panix.com hijacked

There was a major hijacking of a domain name over the weekend, when the panix.com domain name effectively got hijacked.

Panix is an ISP with over 30,000 customers. So this affected a hell of a lot of people. The domain name was transferred from their registrar Dotster to Melbourne IT with the *new* registrant being a a company in the United Kingdom, and panix.com’s mail redirected to a company in Canada.

This hasn’t been reported much in the media yet. I’m subscibed to the North American Network Operators Group mailing list (lurk only to know what is going on) where there has been around 100 posts on it. Other ISPs have helped out by locally treating any requests for panix.com as being for panix.net which was not hijacked and is accurate. A similar thing happened when a NZ ISP had their domain name disappear for a few hours.

Melbourne IT have now pointed the domain back to the proper registrant and are investigating what happened. They say the request to transfer was done through one of their UK resellers. In theory the current registrant should have been notified of the request to transfer and had five days to turn it down. The results of the investigation will be interesting as the reseller should have required proof of the transfer being authorised, which it wasn’t.

If you have a domain name in one of the generic top level domains, it is worth considering placing it on registrar lock to stop this happening. You don’t need to do this with .nz domain names as we have a UDAI (unique domain authentication identity) password which is needed for any transfers.

There has been some criticism of Verisign as the registry for not reversing the domain name transfer. But for once I will defend them that it is not the registry’s job to unilaterally decide in cases of disputes. The onus is with the two registrars to sort it out in line with the ICANN policy. Melbourne IT has come in for some criticism that they were not easy to contact over the weekend, and the change could not be reversed until Monday by which time a lot of the damage had been done.

Comments (1)

Login to comment or vote