'"For a week we lost control of the Perl.com
domain," a long-running
site offering news and articles about the programming language, writes
the site's senior editor, brian d foy.
"Now that the incident has died down, we can explain some of what
happened and how we handled it."
This incident only affected the domain ownership of Perl.com
was no other compromise of community resources. This website was still
there, but DNS was handing out different IP numbers...
Recovering the domain wasn't the end of the response though. While the
domain was compromised, various security products had blacklisted
and some DNS servers had sinkholed it. We figured that would
naturally work itself out, so we didn't immediately celebrate the
return of Perl.com
. We wanted it to be back for everyone. And, I think
we're fully back. However, if you have problems with the domain,
please raise an issue so we at least know it's not working for part of
What we think happened
This part veers into some speculation, and Perl.com
wasn't the only
victim. We think that there was a social engineering attack on Network
Solutions, including phony documents and so on. There's no reason for
Network Solutions to reveal anything to me (again, I'm not the injured
party), but I did talk to other domain owners involved and this is the
basic scheme they reported. John Berryhill provided some forensic work
in Twitter that showed the compromise actually happened in September.
The domain was transferred to the BizCN registrar in December, but the
nameservers were not changed. The domain was transferred again in
January to another registrar, Key Systems, GmbH. This latency period
avoids immediate detection, and bouncing the domain through a couple
registrars makes the recovery much harder...
Once transferred to Key Systems in late January, the new, fraudulent
registrant listed the domain (along with others), on Afternic (a
domain marketplace). If you had $190,000, you could have bought
. This was quickly de-listed after the The Register made
"I think we were very fortunate here and that many people with a soft
spot in their hearts for Perl did a lot of good work for us," the
article notes. "All sides understood that Perl.com
belonged to Tom and
it was a simple matter of work to resolve it. A relatively unknown
domain name might not fare as well in proving they own it..."
But again, the incident ended happily, foy writes, and "The Perl.com
domain is back in the hands of Tom Christiansen and we're working on
the various security updates so this doesn't happen again. The website
is back to how it was and slightly shinier for the help we received."'
-- source: https://developers.slashdot.org/story/21/03/06/0510239
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 577-5304