Slashdot Mirror
New York's Oldest ISP Gets Domain-Jacked
Howard Roark writes "Panix, the oldest commercial Internet provider in New York, had its domain name 'panix.com' hijacked by persons unknown. The main effect on users is that mail sent to panix's customers is being routed to a bogus mail server run by the hijackers."
*How did this happen?
*Was it the registrar that was at fault?
*Did they forget to renew the domain?
*What is the registrar doing about the issue? (if anything)
I'm kind of curious about this..
How can someone take my domain, that I paid for, and hijack it? And if you register for a domain, for a period of time, say 1 year, can someone at the end of that time come and take the domain away, or do you always get the first chance to renew?
Does security of domains have anything to do with the company that registers??
There are so many questions...
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
How do you administer domain security??? All I can think of is a tough password for the registrar. Or do all the changes by telephone only.
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
Oh, I see. So because someone does something that's wrong, they can never talk about it, or post stories if someone else does the same wrong thing? Cool! I bet every cop whose ever given me a speeding ticket has sped at least once, so I can ignore them from this point on!
So, you're one of the persons Micheal screwed over. What does that have to do with Panix?
Parent's post is at +5 at 12:30amPST, 1/16/05. Who wants to bet that it
1) will be fixed at -1
2) becomes another post of death
before the day is over?
It wouldn't be the first time when slashdot editors' actions go directly against their high-horse stance against censorship and try to hide any views that they personally don't like.
I would like to remind Michael that you only support free speech if you support your enemies' rights to say things that you don't like and hope that you prove me wrong.
Seattle Eastside Math and Science Tutoring
People do not like him as an editor here. Michael constantly editorializes by sticking his opinions into the article submission instead of in a comment like the rest of us have to. He often modbombs threads and blacklists people who post in them from moderating. Even if you don't like Taco's endless dupes or typos, at least he lets the submission speak for itself (iPod launch comment excluded). Michael does very unprofessional things like the infamous all-caps attack toward Intel in the 64-bit chip article last year.
No, this is not just a hobby site where those kinds of things fly. This is a highly-visited news site, considered a major source of tech news for geeks, and a corporate-owned entity of OSTG who employs Malda and company. There's an amount of responsibility you ethically must adopt when your site gets so popular that it's name alone becomes a verb due to the server-killing power of its readerbase.
Michael also does things like edit the words of people's submissions, like adding quotation marks around the word "revealed" in this story (now in my sig). Regardless of what you think of the story, that's just plain misleading and twisting the words and intent of the submitter, making it appear they meant something other than what they did. If it was an anonymous submitter, that would be different, but now Michael has stuffed a message into the submitter's mouth that was not there. At least show a little respect for the people who are providing your content.
What's particularly scary is that melbourneIT.com isn't open on the weekends, period ... and won't do anything to help.
I can vouch for this. Melbourne IT is a horrible company to try to deal with. Many US registrars (including Yahoo! domains) are resellers of Melbourne IT's services. Now, if you have a problem with your domain, just try to get in touch with someone at Yahoo. The reply I got from Yahoo was: "there is no support from Yahoo for domain names purchased through Yahoo! domains."
Then, try to get in touch with someone at Melbourne IT. "I'm sorry, only the reseller can help you with this problem, yes even though they refuse to help you, I can't help you."
It took me two weeks to get a domain transferred out of Yahoo/Melbourne's control and into a sane registrar that gives a crap about their customers (register.com, you can actually talk to someone on the phone there, 24/7/365).
Seems to me that they are snappy when it comes to theft of domains, yet sluggish when it comes to any form of customer service. My advice: Boycott Melbourne IT and all of its resellers until they get a clue.
bash: rtfm: command not found
Panix is an old haunt of lots of very savvy New York geeks, particularly security and OS hackers with lots of money and techniques. I'd hate to piss them off, especially with an attitude that merely a planet-width and a foreign law license protects me from my obligation not to screw them.
--
make install -not war
Since when has register.com ever been a "sane registrar"? You do know they've been drug into court several times for fraud, predatory business practices, and yes, transfering domain registrations without authorization. Specificly, they were sending domain renewal notices (that looked almost exactly like netsol's notices) for domains that weren't their customers. And weren't expiring either.
The grandparent post has already been modded down at least twice (and modded up again twice) in the period from roughly 12:45 AM - 1:00 AM.
Furthermore, the parent post has been modded down (and then back up to +4) in the same time-period.
Perhaps these were all independent people modding things down, but something leads me to believe that there are some valid points here
I know some people in MelbourneIT, and have already spoken to them. They are looking into the issue
`find / -name "*your_base*" -exec chown us:us {} \;`
Checking the IP that panix.com is on shows several thousand domains, and all seem to have odd names.
That Las Vegas address used for panix.com is also similar to some used by spammers registering domains, and using a Nevada address in the whois.
Maybe a check of some of the blocklists will show the panix.com IP listed already. 142.46.200.72
You could try this link and see if the server is still up. (hint, slashdot effect)
Pete Carr Owner Chatmag.com
Actually, the circumstantial evidence of the timing doesn't weigh as heavily as the original message, from Thor, in that merit.edu thread, in which he refers to other reason's to be "suspicious". Combine that with the corroboration in this Slashdot thread of exactly this kind of malfeasance by MelbourneIT in the past, and they're looking pretty culpable. Especially in the light of their corporate response: the CEO tells their counsel to tell Panix to get lost, rather than telling a tech to look into the problem.
MelbourneIT's size and importance are totally irrelevant to their possible guilt. If anything, big, important corporations hide behind their straight appearance to commit the most grevious acts. I'm sure MelbourneIT will get this, especially if they're violating any laws anywhere with this kind of "incompetence", and Panix suffers any losses - likely. Then they'll find out that a gang of jetlagged New Yorkers with baseball bats is the easy way, compared to the lawyers who speak so politely.
--
make install -not war
It can actually make a big difference... not so much for transfering (although it is possible that the reseller steal your domain), it's just another layer where something could go wrong.
Also, resellers often have the same power you have over a domain -- they could easily change the admin contact to themselves, for example.
Or, in a recent example, the employee of one reseller decided to delete everyone's domains. The users were forced to either pay some price over $100 to get the domain from redemption or potentially lose the domain (aside from the fact that what they paid for the domain was gone). If you care to read about that, here is a rather long thread on it.
Here's a crazy idea. Maybe it'll be modded -1 troll because, well, he's trolling? Just a thought.
What seems to have happened is that somehow the Australian registrar "melbourneIT.com" yanked the fully paid-up registration away from Dotster (where Panix had it) without any notice whatsoever
Or so they say.
What many people here may not be aware of, is that the domain registry system had a slight overhaul recently, after ICANN mandated a change in the registrar transfer procedures.
More specifically: while in the past a domain transfer would automatically be rejected when the account holder did not approve it, recently this changed so now a transfer request get approved by default unless the account holder actively rejects it.
Yes -- that means that if the owner to be on vacation, doesn't check his mail frequently enough, has a spamfilter that ate the transfer notice, or simply never received the message in the first place for whatever other reason, the domain transfer request will automatically be granted.
ICANN's reasoning for this was alledgedly that it would prevent a defunct hosting provider or non-working administrative account from keeping a customer's domain hostage.
The only way to change this behaviour and reject a domain transfer by default, is to lock the domain with the registrar. Many of the registrars responded to this policy change by proactively locking all domains hosted with them with little warning (Network Solutions, for example)
Anyway, it's quite likely that this domain in question simply didn't get locked (or was actively unlocked by the administrator because it was deemed inconvenient?). Then if anyone sent a (bogus) transfer request and the administrator either didn't see the notice or didn't respond in a timely fashion to reject it, this would happen.
This will happen to ANY domain that is not currently locked, and who's admin contacts aren't paying close enough attention to their mailbox. If you haven't already done so: MAKE SURE YOUR DOMAINS ARE LOCKED!!!
Yet another example of how ICANN makes the world a better place, I guess.
Even under the new ICANN rules, that's not supposed to be possible. Someone is playing games with the system.
Hi Aurix, You make some valid points, but the blame should definately not be put all onto Melbourne IT. I had to lock many of my domain names because of a new transfer policy inforced by ICANN on the 12th of November 2004, which stated pretty much, that once a transfer was initiated, no one was able to stop the transfer. Registrars like Melbourne IT and Dotsters are just pawns for bigger and smaller enemies, aka hijackers and governing bodies. I have all my domain names with Melbourne IT, and was notified by email that the transfer policy was going to be in place, and procedures to ensure my domain names were locked. I am concerned one of the oldest ISP's in America "PANICS" didn't have there domain name locked (only unlocked with a domain name password). I would also question how this hijacker got the 'victims' password to transfer the licence to another registrar? I definately think people should research facts before they blurt out how horrific the whole scenario is. Any one heard of bureaucratic red tape, I am guessing once Melbourne get's past it they will act accordingly to resolve the issue. Regards, Fully Seriously Sick!
they only shaped up when federal law enforcement forced them to. they didnt change voluntarily.
Where is the DCMA when you need it?
Michael has irritated a lot of people over the years
You're not doing anything worthwhile unless someone gets PO'd.
Quote from somewhere. I like it.
fast as fast can be. you'll never catch me.
As always, misleading analogy.
... ...
It's more like this
Gullible Buyer: "Hey friend, you are more knowledgeable with cars, will you buy me one? Here's the cash, go to the local deader, buy whatever seems good; I don't know all the tech-speak and I am sure the sales rep. will try to rip me off"
Friend: "Sure. Count on me"
Later:
Friend: "I bought this great car, but I made the papers on my name. But don't worry, I'll let you drive it"
Gullible Buyer: "Uhhh, thanks, I guess"
Later:
Friend: "You know, this car is mine, so fuck off!"
Believe it or not, I've seen this happening more than once with regard to domain names. One example: The client is a newcomer and the contractor was SO helpful, they provided the internet connection, made and hosted the company website and even registered the domain name (on their name, not the client's name). The client doesn't even notice. A few years after that, the client realizes the mistake, tries to take ownership of the domain. The contractor asks for $50,000.
Luckily, in that case the client also has a trademark on the name, so i advised them to threaten the contractor with a lawsuit and never give in. I don't know the latest status in this matter but I think the contractor will give the domain to the rightful owner.
Date: Sun, 16 Jan 2005 10:07:04 +0000
:43 is broken. They want perfect data at no cost and w/o restriction. Registrars don't want slamming, today's owie, and registrants don't want spam (which some ISPs do), so the whole :43 issue is a trainwreck of non-operational interests overriding operational interests. Registrars would be happy to pump :43 data to operators, if we could manage the abuse, instead we get knuckleheads who insist that spam would be solved forever if ...]
From: Eric Brunner-Williams in Portland Maine
To: nanog@merit.edu
Cc: brunner@nic-naa.net, alexis@panix.net
Subject: Re: panix.com hijacked (VeriSign refuses to help)
Oki all,
Its dawn in Maine, the caffine delivery system has only just started, but I'll comment on the overnight.
You're welcome alexis@panix.net. If you'll send me the cell phone number for the MIT managment I will call wearing my registrar hat and inform whoever I end up speaking with that Bruce needs to call me urgently, on Registrar Constituency business.
Next, put a call into the Washingtom Post. They lost the use of the name "washpost.com" which all their internal email used, to due to expiry, so their internal mail went "dark" for several hours. This was haha funny during the primary season (Feb 6). If they don't get it try the NYTimes. Put the problem on record. There is an elephant in the room.
