 -0800

Right now the MacSlash thread is basically "Please post in the thread below if you can get to the site", but they've registered macslash.net, apparently, and may be back up there shortly if everything gets fubared. Updates are being posted to the Slashdot thread in the meantime.

By: Sapphireblue

Sapphireblue — Thu, 30 May 2002 06:08:43 -0800

mirror.

By: insomnyuk

insomnyuk — Thu, 30 May 2002 06:20:50 -0800

This is insanity. My parents ISP lost their primary domain to Ultimate Search a couple of weeks ago. Why does this never happen to the really big sites, like Yahoo! or Apple?

By: neuroshred

neuroshred — Thu, 30 May 2002 06:32:43 -0800

Scary. After the last round of hijackings I put a block on registrar changes for all my domains. Don't know if that will work.

By: Samizdata

Samizdata — Thu, 30 May 2002 08:46:53 -0800

Can't get anything at all.

By: jennak

jennak — Thu, 30 May 2002 10:51:15 -0800

I wish someone would post on the site info about the domain registrar -- I want to know which registrar it was that allowed MacSlash to get hacked.

By: mcwetboy

mcwetboy — Thu, 30 May 2002 11:00:02 -0800

A note from the proprietors of MacSlash has been posted on MacRumors. I don't think they quite understand what has happened (i.e., "We are not certain at this time whether the situation is malicious or not"). But it looks like they're getting .net, .org and .info domain names, so at the very least they won't be going dark for long. jennak: That hasn't come up in the discussions elsewhere as far as I know, but I know where I'd place my bet.

By: mcwetboy

mcwetboy — Thu, 30 May 2002 12:33:02 -0800

Unfortunately, it looks like they registered macslash.net with Network Solutions!

By: darukaru

darukaru — Thu, 30 May 2002 13:50:11 -0800

Why does this never happen to the really big sites, like Yahoo! or Apple? Fear of lawyers. Yahoo and Apple have billions to fight for their marks.

By: RevGreg

RevGreg — Thu, 30 May 2002 14:05:07 -0800

I wish someone would post on the site info about the domain registrar -- I want to know which registrar it was that allowed MacSlash to get hacked. According to several sources their domain was registered with Dotster. Unfortunately I have one of the seven domains I own with Dotster...sigh...it never ends.

By: dhartung

dhartung — Thu, 30 May 2002 14:05:21 -0800

It happened just this same week to the US Navy. Last year there was a big incident involving many high-profile domains, which prompted several registrars and third-parties to create value-added "domain protection" services.

By: luriete

luriete — Thu, 30 May 2002 15:53:44 -0800

Is it hijacking when it expires and is resold? Because that's what happened. It's not like the Leslie Harpold sitch.

By: mcwetboy

mcwetboy — Thu, 30 May 2002 16:22:25 -0800

Indeed, luriete, it is not altogether clear what has happened, and you may well be correct, but let's see what else comes out. For example, I'm still getting MacSlash at home. An update posted there: UPDATE: [J] (2002-05-30 22:29:55 GMT) Ben, who is driving somewhere between Kentucky and Washington D.C., just received a call from a V.P. at Dotster who said that his people have been receiving A LOT of emails from you guys. He is personally looking into the problem and has assured us that he will do everything in his power to get this problem corrected. If it ends up being something that Dotster cannot assist us with we have already received an offer for Pro-Bono work from a lawyer who works with domain disputes all of the time. If worst comes to worst we'll be meeting with ICANN soon.

By: litlnemo

litlnemo — Thu, 30 May 2002 18:29:46 -0800

Was it Dotster that previously had the MacSlash registration? And did it expire? None of that is clear from what I've read on MacSlash (which I can still access just fine from home). I'm wondering if he ran into the same situation as I did recently -- domains hosted with Dotster expired, and Dotster didn't send me any notice warning me that they were expiring, then resold one immediately without any final notice that it would happen. So it wasn't a hijack per se, but I also wasn't exactly getting the service I thought I was paying for, which should have included at least a warning before reselling the domain.

By: djacobs

djacobs — Fri, 31 May 2002 06:40:05 -0800

63.238.196.105 macslash.com 63.238.196.105 www.macslash.com from a note on the above mirror - put those lines in your /etc/hosts file to see macslash.

By: oaf

oaf — Fri, 31 May 2002 07:09:41 -0800

macslash.com appears to point to MacMall.

By: mcwetboy

mcwetboy — Fri, 31 May 2002 12:33:54 -0800

More information posted at MacSlash.org. Essentially, the renewal notice (from Dotster) was sent to a mac.com address, and mac.com (Apple's free e-mail service) has been blocking Dotster e-mail as spam. The issue is now that Apple has been filtering e-mail without its users' knowledge. Meanwhile, macslash.com has apparently been set to point to MacMall via an affiliate program -- i.e., the new owner is using the domain to earn money at MacMall. Based on the ongoing discussion at Slashdot, MacMall doesn't have anything to do with this, and seems to be trying to do something about it. When I tried macslash.com, I got forwarded to macslash.org, so that might be that something.

By: kindall

kindall — Fri, 31 May 2002 15:07:29 -0800

mac.com (Apple's free e-mail service) has been blocking Dotster e-mail as spam Awww, fuck. I just checked and, yes, several of my Dotster domains have slipped through my fingers without my knowledge. Jesus H. Christ on a pogo stick that pisses me off.

By: kindall

kindall — Fri, 31 May 2002 17:20:04 -0800

According to a message I just got from Apple, Dotster was indeed spamming mac.com accounts (inculding administrative accounts) which is why they were blocked. Sigh... can't support that kind of tomfoolery. Time to move the rest of the domains to Joker.com... at least, those I can (I don't think Joker does .name or .us).

By: litlnemo

litlnemo — Fri, 31 May 2002 18:29:36 -0800

Oh my. This might be the explanation for my missing Dotster renewal notices, too. I don't use mac.com for this (though I have a mac.com address), but the address I do use is through a server which subscribes to some pretty hefty spam-filtering. Damn... The one thing NetSol does do right is that they send out snail mail final notices when domains expire. I wish Dotster did that as well.

By: litlnemo

litlnemo — Fri, 31 May 2002 19:09:34 -0800

By: litlnemo

litlnemo — Fri, 31 May 2002 19:14:38 -0800

Wow. How did I do that? Sorry, must have gotten a little too carried away with the button-pushing. And 30 minutes apart, even!