Domain registrar secures popular blog domain for real owner.
It’s every web site owner’s worst nightmare: having a domain name stolen and the thief holding it for ransom. That’s what recently happened to MakeUseOf.com, a popular blog about web applications and software.
But as in many cases, MakeUseOf.com blamed GoDaddy for losing its domain when it wasn’t the company’s fault. In a blog post on blogger and another one on its site, MakeUseOf.com pins the blame on GoDaddy.
You know I’m the first to write about GoDaddy when it does something “wrong”, but it’s often unfairly hung out to dry, too.
So what happened really? The domain owners’ gmail account was compromised. From its blog:
We can now confirm that the attacker in fact got the access details through Gmail and set up a forward filter to send incoming emails from GoDaddy to another Gmail account. Now the account had a strong approximate 15 character long password. How the hell did he manage to get in? Is it another Gmail Security Flaw?
This sounds very similar to another person who lost his domain and had it held for ransom due to a Gmail problem.
GoDaddy Chief Information Security Officer Neil Warner said, “As is the practice of every registrar in accordance with ICANN policy, Go Daddy’s protocol is to authenticate a customer’s domain name by validating the administrator email address and customer account. Once these pieces are complete, we move forward to quickly accommodate the customer.”
Indeed, the administrative contact’s email address is often the weakest link in domain name security. GoDaddy deals with the bulk of these issues since it is the world’s biggest domain registrar.
“Unlike many other registrars, Go Daddy employs a full-time staff to handle issues with domain name theft,” said Warner. “Considering we manage more than 32 million domain names, we believe our track record for resolving problems associated with troublesome accounts is as good, or better, than any others.”
Warner hopes cases like this will help remind people to play it safe. “We hope, at the very least, cases like this serve as a reminder for people to employ secure Internet practices.”
For some tips on preventing this from happening to you, read my suggestions based on a previous theft.