Name.com Injected?

[sura]

Today I opened Name.com and written :
"Name.com is currently experiencing connectivity issues with various registries. We apologize for any inconvenience this may cause. We are working to resolve the issue as quickly as possible. Please try again later or contact us at [email protected]. "

I'm afraid Name.com was injected by trojan/virus, yesterday I git this report on my Norton AntiVirus

Attempted Intrusion "HTTP XMLHTTP SetRequestHeader Exec" against your machine was detected and blocked.
Intruder: www.name.com(4.79.81.165)(http(80)).
Risk Level: High.
Protocol: TCP.
Attacked IP: MANIK(XXX.XXX.XXX.XX).
Attacked Port: 4293.

Be careful

 

[Dean]

Every day name.com worries me more. They seem to be going down constantly or being slow. Their interface is full of bugs. Recently I also read someone on here who said they took all his domains because they thought he had incorrect contact info. I am really worried as I have about 70 domains there.

 

[sura]

Name.com took domains because of incorrect contact info?? WTF

 

[Dean]

see this http://www.namepros.com/3078815-post.html

 

[mwzd]

I got this today -

Details: Attempted Intrusion "HTTP XMLHTTP SetRequestHeader Exec" against your machine was detected and blocked.
Intruder: www.name.com(4.79.81.165)(http(80)).
Risk Level: High.
Protocol: TCP.
Attacked IP: localhost.
Attacked Port: 2454.

Getting to be a big headache now.

 

[bbalegere]

Will this affected Linux users?

 

[Peter]

Name.com took domains because of incorrect contact info?? WTF

They are following ICANN rules in this instance. The person who registered a domain is responsible for and obliged too keeping the whois info updated.

 

[Dean]

They are following ICANN rules in this instance. The person who registered a domain is responsible for and obliged too keeping the whois info updated.

Other registrars usually give the registrant warning and then if they dont update contact details they will suspend the domains. When contacts are updated the domain is usually unsuspended. If name.com just delete a domain when they suspect incorrect contact details then this is very concerning.

 

[Dreads]

Name.com is doing its job for the domain taking and checkig

yet the virus, hmm thats something serious 0o

 

[Peter]

Other registrars usually give the registrant warning and then if they dont update contact details they will suspend the domains.

Correction many registrars don't bother checking properly or acting when they find out.

 

[Hive]

oh noes :O ahhhhhhhhhhhhhhhh! name.com why??

damn.. hope this thing gets solved sooon. i have few names there.



Peter

 

[kellie]

If any of you are currently getting this can you please PM me with your setup?

What OS, browser and which, if any anti-virus software you run. Versions of all of this information would be very helpful as we troubleshoot.

We believe folks running Windows, IE and Norton are the only people running into this problem and that it's not actually a virus/trojan, but are continuing to look into it.

Thank you.

 

[mwzd]

Attempted Intrusion "HTTP XMLHTTP SetRequestHeader Exec" against your machine was detected and blocked.
Intruder: www.name.com(4.79.81.165)(http(80)).
Risk Level: High.
Protocol: TCP.
Attacked IP: localhost.
Attacked Port: 4688.

Intrusion detected and blocked.
All communication with www.name.com(4.79.81.165) will be blocked for 30 minutes. - This was 3 minutes back.

I'm using win xp sp3, norton internet security, firefox3.

 

[kellie]

Attempted Intrusion "HTTP XMLHTTP SetRequestHeader Exec" against your machine was detected and blocked.
Intruder: www.name.com(4.79.81.165)(http(80)).
Risk Level: High.
Protocol: TCP.
Attacked IP: localhost.
Attacked Port: 4688.

Intrusion detected and blocked.
All communication with www.name.com(4.79.81.165) will be blocked for 30 minutes. - This was 3 minutes back.

I'm using win xp sp3, norton internet security, firefox3.

Thanks mwzd - if you have a moment can you tell me which version of Norton - 2009?

 

[SupraTT]

Hi All,

Seems like name.com still has not fixed this issue...my Norton Internet Security is seeing name.com as a threat.

SupraTT

 

[kellie]

Supra - if you'd be kind enough to send me the information as requested above, it would be greatly appreciated.

We've been unable to reproduce it.

Those of you receiving this result - do you know if your antivirus definitions are up to date?

Hi All,

Seems like name.com still has not fixed this issue...my Norton Internet Security is seeing name.com as a threat.

SupraTT

 

[gemstar]

I have no problems

 

[mwzd]

My virus definitions were updated yesterday. Today I get the same problem.

This is an unresolved issue for me at least.

When you say you are not able to duplicate the issue you're saying it does not exist?

 

[kellie]

My virus definitions were updated yesterday. Today I get the same problem.

This is an unresolved issue for me at least.

When you say you are not able to duplicate the issue you're saying it does not exist?

We've heard from enough people that it exists, but we have not been able to re-create it. We've gone so far as to set up two different machines mimicking the PC set up that you and another customer has reported to us.

 

[Ross]

Check this out Kellie:

http://www.magicdeckvortex.com/vbforums/showpost.php?p=178554&postcount=20

They had the same problem, read the whole thread to see if this is similar or you can get any info. Looks like its a server problem and they just bought a new server and there have been no problems.