Name.com Injected?

[sura]

Today I opened Name.com and written :
"Name.com is currently experiencing connectivity issues with various registries. We apologize for any inconvenience this may cause. We are working to resolve the issue as quickly as possible. Please try again later or contact us at [email protected]. "

I'm afraid Name.com was injected by trojan/virus, yesterday I git this report on my Norton AntiVirus

Attempted Intrusion "HTTP XMLHTTP SetRequestHeader Exec" against your machine was detected and blocked.
Intruder: www.name.com(4.79.81.165)(http(80)).
Risk Level: High.
Protocol: TCP.
Attacked IP: MANIK(XXX.XXX.XXX.XX).
Attacked Port: 4293.

Be careful

 

[kellie]

Ross, thank you for the link. Our team had already found that and have determine it's not quite the same problem.

I'm still looking for anyone experiencing this problem to chat with our tech team. Anyone?

 

[oborseth]

Hello. I'm working on this issue for Name.com. We cannot reproduce it using "Norton Internet Security 2009" which should detect any malicious use of SetRequestHeader. We don't use this javascript function at all on the site so it's a mystery. So, any help with additional information would be greatly appreciated.

1) What product and version of Norton are you using?

2) What page were you trying to access when you got this message?

3) Did you go to name.com by entering the URL into your browser's address bar or did you get there through a link or bookmark? If a link or bookmark, what is the URL that was linked to or bookmarked?

4) If you unblock the site in Norton, do you continue to get this message?

5) Do you get this message while browsing other sites?

6) If you are using Firefox, allow the page to load and view the source to see if the SetRequestHeader javascript function can be found. If so, I'd love to see the source.

The SetRequestHeader exploit only affects Microsoft IE users but Norton catches it before getting to the client's browser so users of all browsers will see it.

At this point, I believe the issue is either that users getting this message are already affected with a trojan or virus that is calling the SetRequestHeader function while browsing the web OR there is some sort of cross site scripting exploit going on that is passing javascript to the browser via a link to name.com that then calls the SetRequestHeader function. I'm not 100% sure yet though.

Thanks,
Owen Borseth

 

[mwzd]

This is still occurring for me.

Any resolution would be appreciated.

Else I'll just have to move my names out.

 

[chandan]

i didn't get any such warnings but yesterday i faced some php problem

i saw it displays some error message ( some one edited their header file and it
was not allowing to login )

 

[Dean]

On a positive note, I like the new design

 

[mwzd]

Ok, I can access the page now. Don't know what you changed but it seems to have worked :tu:

Good going and great response, cheers!

And the new design is real nice too

 

[chandan]

yeah actually its simple and fast design when compare to other graphics :tu:

but still they have lot of bugs in their ajax style

 

[yilduz]

I never experienced any of those problems, but I don't use Norton. I stopped when it once thought itself was a virus.
Needless to say, I don't believe in Norton.

I do like Name.com's new style, though. I also like the registrar itself. I've used about five others but Name.com is my favorite.

 

[oborseth]

but still they have lot of bugs in their ajax style

If you could let us know what bugs you are seeing we would love to get those fixed for you.

 

[chandan]

seems fixed

probably some session issues while checkout

 

[Dean]

Name.com does seem to always have bugs with the interface but I am sure with all the changing which is happening constantly they get fixed. Only one I have experienced recently is bulk URL forwarding wasn't working properly, not sure if that has been fixed by now.

 

[oborseth]

Thanks chandan. Ah yes, that bug. That was up for about 10 minutes due to some new content management stuff that we rolled out. I actually created that bug so I'm honored to have it immortalized in this thread!!

Name.com does seem to always have bugs with the interface but I am sure with all the changing which is happening constantly they get fixed. Only one I have experienced recently is bulk URL forwarding wasn't working properly, not sure if that has been fixed by now.

We are making a lot of changes with the interface as well as with the back end of things. It's usually the interface changes that have issues due to javascript / css compatibility across browsers, etc. Hopefully, once these issues get resolved, its a better experience for you all.

I believe the bulk URL forwarding issue has been resolved, if it is the same one I am thinking of, but let us know if it is not.

 

[chandan]

Thanks chandan. Ah yes, that bug. That was up for about 10 minutes due to some new content management stuff that we rolled out. I actually created that bug so I'm honored to have it immortalized in this thread!!



We are making a lot of changes with the interface as well as with the back end of things. It's usually the interface changes that have issues due to javascript / css compatibility across browsers, etc. Hopefully, once these issues get resolved, its a better experience for you all.

I believe the bulk URL forwarding issue has been resolved, if it is the same one I am thinking of, but let us know if it is not.

btw is it possible to let me know how you people process when 3 domains ordered in checkout

one be one or all in one array ? seems it freezes some time when more number of domains in cart

 

[ahmedSingapore]

I lost few months ago of 8 domain names including two premium domain. They says that my information are incorrect and it is abuse or something like that.. dont remember now.. after from then I forgot about name.com. now I am only with godaddy.

 

[chandan]

I lost few months ago of 8 domain names including two premium domain. They says that my information are incorrect and it is abuse or something like that.. dont remember now.. after from then I forgot about name.com. now I am only with godaddy.

which domains you lost :] ?

 

[theuniverse]

I have no problems

 

[krx]

I lost few months ago of 8 domain names including two premium domain. They says that my information are incorrect and it is abuse or something like that.. dont remember now.. after from then I forgot about name.com. now I am only with godaddy.

I have a few hundred domains at name.com and would like to see this issue addressed. Are domains being deleted without warning for incorrect contact data?

On a sidenote, how do you manage to get 3 bars of rep with just 13 posts (as of this post)? Impressive.

 

[Dean]

I have a few hundred domains at name.com and would like to see this issue addressed. Are domains being deleted without warning for incorrect contact data?

I am the same, really would like to hear from a name.com representative if this is the case, surely they should give some warning at least like most registrars do and how do they investigate if the details are incorrect?