panix.com has apparently been hijacked. It's now associated with a different registrar -- melbourneit instead of dotster -- and a different owner. Can anyone suggest appropriate people to contact to try to get this straightened out? --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
I've forwared to Bruce Tonkin, who I know personally, at MIT, and Cliff Page, who I don't know as well, at Dotster, Steve's note. These are the RC reps for each registrar.
Once upon a time, Steven M. Bellovin <smb@cs.columbia.edu> said:
panix.com has apparently been hijacked. It's now associated with a different registrar -- melbourneit instead of dotster -- and a different owner. Can anyone suggest appropriate people to contact to try to get this straightened out?
Good luck dealing with melbourneit.com; that's the place where domains go to die. -- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
On Sat, 15 Jan 2005, Chris Adams wrote:
Once upon a time, Steven M. Bellovin <smb@cs.columbia.edu> said:
panix.com has apparently been hijacked. It's now associated with a different registrar -- melbourneit instead of dotster -- and a different owner. Can anyone suggest appropriate people to contact to try to get this straightened out?
Good luck dealing with melbourneit.com; that's the place where domains go to die.
I originally replied offlist, but... Under the new ICANN transfer policy, this will most likely be reversed if its shown to be an improper transfer. You need to bring Dotster into this and they need to invoke a transfer dispute under the new policy. MelbourneIT needs to demonstrate a proper FOA (Form of Authorization) to have initiated the transfer and if its found to be invalid the domain will be re-instated and Melbourne-IT fined. -mark -- Mark Jeftovic <markjr@easydns.com> Co-founder, easyDNS Technologies Inc. ph. +1-(416)-535-8672 ext 225 fx. +1-(416)-535-0237
Mark Jeftovic <markjr@easydns.com> writes:
Once upon a time, Steven M. Bellovin <smb@cs.columbia.edu> said:
panix.com has apparently been hijacked. It's now associated with a different registrar -- melbourneit instead of dotster -- and a different owner. Can anyone suggest appropriate people to contact to try to get this straightened out?
Good luck dealing with melbourneit.com; that's the place where domains go to die.
I originally replied offlist, but...
Under the new ICANN transfer policy, this will most likely be reversed if its shown to be an improper transfer. You need to bring Dotster into this and they need to invoke a transfer dispute under the new policy.
Dotster isn't in a position to do anything. They don't show the domain as being transfered. Someone managed to hack the system. They're pretty upset by the situation, too. The membourneit.com folks conveniently refuse to do anything over the weekend. The bad guys struck around midnight Saturday, Australian time, so as to make the damage as bad as possible. Panix is highly screwed by this -- their users are all off the air, and they can't really wait for an appeals process to complete in order to get everything back together again. Perry
On Sat, Jan 15, 2005 at 10:50:49AM -0500, Perry E. Metzger wrote:
Panix is highly screwed by this -- their users are all off the air, and they can't really wait for an appeals process to complete in order to get everything back together again.
from panix shell hosts motd: . panix.net usable as panix.com (marcotte) Sat Jan 15 10:44:57 2005 . . Until we resolve the issue of the domain "panix.com", we have set up . the domain "panix.net" to include the same names and addresses as . "panix.com". . . You may use this as a temporary solution for access to mail, webpages, . etc. Wherever you would use "panix.com", you can replace it with . "panix.net". -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
On Sun, 16 Jan 2005 01:32:46 EST, Henry Yen said:
from panix shell hosts motd:
. panix.net usable as panix.com (marcotte) Sat Jan 15 10:44:57 2005
So let's see.. the users will see this when they log into shell.panix.net (since shell.panix.com is borked).. Somehow, that doesn't seem to help much.. Not that there's any *better* solution, other than changing the top level of the phone tree to say: "Hi, we're out with baseball bats looking for the guys who broke panix.com. In the meantime, you can use 'panix.net' as a temporary solution. If you've tried this already and it still doesn't work, or if you have some *other* issue, please press '9' now..." (Been there, done that - we had a major mail hub outage a while ago, and tried to get the word out by sending everybody a voice mail message, which our phone system vendor *said* should work. We resisted the temptation to send everybody e-mail saying the voice mail system was down... ;)
On Sun, 16 Jan 2005 Valdis.Kletnieks@vt.edu wrote:
On Sun, 16 Jan 2005 01:32:46 EST, Henry Yen said:
from panix shell hosts motd:
. panix.net usable as panix.com (marcotte) Sat Jan 15 10:44:57 2005
So let's see.. the users will see this when they log into shell.panix.net (since shell.panix.com is borked).. Somehow, that doesn't seem to help much..
and the hijackers could be, potentially, running a box pretending to be shell.panix.com, gathering userids and passwds :(
Hi!
