“The perl.com domain was hijacked this morning and is currently pointing to a parking site. Work is ongoing to attempt to recover it.” reads the announcement published on the Perl NOC on 27th January 2021.
The hijack seems to have followed the deeply rooted way of an assailant jumping on a compromised account and swiping the domain instead of a simple expiration. The assailants changed the IP address from 151.101.2.132 to 35.186.238[.]10. After the hackers took control over the site, it was showing a clear page whose HTML contains GoDaddy parked domain scripts.
Posting on Reddit, Brian Foy, editor on the site and writer of a few books on Perl, said: “It looks like there was an account hack. I don’t know how long that would take to rewind. We’re looking for people who have actual experience dealing with that situation so we can dispute the transfer.” Perl.org was unaffected by the swipe.
A look at the domain records shows the contact data is currently “REDACTED FOR PRIVACY”. Gordon Lawrie – self-announced cyberlaw, trademark, and domain nerd – said that before the change Tom Christiansen was listed as the domain administrative contact. While the Perl group still can’t seem to react to the solicitation for a remark, the hijacking of Christiansen’s record appears to be a possibility. The expiry likewise seems to have been extended out to 26 January 2031.
Not long after the hijacking, the domain perl.com turned up as accessible to purchase for $190k on afternic.com, presently recorded as a name server in the domain record at the time of writing. The listing included other expensive domains, including piracy.com for a simple $125k, from client drawmaster. Afternic is an essential part of the GoDaddy association and, not long after when it was approached, the perl.com listing was pulled.