This had different effect on different registrars. For example french registrar OVH have implemented it a bit too well, resulting in authcodes like “d*zuW.;2t/!>pHbU”, while others have decided that it wasn’t their problem, and just added a prefix to their authcodes. This is the case for example of GoDaddy, whose authcodes are limited in randomness. An authcode will look like: “S1-AF94C9510BA1C”. Yeah right, “S1-” followed by an uppercase hexadecimal string. I’m pretty sure Verisign wasn’t expecting this when they published the new requirement.

Anyway conditions to steal a domain are pretty much complex (you need to have it unlocked, need to know the authcode, and once transfer is started, the current registrant must not ask his registrar to cancel the transfer for 5 days, and even after the domain is transferred, there are ways to get it back – it’s just more expensive). Stealing a domain is a complex operation which will most likely be followed by legal repercussions.

Best thing to do is to check from times to times in a whois that your domain is really showing your name and address. If not, you might need to do something about it before it’s too late. You might want to consider transferring your domain to a company which cares about you (we’ll even fight your old provider if troubles arise, they can refuse transfer only in some specified cases, as long as you are owner of your domain).

http://whois.nf/

The url is simple, there are tons of similar services, but this one should prove to be fast to load and light on any device, thanks to its pre-1980′s design.

PS: If you are a web designer and can do HTML/CSS/JS, contact me, I might have some work for you.

Typical whois reply will look like:

   Server Name: MICROSOFT.COM.ZZZZZZ.MORE.DETAILS.AT.WWW.BEYONDWHOIS.COM
   Server Name: MICROSOFT.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
   Server Name: MICROSOFT.COM.ZZZZZ.DOWNLOAD.MOVIE.ONLINE.ZML2.COM
   Server Name: MICROSOFT.COM.ZZZOMBIED.AND.HACKED.BY.WWW.WEB-HACK.COM
   Server Name: MICROSOFT.COM.ZZZ.IS.0WNED.AND.HAX0RED.BY.SUB7.NET
   Server Name: MICROSOFT.COM.WILL.LIVE.FOREVER.BECOUSE.UNIXSUCKS.COM
   Server Name: MICROSOFT.COM.WILL.BE.SLAPPED.IN.THE.FACE.BY.MY.BLUE.VEINED.SPANNER.NET

Of course it might looks like the whois server was hacked, that’s what people with bad knowledge of internet would think (hint: almost everything is explained in RFCs).

When you perform a whois lookup, the whois server will usually search domains and return you informations about the domain you requested. However on internet you also have Glue Records which are searchable via whois.

When you perform a whois on, let’s say “microsoft.com”, the whois server will search all records that starts with microsoft.com. Now let’s say the owner of spanner.net created a glue record on microsoft.com.will.be.slapped.in.the.face.by.my.blue.veined.spanner.net, it will match.

Now lots of people did that, so whois records are full of glue records starting with microsoft.com. The only way to limit that is to code a limit in ICANN whois server. So it was decided that only 25 expanded or 50 name-only records would be shown. What happens to the real domain name? It’s also listed as one of the records, usually at the end.

So, nothing was hacked, no whois server was harmed, you just got a bunch of people who are exploiting a specific behaviour of the whois system to make their glue records get listed before the real domains. If you want to appear in microsoft.com you can create a glue record which would look like: microsoft.com.zzzzzzzzzz.uh.did.you.wake.me.up.from.my.sleepdeprivation.com.

Have fun posting stuff on your blog, but stop saying whois servers were hacked when they were not. Anyone who owns a domain name can create glue records, no hacking skills are required to achieve this. You are giving too much credit to guys who just pressed a few options in their registrar’s admin panel (and remember that you can be easily tracked back too). That’s far from what I would call “hacking”, and even not at the “script kiddie” level.

Oh and guyz, it’s been like this for a long time (first time I saw that there was only one record, it was in something like 1998. In the following years more and more records were added to finally reach today’s state). Remember to always verify your sources, even when you got breaking news like “microsoft.com was hacked”.

Finally, I find it amusing to see someone with a MacOS X machine called “bofh” and a green terminal (yay! old school) “discovering” a hack and feeling the urge to report it (and show his green terminal to the world, too). Mac OS X is not a hacker OS, and Apple’s whois client sucks – recent whois client add options to either only receive domain responses, or get expanded responses. Please use a real OS (FreeBSD, Linux Gentoo) or make your own.

Some of my favourite records from a LONG time ago:

MICROSOFT.COM.SHOULD.GIVE.UP.BECAUSE.LINUXISGOD.COM
MICROSOFT.COM.SE.FAIT.HAX0RIZER.PAR.TOUT.LE.ZOY.ORG
MICROSOFT.COM.N-AIME.BILL.QUE.QUAND.IL.N-EST.PAS.NU
MICROSOFT.COM.MUST.STOP.TAKEDRUGS.ORG
MICROSOFT.COM.IS.NOTHING.BUT.A.MONSTER.ORG
MICROSOFT.COM.IS.AT.THE.MERCY.OF.DETRIMENT.ORG
MICROSOFT.COM.FAIT.VRAIMENT.DES.LOGICIELS.A.TROIS.FRANCS.DOUZE.ORG
MICROSOFT.COM.WILL.CRASH.IN.6MN.ORG
MICROSOFT.COM.IS.A.STEAMING.HEAP.OF.FUCKING-BULLSHIT.NET