Sulit.com.ph redirected to Sedo
Earlier today, a friend texted me asking what happened to Sulit.com.ph, the free classified ads site and forum. The site appears to have expired and has been put on sale at Sedo.
I dig some quick whois query on the domain registration and some more background checks which led me to believe it was a malicious and successful attempt to take over the domain.
The domain is still registered up to July 26, 2010 so this is not a case where the owner just forgot to renew a recently expired domain. Besides, an expired domain will show a generic dotPH landing page for about 30 days after expiration. It should not have pointed to Sedo.
It wasn’t a case of poisoned DNS as well since the whois record showed the nameservers were changed from ns1.sulit.com.ph and ns2.sulit.com.ph to that of Sedo. Since nameservers were self-hosted, a poisoned DNS would still shown a sulit.com.ph NS but a Sedo IP address. This doesn’t seem to be the case.
A cracked/hacked dotPH Domain Manager account by the owner of Sulit.com.ph is the most probable cause. The malicious individual could have gained access to the dotPH account, changed the password and re-pointed the domain to Sedo.
How the intrusion was done is still unknown but it could have been done in several ways.
A brute force attack on the password. It could also have been guessed by the intruder after numerous attempts. It depends how strong the password is.
A bug in the Forgot Password system of dotPH. The login email is readily available/searchable and all that is needed is to correctly answer the Password Question.
Social Engineering. The individual to gained access might have submitted a formal request for change of Primary Email by forging the request form. A notarized form and signature can be forged and the individual might have pretended that he’s the owner of Sulit.
I believe dotPH is also doing their own investigation of the incident. They’ll be the only one that can clarify how it all happened.
Note: This article has been bookmarked by a user. Please visit the source website for the complete article.
You must be logged in to post comments.