So let's see.. the users will see this when they log into shell.panix.net (since shell.panix.com is borked).. Somehow, that doesn't seem to help much..
and the hijackers could be, potentially, running a box pretending to be shell.panix.com, gathering userids and passwds :(
Or put up a pop server, thats more likely used by more of their customers anyway. The other question was a nice one also, did they hve REGISTER-LOCK set for the domain? Bye, Raymond
On Sun, 16 Jan 2005 Valdis.Kletnieks@vt.edu wrote: (Been there, done that - we had a major mail hub outage a while ago, and tried to get the word out by sending everybody a voice mail message, which our phone system vendor *said* should work. We resisted the temptation to send everybody e-mail saying the voice mail system was down... ;) http://gallery.snark.net/etc/wtf2 I love it when I end up working somewhere that relies on Exchange (and Exchange admins). matt ghali --matt@snark.net------------------------------------------<darwin>< The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
On Sat, 15 Jan 2005, Mark Jeftovic wrote:
Once upon a time, Steven M. Bellovin <smb@cs.columbia.edu> said:
panix.com has apparently been hijacked. It's now associated with a different registrar -- melbourneit instead of dotster -- and a different owner. Can anyone suggest appropriate people to contact to try to get this straightened out?
Good luck dealing with melbourneit.com; that's the place where domains go to die.
I originally replied offlist, but...
Under the new ICANN transfer policy, this will most likely be reversed if its shown to be an improper transfer. You need to bring Dotster into this and they need to invoke a transfer dispute under the new policy.
The problem is that during that time panix and its users have suffered serious losses. They should never have allowed the transfer in the first place without authorization, so new ICANN policy is a problem, not a solution.
MelbourneIT needs to demonstrate a proper FOA (Form of Authorization) to have initiated the transfer and if its found to be invalid the domain will be re-instated and Melbourne-IT fined.
That means at least 24 hours for initial investigation and it likely will not happen until Monday (bad guys do these sort of things on weekends for a reason ...) and they probably will not act until Monday evening or longer (and that is at the same time when Verisign now allows "rapid" updates to zone file and could fix it very quickly). If I were Panix, I would get lawyers to draft and fax a nastygram letter to MelburneIT and somewhat similar letter to Verisign warning them of the liabilities involved in being accomplices to such a such a fraudulent and illegal actions and saying that every hour the situation is not fixed Panix losses continue to increase and somebody would have to pay, etc... But more important would be to actually call Verisign (their NOC) and complain loud and clear - if I remember when something like this happened about 2-3 years ago to another bix company they fixed it in < 12 hours. -- William Leibzon Elan Networks william@elan.net
If I were Panix ...
Free advice. Bruce, Cliff and Chuck are people. Yes, even Chuck is a people. You want prompt service, you ask nice and you ask the right people and you don't assume there are facts not in evidence, like errors or malfeasence, when you could be solving the problem, before the facts could be in evidence. My phone isn't going to ring, so I'm going to bed. Eric <registrar_hat="off"/>
In message <200501160008.j0G08bTI033830@nic-naa.net>, Eric Brunner-Williams in Portland Maine writes:
If I were Panix ...
Free advice. Bruce, Cliff and Chuck are people. Yes, even Chuck is a people. You want prompt service, you ask nice and you ask the right people and you don't assume there are facts not in evidence, like errors or malfeasence, when you could be solving the problem, before the facts could be in evidence.
Agreed. At the moment, we don't know all the details of what happened; what's important is for Panix to get back on the air. We can sort out the blame later, when we have all the facts. --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net> writes:
If I were Panix ...
Free advice. Bruce, Cliff and Chuck are people. Yes, even Chuck is a people. You want prompt service, you ask nice and you ask the right people and you don't assume there are facts not in evidence, like errors or malfeasence, when you could be solving the problem, before the facts could be in evidence.
