21
July
Domain name research hijacking
Be careful when you do domain research. Avoid the CNet Domain Search page. Two days ago, a customer of mine was ready to pay for his hosting plan . His preferred domain name was catandungan.com. However when I tried to register it, it had just been registered to an outfit named Chesterton Holdings. Puzzled, my customer said “It was just available 2 days ago” . I was also surprised because the domain name is native to the Philippines. Chesteron Holdings is based on Los Angeles, California.
Then I saw this article about
Whois Hijacking My Domain Research? which explained the research hijakcing.
So the question remains: How did Chesterton Holdings get hold of the reader’s domain name and register it before she did? Is it part of this mysterious “automated process”?
The main site she had used to check for domain availability was the CNet Domain Search page.
This is a “meta-search” page, meaning that when you enter a domain name in it, the page checks several other services for domain availability, consolidates the reports and delivers them back to the user.
The writer of the article speculates on the reasons for the domain research hijacking:
Here is what’s possible, based on what I know:
* CNet, or someone at CNet, could be passing the requests on to Chesterton. I don’t believe this for a second.
* One of the hosting services that CNet is checking with (and there could be more than they indicate) could be passing data on to Chesterton. This seems unlikely to me.
* Chesterton could have compromised one of the servers involved in the process, for instance the whois server used by one of the hosting services. This seems possible to me. There are a number of other hacking techniques, DNS cache poisoning for example, that could indirectly give Chesterton access to data from these queries.
* Verisign could be passing the data on to Chesterton. I don’t believe this, either.
Leave a Reply