Sulit.com.ph redirected to Sedo
Earlier today, a friend texted me asking what happened to Sulit.com.ph, the free classified ads site and forum. The site appears to have expired and has been put on sale at Sedo.
I did a quick whois query on the domain registration and some more background checks which led me to believe it was a malicious and successful attempt to take over the domain.
- The domain is still registered up to July 26, 2010 so this is not a case where the owner just forgot to renew a recently expired domain. Besides, an expired domain will show a generic dotPH landing page for about 30 days after expiration. It should not have pointed to Sedo.
- It wasn’t a case of poisoned DNS as well since the whois record showed the nameservers were changed from ns1.sulit.com.ph and ns2.sulit.com.ph to that of Sedo. Since nameservers were self-hosted, a poisoned DNS would still show a sulit.com.ph NS with a Sedo IP address. This doesn’t seem to be the case.
- A cracked/hacked dotPH Domain Manager account by the owner of Sulit.com.ph is the most probable cause. The malicious individual could have gained access to the dotPH account, changed the password and re-pointed the domain to Sedo.
Sedo has nothing to do with this. They are just a domain parking and marketplace service. People use Sedo to generate revenue from traffic of unused domains or as a marketplace to sell some high-profile domains.
How the intrusion was done is still unknown but it could have been one of several ways.
- A brute force attack on the password. It could also have been guessed by the intruder after numerous attempts. It depends how strong the password is.
- A bug in the Forgot Password system of dotPH. The login email is readily available/searchable and all that is needed is to correctly answer the Password Question.
- Social Engineering. The individual, to gain access, might have submitted a formal request for change of Primary Email by forging the request form. A notarized form and signature can be forged and the individual might have pretended that he’s the owner of Sulit.
I believe dotPH is also doing their own investigation of the incident. They’ll be the only one that can clarify how it all happened. There’s a similar case last week that happened to MakeUseof.com.