Perl.com Domain Stolen, Now Using IP Address of Past Malware Campaigns

"The domain name perl.com was stolen and now points to an IP address associated with malware campaigns," reports Bleeping Computer: Perl.com is a site owned by Tom Christiansen and has been used since 1997 to post news and articles about the Perl programming language. On January 27th, Perl programming author and Perl.com editor brian d foy tweeted that the perl.com domain was suddenly registered under another person. Intellectual property lawyer John Berryhill later replied to the tweet that the domain was stolen in September 2020 while at Network Solutions, transferred to a registrar in China on Christmas Day, and finally moved to the Key-Systems registrar on January 27th, 2020.

It wasn't until the last transfer that the IP addresses assigned to the domain were changed from 151.101.2.132 to the Google Cloud IP address 35.186.238[.]101...

On the 28th, d foy tweeted that they have set up perl.com temporarily at http://perldotcom.perl.org for users who wish to access the site until the domain is recovered...

d foy has told BleepingComputer that it is not believed that the domain owner's account was hacked and that they are currently working with Network solutions and Key-Systems to resolve the issue. "I do know from direct communication with the Network Solutions and Key Systems that they are working on this and that the perl.com domain is locked. Tom Christiansen, the rightful owner, is going through the recovery process with those registrars."

"Both registrars, along with a few others, reached out to me personally to offer help and guidance. We are confident that we will be able to recover the domain, but I do not have a timetable for that," d foy told BleepingComputer.

The IP address that perl.com is now hosted has a long history of being used in older malware campaigns and more recent ones.
"Anyone using a perl.com host for their CPAN mirror should use www.cpan.org instead," advises an announcement page today at Perl.org, which d foy tweeted "is now going to be the source for the latest http://Perl.com info."

On Thursday d foy tweeted that "There's no news on the recovery progress. Everyone who needs to be talking is talking to each other and it's just a process now."

Rightful owner?

[saloomy]

Did Network Solutions incorrectly permit the transfer out? Pretty big error on their part, considering they transfer thousands of domains every day. Are they sure their bills were paid and their auto-renewals were turned on?

Re:Rightful owner?

[93 Escort Wagon]

I'm betting this boils down to another social engineering attack - someone at Network Solutions fell for a sob story.

If that's the case, I hope that person gets additional training rather than getting fired.

Re:Rightful owner?

[DanDD]

...a rasp file into the asshole...

That adequately describes the experience of coding and maintaining Perl.

Re:

[LifesABeach]

theft.
i always thought that taking property from someone as a criminal offense

Re:

[freeze128]

That adequately describes the process of registering and paying for a domain through Network Solutions.

Re:Rightful owner?

[guruevi]

Or they could teach them regex.

Re: Rightful owner?

[MrNaz]

You monster.

Re:Rightful owner?

[azcoyote]

Hopefully the additional training is performed with a rasp file into the asshole for maximum effect.

I had thought that the parent post sounded awfully merciful for Slashdot, calling for training rather than vengeance. Now this is the Slashdot that I know...

Re:Rightful owner?

[Mr. Barky]

If that's the case, I hope that person gets additional training rather than getting fired.

“Recently, I was asked if I was going to fire an employee who made a mistake that cost the company $600,000. “No”, I replied. “I just spent $600,000 training him – why would I want somebody to hire his experience?” -- Thomas John Watson Sr., IBM

He already got his training :)

Re:

[Antique Geekmeister]

Simple answer: fire the trainers.

I've made mistakes that disabled production systems. They were usually, though not always, mistakes that I'd tried to put in protections for, ranging from syntax checkers for configuration management tools to designing systems with smaller, modular components that could failover more gracefully. My current favorite vulnerability is high-cost, extremely sophisticated high-availability structures that, burdened with multiple other layers of failover, _themselves_ disable criti

Re:

[Darinbob]

If he learned. We have a guy who has screwed up causing all-hands-on-deck customer emergencies, yet he doesn't seem to learn and doesn't apologize or seem remorseful. Probably a third of our technical debt is just from him. And he's still around...

Re:

[RockDoctor]

One infers that the multiple miscreant knows - in a very literal sense - where the bodies are buried.

