Featured Domains

TrueName by donuts. Make a name for yourself

Bad guys get Gandi.net’s password to technical provider, redirect domains

751 domain names registered at Gandi were pointed to malware sites.

Hackers managed to redirect 751 domain names at domain name registrar Gandi.net to servers spreading malware, the company detailed this week.

All of the domain names were on country code domain names for which Gandi uses a third-party technical provider to connect to the registry. Gandi, like most registrars, has direct connections to many of the registries. But for some ccTLDs, it uses a third party to provide the connection. That’s where the breach occurred.

According to Gandi, someone was able to get its credentials to log in to the web interface of the unnamed technical provider to redirect the names. Gandi believes that the credentials were intercepted because the technical provider allows access via http instead of https.

The domain names were redirected for up to 11 hours.

Although I understand the desire to not throw the technical provider under the bus, revealing its name could help other registrars prevent the same thing from happening. (Psst: if you know who the provider is that handles 34 of Gandi’s ccTLDs, drop me a line.)

The most in-depth analysis of the global domain market

Get Our Newsletter

Stay up-to-date with the latest analysis and news about the domain name industry by joining our mailing list.


No spam, unsubscribe anytime.

Reader Interactions

Comments

    Leave a Comment

  1. HG

    I’m fairly certain it was RRPproxy, a.k.a. Key Systems. They’re one of the only ones that supports all of these TLDs.

Domain Name Wire | Domain Name News
%d bloggers like this: