“For a week we lost control of the Perl.com domain,” a long-running site offering news and articles about the programming language, writes the site’s senior editor, brian d foy.
“Now that the incident has died down, we can explain some of what happened and how we handled it.”
This incident only affected the domain ownership of Perl.com and there was no other compromise of community resources. This website was still there, but DNS was handing out different IP numbers…
Recovering the domain wasn’t the end of the response though. While the domain was compromised, various security products had blacklisted Perl.com and some DNS servers had sinkholed it. We figured that would naturally work itself out, so we didn’t immediately celebrate the return of Perl.com. We wanted it to be back for everyone. And, I think we’re fully back. However, if you have problems with the domain, please raise an issue so we at least know it’s not working for part of the internet.
What we think happened
This part veers into some speculation, and Perl.com wasn’t the only victim. We think that there was a social engineering attack on Network Solutions, including phony documents and so on. There’s no reason for Network Solutions to reveal anything to me (again, I’m not the injured party), but I did talk to other domain owners involved and this is the basic scheme they reported. John Berryhill provided some forensic work in Twitter that showed the compromise actually happened in September. The domain was transferred to the BizCN registrar in December, but the nameservers were not changed. The domain was transferred again in January to another registrar, Key Systems, GmbH. This latency period avoids immediate detection, and bouncing the domain through a couple registrars makes the recovery much harder…
Once transferred to Key Systems in late January, the new, fraudulent registrant listed the domain (along with others), on Afternic (a domain marketplace). If you had $190,000, you could have bought Perl.com. This was quickly de-listed after the The Register made inquiries.
“I think we were very fortunate here and that many people with a soft spot in their hearts for Perl did a lot of good work for us,” the article notes. “All sides understood that Perl.com belonged to Tom and it was a simple matter of work to resolve it. A relatively unknown domain name might not fare as well in proving they own it…”
But again, the incident ended happily, foy writes, and “The Perl.com domain is back in the hands of Tom Christiansen and we’re working on the various security updates so this doesn’t happen again. The website is back to how it was and slightly shinier for the help we received.”