Who has Ownership Anyway?
This Sunday morning a call comes in at 8:30am telling us that the local swim clubs domain doesn’t appear to be working. If that is true then it could not come at a worse time. The club was awarded the Speedo 2011 Senior Provinicials Swim Meet and coaches, officials and parents are using the site for information. Not to mention email is bouncing. I bring up the website and sure enough. The www.marlin.ab.ca website has been hijacked!
A quick look finds the following. Notice lines 6,24, and 32. The domain registrar has stolen the domain and replaced the name servers with their own. Effectively breaking the website and all email during the most critical week. This is a major fundraiser for the local swim club and the most visible time of the year with other swim clubs and Swim Alberta.
This is puzzling because it certainly looks like the domain has not expired. It appears to be paid up through 2012 and it apparently has an automatic renew process in place so the domain doesn’t expire. I located the registrar from line 10 and find this page.
A quick call yields the same information. They have no office hours on weekends. Why would any company make changes on the weekends if they do not intend to have support people on call to repair this when the customer calls. An extra check of the ISP who is managing the marlin.ab.ca domain for the swimming club also finds they do not work on weekends and has no emergency support numbers. This is a perfect example of why you need to be extra careful about who you choose to manage your domain and which registrar you pick.
How the technical support company managed to allow this to happen in this day and age is remarkable in its own right given the checks and balances in place to prevent these problems. Kind of a deja vu feeling that I have somehow been transported back to 1998. I am certain that the customer is not feeling happy about saving $1-$2 by purchasing their domain from Domains at Cost (which isn’t at cost – Hint $8.50+GST). Certainly, Shockware and the Alberta Marlins have a valid argument to make with the Canadian Internet Registration Authority should they wish to complain.
At this point, we don’t know exactly how it happened. My best guess is that Shockware failed to pay the domain fee (see line 5 which says it came up for renew on Nov 23) and only after receiving the expired domain email did they pay for the renewel. At that point, they most likely also clicked the automatic renew option so this can not happen again. The customer was never notified nor has any control of their own domain from the registrar so it appears that Shockware is using one account with Domains at Cost to support the marlin.ab.ca domain. Given that the local swim club has automatic withdraws from their bank account by Shockware, it makes you wonder even more. Domains at Cost applied the money and updated the whois record but failed to return the name servers back is a plausible explanation. Murphy’s Law was certainly applied here.
It could have happened on November 23, 2010 but waited until this week. Do not ever choose a registrar or an ISP to manage anything of yours that does not have support staff on weekends. That is the real lesson to be learned.
Made a call to the registrar at 5:30am and found out the following. They are using the expiration field in the whois record for themself. It was explained to me as follows – CIRA does an auto renew but the registrar had not been paid by its customer which is Shockware. I was able to verify that the account holder was Shockware and that Domains at Cost, Inc only sends out email invoices to their account holder. They do not send a paper invoice to the registrant, nor do they send email to any other contacts. The only invoice was sent by email to Shockware. The invoice was due in November and we received a 60 day grace period where they attempted to notify Shockware about the expired domain. They explained to me that anyone could use their quick pay to pay the $13.60 even without an account. Note: this pay option works 24 hours a day and on weekends. After I paid, I noticed it took approximately 30 mins before I saw the updated whois database and about 2 hours before I saw the root servers get updated. The Canadian root servers were done almost immediately. Here is a screen shot showing the state approximately 3 hours later. We still have local caches to clear before the domain is back to normal but at least the Root name servers are updated. We are still waiting on the first call or email from Shockware about this. I’ll update this when we have first contact. 🙂
We have contact 36 hours later from Domains at Cost, Inc. It was faster to call them and pay then to wait for the email that was sent 12 hours earlier. If you factor in the original email and the response it took 48 hours for this email reply. Unfortunately while the advice is sound, their customer is Shockware who controls the account and email addresses for billing notices and the registrant who is the paying customer is now in conflict with them as a result. I find it interesting that they don’t appear to be using the whois data for anything now. I thought ICANN had mandated to the registrars that they need to keep this accurate. Must be mistaken… I suspect the only solution is to transfer the domain to another account with them or another registrar. Here is their message.
Date: Tue, 25 Jan 2011 12:26:14 +0000 (GMT) From: "DomainsAtCost.ca Support Email" <firstname.lastname@example.org> Sender: email@example.com Message-ID: <33446911.37567.1295958374660.JavaMail.firstname.lastname@example.org> Subject: RE: marlin.ab.ca name server delegation changed for paid in full customer [ ref:00DAapxS.500A6CGGd:ref ] Hello Thank you for contacting Customer Service. The domain marlin.ab.ca expired on Jan 22nd which is why the site went offline. Since then the domain was renewed on the 24th so the site is active again. When there is a change to the status or DNS for a domain it can take upwards of 24 - 48 hours to fully propagate which is why the site was expired on the 22nd but you might not have noticed it wasn't active until later and also why once renewed it took time time to start functioning again. Your site is now up and running normally and registered until Jan 22nd, 2012. I would strongly suggest updating the contact email on file (currently email@example.com) so that in the future you will get the notices we send out in the weeks before the domain expires advising you to renew or the site will go offline. Thank you, Kyle Rocheleau DomainsatCost.ca Support Team
Found out that the local swim club was paying Shockware $10/month to manage this domain. Hosting and email is provided by a separate company. Still no return call or email from Shockware as of 4:00pm MST 4 days later. They have been clients for about 10 years of Shockware. They are not going to call or answer the various voices messages or emails I think.