GoDaddy.com, the largest domain name registrar on the Web, has been taken offline, and a self-proclaimed member of the Anonymous hacktivism collective is taking responsibility.

The administrators of GoDaddy confirmed on Monday that they were suffering from technical issues, which the website TechCrunch reports to be impacting a multitude of websites and their affiliated email accounts that are hosted through the service. Although the company has not discussed the specifics yet, a self-described member of Anonymous says that he or she is responsible, a claim that has not been verified yet.

On Twitter, user @AnonymousOwn3r writes, “the attack is not coming from Anonymous coletive [sic] , the attack it’s coming only from me” and that the the action is being carried out “to test how the cyber security is safe and for more reasons that i can not talk now.”

GoDaddy has tweeted, “We’re aware of the trouble people are having with our site. We’re working on it.”

On Friday, it was reported that the White House is preparing to roll out an cyber security Executive Order that will serve as a surrogate until Congress can come to agreement on a bipartisan legislation to protect America’s computer infrastructure.

Earlier this year, GoDaddy announced that they would be supporting the Stop Online Piracy Act, or SOPA, a controversial legislation that if approved would have greatly changed the US government’s ability to monitor the Internet. The company eventually reversed their stance, but not before a massive protest resulted in many of their clients switching to other domain registrars. The boycott reportedly ended with thousands of GoDaddy’s millions of customers, including Wikipedia, cancelling their accounts.

Founded in 1997, Arizona-based GoDaddy.com is used by millions of customers worldwide, including a large number of small businesses. At 4 p.m. EST, GoDaddy tweeted, “Update: Still working on it, but we’re making progress. Some service has already been restored. Stick with us.”

Other social media accounts affiliated with Anonymous have not confirmed the validity of the alleged culprit’s claim and have largely distanced themselves from the hack. GoDaddy’s 24-hour tech support telephone line has also been inaccessible during the duration of the outage.

I just found out from fellow domain blogger Kevin Murphy of DomainIncite that domain registrar Go Daddy has finally posted a workaround to their 60-day lock. Apparently their doing this is a response to the modified ICANN transfer policies taking effect since June 1, 2012.

One of the most common complaints I’ve encountered about domain registrar Go Daddy is their arbitrary 60-day transfer lock. In case you just came in, Go Daddy can prevent your domain name from being transferred to another domain registrar for 60 days if a certain condition is met.

All domain registrars have a rule wherein you can’t move your domain name to another registrar if it’s within its first 60 days of registration or recent transfer-in from elsewhere. Go Daddy is currently the only one who puts in another 60-day transfer lock on top of those.

Initially, Go Daddy’s 60-day transfer lock kicks in if the registrant or administrative contact’s name or contact details is changed. Go Daddy since evolved their 60-day lock to only if the registrant name is changed for whatever reason.

Before I describe the workaround, it might be important to know what ICANN’s recent policy change is, and how this affected Go Daddy.

ICANN mostly made just some language changes in their transfer policy among registrars, but there is one major change relevant to this. Namely:

Upon denying a domain transfer request for any of the following reasons, the Registrar of Record must provide the Registered Name Holder and the potential Gaining Registrar with the reason for denial. The Registrar of Record may deny a domain transfer request only in the following specific instances:

Express objection to the transfer by the authorized Transfer Contact. Objection could take the form of specific request (either by paper or electronic means) by the authorized Transfer Contact to deny a particular transfer request, or a general objection to all transfer requests received by the Registrar, either temporarily or indefinitely. In all cases, the objection must be provided with the express and informed consent of the authorized Transfer Contact on an opt-in basis and upon request by the authorized Transfer Contact, the Registrar must remove the lock or provide a reasonably accessible method for the authorized Transfer Contact to remove the lock within five (5) calendar days.

I bolded the portion starting from “a general objection” to indicate ICANN’s recognizing Go Daddy’s 60-day lock. However, they’re also requiring the registrar to allow the “authorized Transfer Contact” a means to do away with that within five calendar days.

In short, Go Daddy is being allowed to maintain their 60-day thing, yet allow the domain’s registrant or so a way to get around that if ever. The wording can be argued either way, but all this is a means of balancing competing interests.

I bolded the portion starting from “a general objection” to indicate ICANN’s recognizing Go Daddy’s 60-day lock. However, they’re also requiring the domain registrar to allow the “authorized Transfer Contact” a means to do away with that within five calendar days.

In short, Go Daddy is being allowed to maintain their 60-day thing, yet allow the domain’s registrant or so a way to get around that if ever. The wording can be argued either way, but all this is a means of balancing competing interests.

Domain Name Wire also has more from Go Daddy’s director of policy planning James Bladel:

“We understand our 60 day lock has been controversial,” said James Bladel, Director, Policy Planning for Go Daddy. “What is boils down to is, while it’s a very good tool for intercepting and preventing hijacking…we recognize that our efforts to address that problem shouldn’t be a hindrance to legitimate users of domain names that want transfers to be a little more simple.”

Kevin quotes Bladel’s rationale further:

“The bad guys are not going to call and ask us to take a second look at this,” he said. “The bad guys want it to happen under the radar.”

Bladel explains the lock can be lifted after a human review unless they suspect a hijacking is going on. Additionally, the domain name’s WHOIS information is changed to its original state.

I think that second part is going to pose some problems, particularly on ownership changes after a recent sale. Time will tell how this goes, and Go Daddy is surely going to adjust to that if need be.

So step by step, here’s how it goes:

1. If you change your domain name’s registrant name at Go Daddy, it turns on their 60-day transfer lock. They do post notices of this before you make the change, and they do email about it. (unless caught by your spam filter, knock on wood…)

2. You’ll get an email with an email address to contact a team at Go Daddy to appeal the lock.

I’m sure some of you wish it’s a way to call that team directly instead. Would be nice if Go Daddy accomodates that, though I also know they “need” to control that if ever.

I wish they thought of this sooner rather than have to inconvenience a lot of people unnecessarily because of this, though I know some people want this done away instead. Like I said, it’s a matter of balancing competing interests.

In any case, at least there’s now an option to go around their 60-day lock. 

To View Full Article Click Here

Our highly trained, courteous support staff is waiting to take your call. Whatever time it takes to assist you, that’s the time you’ll receive. We’ll resolve any issue to your complete satisfaction.

Call (856) 745-9990 to get started now or click here