And I don't mean practical human taphonomy studies [wikipedia.org].

Has anyone compared the blood groups of the CEO and the largest share-holders oldest child?

Re:

[Darinbob]

I have seen a trend with companies that had been start-ups relatively recently. That is, friends hire friends, regardless of competence. And employees who were around in the early days get extreme lenience in what they do or don't do.

Re:

[RockDoctor]

That was old news when Noah subcontracted the ark-building project to family members.

Re:

[Darinbob]

The American Way!

Re:

[RockDoctor]

There are Sicilians who might take exception to that. As well as, obviously, Babylonians, 1 through 4.

Re:Rightful owner?

[gmack]

You make it sound like Network Solutions has never made that sort of mistake before. NetSol is one of the least secure registrars and has a history of transferring domains over the phone or with a fax. The most famous case was of course sex.com where they argued that they had no responsibility to even try to fix the problem. [circleid.com] There are still scattered reports of domains being stolen from them.

Re:

[Antique Geekmeister]

The risk is compounded with poor quality SSL registrars, who will sign .com SSL signatures with little to no verification and help ensure that faked domains are permitted by most web browsers.

Re:Rightful owner?

[hcs_$reboot]

If you look at the whois

Updated Date: 2021-01-27T12:43:15Z
Creation Date: 1994-08-16T04:00:00Z
Registry Expiry Date: 2031-01-26T15:26:42Z

usually domains rental is for N years, so it seems here that perl.com was not renewed before 16 Aug 2020 (or even before). In that case the registrar usually releases the domain. (btw, the new expiration date in 2031, good luck to get it back)

Re:Rightful owner?

[TheNameOfNick]

That's not how that works. You can renew a domain at any time, adding years to its expiration date. If you pay a new registrar for a year, and the registrar pays the registry for a year, that year is added onto the domain lifetime (up to a maximum of 10 years). Archived whois records from 2018 show that back then the domain was set to expire in 2028. The shenanigans started in 2020. It is highly implausible that the domain was lost due to expiration.

Re:

[hcs_$reboot]

You can renew a domain at any time, adding years to its expiration date

Of course. This is exactly what I'm saying. Any year purchased is added to the current life of the domain, i.e. no fraction of a year is added. Since the domain was created on Aug 16, its current expiration date should show 20xx-08-16 if there was no interruption. It does not. Thus it's likely that the domain expired, and was re-rented a few months later. 2028: there are several possible reasons behind 2028 vs 2031, none of them invalidate the expiration theory...

Re:

[TheNameOfNick]

No, there is a maximum of 10 years. At the time the domain was taken over, it already had a remaining lifetime of close to 10 years. The renewed lifetime (9 years and a few months plus another year) after the fraudulent transfer was capped to 10 years from the date of renewal. This domain did not expire.

Re:

[TheNameOfNick]

I didn't get the sequence of events quite right there, but the conclusion remains. This domain did not expire. When the domain was hijacked to the Chinese registrar, its lifetime was extended until 2030-08-15. Only with the second move to the next registrar (on 2020-01-27) and the implied one year extension was the renewal truncated to 2031-01-26.

Re:

[hcs_$reboot]

You could be right actually. ( https://twitter.com/briandfoy_... [twitter.com] ).
NetSol ... why people keep using that registrar / mail / web host is a mystery ...

Re:

[robsku]

Some of us who love camel toes have never even used it that way - I use it for writing regular end-user applications.

Re:

[ShanghaiBill]

Where I work we have legacy Perl scripts that most work but need occasional tweaks.

I am the "Perl guy", so fixing them is usually dumped onto me.

But we never use Perl for new projects.

Re:

[nagora]

Where I work we have legacy Perl scripts that most work but need occasional tweaks.

I am the "Perl guy", so fixing them is usually dumped onto me.

But we never use Perl for new projects.

What do you use instead? We use Perl nearly every day. We don't do "projects" in it, but it's excellent for utility scripts for working with files and weird formatted return values from cloud APIs and stuff like that. And we don't have to worry about stupid whitespace nonsense or new versions of the parser coming out every six weeks. And it runs EVERYWHERE.

