commercial archive domain hijacking
March 13, 2003 12:16 AM   Subscribe

domain hijacking is easy! a domain that is locked down at domainnamesystem.com has suddenly changed hands without my approval.... [more]
posted by dabitch (7 comments total)

This post was deleted for the following reason: using mefi to get tech help for your domain?



 
Normally the commercial-archive.com would lead to this site but not today. creepier still is that the offending IP where the domain currently resides sent me a message last night - "bop". whatever that means.

the whois information yesterday:

Administrative Contact:
ADMIN, DOMAIN INFO@BABESCUMMING.COM
PO BOX 51212
N/A
FLUSHING, NY 11355
US
877902451

how easy is it to steal a domain?
posted by dabitch at 12:19 AM on March 13, 2003


Today's whois still reports this:

Registration Service Provider:
Domain Name Systems as low as $10 domain name registrations
http://www.domainnamesystems.com


It sounds to me like they (your registrar, not InterNIC) screwed up when registering a domain. I don't think it was hijacked. Sorry...

That would explain why they can fix it so fast, as well. If it were another company involved, 2 days would be a miracle.
posted by shepd at 12:26 AM on March 13, 2003


fubared the link to http://www.domainnamesystems.com there.
posted by dabitch at 12:26 AM on March 13, 2003


i am suspecting the registrar - i've had these domains via them since 1999 without a hitch though. Oddly enough, commercial-archive is the only domain I have chose to lock down - and the only domain that went astray. Perhaps their lock does the opposite? ;)
posted by dabitch at 12:28 AM on March 13, 2003


What is strange here, is that the domain wasn't hijacked from one registrar to another, but instead:

a) The whois records (holder contact information, DNS) for the domain have been directly changed at database level.

b) While the information returned by whois reflected this change, the Web administration interface for the domain management did not.

The whole incident bears some similarities with this case.
posted by cip at 1:38 AM on March 13, 2003


correct cip, thankyou. This might not have been the best fpp ever (specially since i fubared the link, darn) I just thought you Mefiosos had experience in this sort of thing. Is there anything I can do? Or will this hijacker get away with it? And i find very creepy that the whois was changed, like you say, at database level. who's allowed to do that?
posted by dabitch at 2:11 AM on March 13, 2003


DOMAIN INFO@BABESCUMMING.COM

Would that be BABES CUMMING.com
-or-
BABE SCUMMING.com . . ?
Maybe BABE SCUM MING-dot-com?
(Sorry, Ask, I feel for you!)
posted by Shane at 6:46 AM on March 13, 2003


« Older The Smoking Gun   |   Police appreciation! Newer »


This thread has been archived and is closed to new comments