The elephant is that the existing regime is organized around protecting the IPR lobby from boogiemen of their own invention. They invented the theory that trademark.tld (and trademark.co.cctld) existence dilutes the value of trademark, hence names-are-marks, bringing many happy dollars (10^^6 buys) into the registrar/registry system ($29-or-less/$6, resp., per gtld and some cctlds), and retarding new "gTLD" introductions, as each costs the IPR interests an additional $35 million annually.
To solve their division of spoils problem, is "united.com" UAL or is it UA?, we had DRPs, which is now a UDRP, and more DRPs for lots of cctlds.
These [U]DRPs take many,many,many,many units of 24x7. They were invented for the happy IPR campers, who care about _title_, not _function_. If the net went dark that would be fine with them to, so long as the right owners owned the right names.
Restated, there is no applicable (as in "useful for a 24x7 no downtime claimant") law in the ICANN jurisdiction.
And it is your own damn fault. Cooking up the DRPs took years of work by the concerned interests, and they were more concerned with enduring legal title then momentary loss of possession. During those years, interest in the DNSO side of ICANN by network operators went from some to zero, and at the Montevideo meeting the ISP and Business constituencies were so small they meet in a small room and only half the seats were taken. After that point they were effectively merged. IMHO, Marilyn Cade and Phillipe Shepard are the ISP/B Constituency, and they can't hear you (for all 24x7 operational values of "you").
In case it isn't obvious, the "your own damn fault" refers to a much larger class of "you" than Alexis Rosen.
[Oh, the same happy campers are why
There is a fundamental choice of jurisdictions question. Is ICANN the correct venue for ajudication, or is there another venue? This is what recourse to the "ask a real person" mechanism assumes, that talking to a human being is the better choice.
Bill made this comment:
> Since folks have been working on this for hours, and
> according to posts on NANOG, both MelbourneIT and
> Verisign refuse to do anything for days or weeks,
> would it be a good time to take drastic action?
>
> Think of what we'd do about a larger ISP, or the
> Well, or really any serious financial target.
>
> Think of the damage from harvesting logins and
> mail passwords of panix users.
You (collectively) are
Panix at least used to have a lot of users with jobs like "NY Times reporter" and "Wall Street technology analyst." This story needs to be amplified to the point where there's a total restructuring of the domain registration system, one which removes Network Solutions entirely from the business. Can we assume that Panix users will be doing their part to play this up in the mainstream media capital of America?
"with their freedom lost all virtue lose" - Milton
It's not like you folks wern't warned this would happen. The NSI-ICANN agreement took away any power NSI had to fix this.
An in band solution altering DNS is probably not a solution, welcome to the modern internet and oddly, I don't see a peep out of ICANNs "Transfer Task Force".
The proper geek way to fix this is with BGP. Why hasn't anybody had the cajones to do this yet?
If somebody cares to contact me preferably by voice I can put the correct NS records for panix i the ORSC root zone and those of you sensible enough to not rely on other people to be in charge of the entire domain tree will be able to get to (alas) poor Panix normally.
John Berryhill is in Deleware and is now aware of the problem. When he stopped laughing he said he'd make some calls, lawyer to lawyer. And he is in Deleware. The address in DE of the NS host to panix is a residence, FWIW. Wilmington is not a large place...
I must say when I heard panix had been hijacked by something in Wilmington De and Canada my heart stopped till I found out is wasn't me and John.
If you're not scared enough, JB suggests you go to any_domain.1bu.com and welcome to the Chinese global phishing site.
Need Mercedes parts ?
Because BGP is a technical solution to a human problem, that of verifying users requests. And the BGP traffic is already a signifant amount of traffic to core routers: adding another layer of manipulation and complexity to them is asking for more brokenness, and many of the top-tier providers manipulate their BGP information to raise the "distance" of what are fiscally expensive routes, or to blackhole people they don't like.
Take a look at the routing wars surrounding the various spam blackhole lists if you're curious about this.