Alexis Rosen of Panix was on the phone earlier today with the company attorney for melbourneit -- reputedly he was informed that even if the police called, they would not do anything about the problem until Monday their time. Alexis is a bit on the upset side, naturally -- his company is in serious trouble because of very obvious fraud, and waiting a few days isn't really something he can afford to do. (If you look at the whois records now in place for panix.com they're pretty clearly the result of fraudulent activity. There is a pretty clear attempt there to maximally obscure who has stolen the domain name -- this is clearly not an innocent mistake.) Perry
Howdy Perry,
Alexis Rosen of Panix was on the phone earlier today with the company attorney for melbourneit -- reputedly he was informed that even if the police called, they would not do anything about the problem until Monday their time.
(a) I don't know MIT's attorney, and (b) I wouldn't ever call him or her when I could reach someone I know, and (c) what would you expect an attorney to say?
Alexis is a bit on the upset side, naturally -- his company is in serious trouble because of very obvious fraud, and waiting a few days isn't really something he can afford to do. (If you look at the whois records now in place for panix.com they're pretty clearly the result of fraudulent activity. There is a pretty clear attempt there to maximally obscure who has stolen the domain name -- this is clearly not an innocent mistake.)
Yeah, but, home truths. There are registrars who will get out of bed at night for a customer, and registrars who could give a shit if hell froze. Just like ISPs and LEOs, neh? Picking a registrar with a market share in the top 10 means that you get 1/share's worth of attention, which means 1/1488700 of Dotster's attention (using 1/15 daily market share graph). Now, was that at the NetSol $35/yr price point for customer care, or the GoDaddy $6.95/yr price point for customer care. I suppose everyone thinks that it (for some value of "it") can't happen to them, and that if it does, a wicked small amount of money will still do more than the oil that lights the lamps at Hanukkah, because bad acts are rare and all the dimes pile up into a shared fate insurance fund. Well, now I'm really going to bed. Eric
actually godaddy has been quite reponsive for me @ 3am before. Eric Brunner-Williams in Portland Maine wrote:
Howdy Perry,
Alexis Rosen of Panix was on the phone earlier today with the company attorney for melbourneit -- reputedly he was informed that even if the police called, they would not do anything about the problem until Monday their time.
(a) I don't know MIT's attorney, and (b) I wouldn't ever call him or her when I could reach someone I know, and (c) what would you expect an attorney to say?
Alexis is a bit on the upset side, naturally -- his company is in serious trouble because of very obvious fraud, and waiting a few days isn't really something he can afford to do. (If you look at the whois records now in place for panix.com they're pretty clearly the result of fraudulent activity. There is a pretty clear attempt there to maximally obscure who has stolen the domain name -- this is clearly not an innocent mistake.)
Yeah, but, home truths. There are registrars who will get out of bed at night for a customer, and registrars who could give a shit if hell froze. Just like ISPs and LEOs, neh?
Picking a registrar with a market share in the top 10 means that you get 1/share's worth of attention, which means 1/1488700 of Dotster's attention (using 1/15 daily market share graph). Now, was that at the NetSol $35/yr price point for customer care, or the GoDaddy $6.95/yr price point for customer care.
I suppose everyone thinks that it (for some value of "it") can't happen to them, and that if it does, a wicked small amount of money will still do more than the oil that lights the lamps at Hanukkah, because bad acts are rare and all the dimes pile up into a shared fate insurance fund.
Well, now I'm really going to bed.
Eric
-- My "Foundation" verse: Isa 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their righteousness is of me, saith the LORD. -- carpe ductum -- "Grab the tape" CDTT (Certified Duct Tape Technician) Linux user #322099 Machines: 206822 256638 276825 http://counter.li.org/
On Sat, Jan 15, 2005 at 10:27:31PM -0500, Steven M. Bellovin wrote:
panix.com has apparently been hijacked. It's now associated with a different registrar -- melbourneit instead of dotster -- and a different owner. Can anyone suggest appropriate people to contact to try to get this straightened out?
--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
calls have been initiated. --bill
participants (13)
-
bmanning@vacation.karoshi.com -
Chris Adams -
Christopher L. Morrow -
Eric Brunner-Williams in Portland Maine -
Henry Yen -
just me -
Mark Jeftovic -
Perry E. Metzger -
Raymond Dijkxhoorn -
Steven M. Bellovin -
Valdis.Kletnieks@vt.edu -
William Warren -
william(at)elan.net