Sulit.com.ph redirected to Sedo

Written by Abe OlandresPublished • November 7, 2008

Earlier today, a friend texted me asking what happened to Sulit.com.ph, the free classified ads site and forum. The site appears to have expired and has been put on sale at Sedo.

I did a quick whois query on the domain registration and some more background checks which led me to believe it was a malicious and successful attempt to take over the domain.

The domain is still registered up to July 26, 2010 so this is not a case where the owner just forgot to renew a recently expired domain. Besides, an expired domain will show a generic dotPH landing page for about 30 days after expiration. It should not have pointed to Sedo.
It wasn’t a case of poisoned DNS as well since the whois record showed the nameservers were changed from ns1.sulit.com.ph and ns2.sulit.com.ph to that of Sedo. Since nameservers were self-hosted, a poisoned DNS would still show a sulit.com.ph NS with a Sedo IP address. This doesn’t seem to be the case.
A cracked/hacked dotPH Domain Manager account by the owner of Sulit.com.ph is the most probable cause. The malicious individual could have gained access to the dotPH account, changed the password and re-pointed the domain to Sedo.

Sedo has nothing to do with this. They are just a domain parking and marketplace service. People use Sedo to generate revenue from traffic of unused domains or as a marketplace to sell some high-profile domains.

How the intrusion was done is still unknown but it could have been one of several ways.

A brute force attack on the password. It could also have been guessed by the intruder after numerous attempts. It depends how strong the password is.
A bug in the Forgot Password system of dotPH. The login email is readily available/searchable and all that is needed is to correctly answer the Password Question.
Social Engineering. The individual, to gain access, might have submitted a formal request for change of Primary Email by forging the request form. A notarized form and signature can be forged and the individual might have pretended that he’s the owner of Sulit.

I believe dotPH is also doing their own investigation of the incident. They’ll be the only one that can clarify how it all happened. There’s a similar case last week that happened to MakeUseof.com.

Article Under:sulit.com.ph

Abe Olandres

Abe is the founder and Editor-in-Chief of YugaTech with over 20 years of experience in the technology industry. He is one of the pioneers of blogging in the country and considered by many as the Father of Tech Blogging in the Philippines. He is also a technology consultant, a tech columnist with several national publications, resource speaker and mentor/advisor to several start-up companies.

Twitter | Facebook | YouTube | Instagram

27 Responses

Comments7

Non woven bag machine says:

September 24, 2011 at 6:47 pm

You have composed an extremely good article!

Reply
Paper cup machines says:

April 22, 2011 at 2:28 pm

find out the person..

Reply
condominium in makati says:

June 13, 2010 at 11:01 am

Well, the post is actually the freshest on this laudable topic. I concur with your conclusions and will thirstily look forward to your future updates.

Reply
Buy and Sell phil says:

June 8, 2010 at 11:53 am

Damn those hackers!

Reply
Ade says:

March 2, 2009 at 5:33 pm

Here’s an update: http://dotph.domains.ph/hacking-dotph

Reply
reymar says:

February 25, 2009 at 3:35 pm

APPLY NOW SMART PLAN 300 AND 500 TO APLLY TEXT @ 090857***** LOOK FOR REYMAR / WITH FREE PHONE..

Reply
charles palma says:

December 21, 2008 at 12:52 am

Goodluck to sulit.com.ph in the marketplace. It is a good service and hopefully they should expand to other countries.

Reply