redirected to Sedo redirected to Sedo

Earlier today, a friend texted me asking what happened to, the free classified ads site and forum. The site appears to have expired and has been put on sale at Sedo.

I did a quick whois query on the domain registration and some more background checks which led me to believe it was a malicious and successful attempt to take over the domain.


  • The domain is still registered up to July 26, 2010 so this is not a case where the owner just forgot to renew a recently expired domain. Besides, an expired domain will show a generic dotPH landing page for about 30 days after expiration. It should not have pointed to Sedo.
  • It wasn’t a case of poisoned DNS as well since the whois record showed the nameservers were changed from and to that of Sedo. Since nameservers were self-hosted, a poisoned DNS would still show a NS with a Sedo IP address. This doesn’t seem to be the case.
  • A cracked/hacked dotPH Domain Manager account by the owner of is the most probable cause. The malicious individual could have gained access to the dotPH account, changed the password and re-pointed the domain to Sedo.

Sedo has nothing to do with this. They are just a domain parking and marketplace service. People use Sedo to generate revenue from traffic of unused domains or as a marketplace to sell some high-profile domains.

How the intrusion was done is still unknown but it could have been one of several ways.

  • A brute force attack on the password. It could also have been guessed by the intruder after numerous attempts. It depends how strong the password is.
  • A bug in the Forgot Password system of dotPH. The login email is readily available/searchable and all that is needed is to correctly answer the Password Question.
  • Social Engineering. The individual, to gain access, might have submitted a formal request for change of Primary Email by forging the request form. A notarized form and signature can be forged and the individual might have pretended that he’s the owner of Sulit.

I believe dotPH is also doing their own investigation of the incident. They’ll be the only one that can clarify how it all happened. There’s a similar case last week that happened to

Abe is the founder and Editor-in-Chief of YugaTech. You Can follow him on Twitter @abeolandres.

You may also like...

27 Responses

  1. Maybe the owner just gave up on the Philippine online bargains market.

    All things considered, I wouldn’t blame him.

  2. RJ says:

    Here is our official announcement that is being updated as we get additional information:

    For those being redirected to sedo, please use this:

    @Sir Mike
    There are too much opportunities in the online bargains market (or classifieds in general) just to give up.

    @Sir Abe
    Thanks for the great analysis of the different possibilities. I hope will be able to clear this issue. I’ll be surprised if they can do it before Monday next week.

  3. Patrick says:

    Works fine to me now.

    A link to the said site in the article would have been nice. Interesting analysis though. :)

  4. Patrick says:

    My previous comment got caught by Akismet because I linked to the website in question?

    But anyway.. the site works fine to me now.

    A link to the said site in the article would have been nice. Interesting analysis though. :)

  5. yuga says:

    @RJ – let us know of any new developments.

    @Patrick – it’s not resolving from my end so I didn’t want to send any more traffic and link to the Sedo page.

  6. Andre Marcelo-Tanner says:

    want to find out who it is, find out who added it to their sedo account
    they know who added it.

  7. The culprit is Bayantel subscriber, so it could not be me. I use Globelines. :D

  8. Naya Nalasin says:

    Wow, great analytic article. It considered several possibilities. And you were right on the domain hacking, as discovered later by Sulit admin.

  9. Jaypee says:

    When I read the first part of the article I immediately thought about what happened to, didn’t know you’d also mention it at the bottom of the post.

    Anyways, this is a good reminder to all blog/domain owners to be vigilant and make sure that you keep your passwords strong and safe.

    Good thing is back online and to its rightful owner.

  10. charles says:

    Losing a website in a blink of an eye is a very big loss to the owner of that said website. I am currently backing up my accounts to prevent a total loss.

  11. Victor says:

    I thought, I lost my account at only site that appear is always yesterday.Its a good news that are back and we can still use free and popular site like this.

  12. Congratulations on getting it back up, RJ. Grab those opportunities! :)

  13. Just a week ago or so, I found that had a whole bunch of content from my websites copied on their site, both images and even full articles that I had written. No permission was given, or even asked for. I went to their site and found that I could not even contact them or make an inquiry unless I registered as a user, which I had no interest in.

    The owners of should take enough responsibility to protect others on the net from piracy.

  14. RJ says:

    I did contact Sedo earlier yesterday and they immediately informed me that there was no particular account related to the incident. The representative from told me that they would also try to contact Sedo regarding this.

    As of now, the domain has not yet propagated 100% since I am still receiving e-mails from members who cannot access the website (the new canned response feature of GMail proves to be very helpful in this case). But the traffic is already higher than a regular Saturday most probably because those who should have accessed Yesterday can only access today.

    Still no official announcement coming from (weekends).

    @ Sir Bob
    Please click Help Center at the menu. The Help Center does not require registration for anyone to submit a support ticket. Please include all the necessary links to your website and links of the ads in question or advertisement IDs.

    We regularly deal and remove infringing ads from our system when reported to us and when we have enough evidence that it is indeed an infringement.

  15. That was scary. It pays to check your account on your web hosting more often and change your password to a stronger one. I’m kind a lazy changing password but I think changing it every two or three months will prevent hackers from stealing your domain.

    On where I hosted my sites, there are nice features like locking your domain name and having a domain secret code(similar to a password) before you can transfer your domain to other web host.

  16. Sorry, let me correct the last sentence. I mean “before you can transfer your domain to other registrar” not “webhost”.

  17. Andre Marcelo-Tanner says:

    dotPH has pretty good domain security like requiring notarized forms for transfering domain ownership. But it seems the hack was an exploit in their system allowing someone else to gain access to other domains and change the nameservers, dotPH should review their security. A neat feature would be to send an email when any change is made to any domain owned.

  18. Alex says:

    geez this sucks. if this was indeed done by purposefully “hacking” the domain, then the one concerned should be treated very seriously.

    but i’m glad is now back online. :)


  19. snow says:

    good thing that the sulit owners have fixed it. geez, the main culprit if identified, should be sued and/or punished as this kind of issue is a delicate manner. :(

    sulit owners must also take good care of the security since from the looks of it, there seems to be some sort of attack to their website.

  20. thanks for fixing up. I’m scared because I have an account there.

  21. Goodluck to in the marketplace. It is a good service and hopefully they should expand to other countries.

  22. reymar says:


  23. Well, the post is actually the freshest on this laudable topic. I concur with your conclusions and will thirstily look forward to your future updates.

  24. You have composed an extremely good article!

Leave a Reply

Your email address will not be published. Required fields are marked *