Re:Perl's still a thing?

[Ecuador]

How out of touch are you? I don't think cgi-bin has been seriously used by perl devs for 20 years now (since mod_perl became popular at least - mod_perl was then superseded as well). And modern perl is actually a great web language - although like with most languages you can come across the ancient arcane codebase, and you can still create bad code yourself if you are demented (or just not good at all).
In fact, I currently work for a company with a large Perl backend and a while ago management decided to try doing services in a different platform, since our devs wanted to diversify a bit (and attract talent easier), and a C# project we had acquired was in any case not to everyone's taste. I suggested golang, management went with what recruiters etc. suggested instead, so it was node.js. The service was built (decent talent was hired to lead the way - indeed recruitment was not that hard), works fine, but in the process everybody found out how annoying node.js is in comparison to modern Perl. And surprisingly (to some people) quite a bit slower. So nobody wanted to touch it afterwards, preferring to work with modern Perl APIs. When that management & cronies parted for greener pastures (classic, they screwed things up in various ways and cost lots of money and went on to cushy jobs in the private and public sector), we did get to try a golang service next and people involved actually enjoy it. It doesn't yet have the tools "mature" languages have, but they find it clean and very very fast.
For comparison, we also use Python. I maintain some data processing scripts, mainly because of NumPy, otherwise I do definitely prefer Perl, and not just because of the (WTF IMHO) whitespace matters issue.
So, before repeating the old "haha perl" meme, look at what Perl actually is, and also consider that there are people out there actively developing in PHP.

Re:

[drinkypoo]

I wrote my first cgi-bin in the bourne shell, you noobish clod!

I did rewrite it as perl, to be fair. But then I went to a CMS. Which is down right now because I've been too lazy to get to a better webhost.

But I still use perl if I have to mangle a text file, because it's still the best way to do that. I don't play stupid whitespace games, that shit is total mainframe garbage.

Re:

[DrMrLordX]

You can get downvoted even more thoroughly there.

Thanks goodness I run a PI-hole

[ClueHammer]

You should too. You can easily add domains like this to the blocked list and then forget about ever accidentally ending up there.

How do you know it wasn't?

[robsku]

...and this is how people jump to wrong conclusions and start blaming and offending some sorry dude who apparently did nothing wrong (see dissy's reply to same post you replied to). How asinine, just jumping into assumptions all ready and willing to ruin someone without any further proof.

Unless you know something we don't? I don't want to make the same mistake I'm blaming... uh... oh well... but do you?

Re:No it wasn't

[TheNameOfNick]

Expiration is implausible. There is evidence that even in 2018, long before the domain was moved to the Chinese registrar, the domain had already been renewed until 2028.

Re:

[Ultra64]

None of the articles say anything about that. Where did you hear that?

Or did you just make up that lie yourself?

Re:

[rudy_wayne]

None of the articles say anything about that.

Because nobody wants to admit that they fucked up and forgot to renew their domain.

Re:

[Ultra64]

So it's completely made up horseshit, got it.

Re: No it wasn't

[MrNaz]

You're as dumb as a bag of potatoes.

Re:

[johannesg]

A message on Hackernews. Why immediately assume that people lie?

Re:

[radarskiy]

"A message on Hackernews. Why immediately assume that people lie?"
Because it's hackernews? Equal chance of liar or ignoramus.

Here's the thread from John Berryhill showing the changes in the domain registration starting from September, at which point the expiration was in 2029.

https://twitter.com/Berryhillj... [twitter.com]

Re:

[retchdog]

Because it's hackernews? Equal chance of liar or ignoramus.

Good point. On slashdot, it's much more likely to get an ignoramus.

Re:

[dissy]

It lapsed because the owner couldn't be arsed to renew it properly, and now someone else owns it.

Stop being stupid please.
If it expired and someone else grabbed it, then it would show created in 2020 or 2021.

Creation Date: 1994-08-16T04:00:00Z
Registry Expiry Date: 2031-01-26T15:26:42Z

https://www.godaddy.com/whois/results.aspx?checkAvail=1&domain=perl.com [godaddy.com]

Re:

[Anonymous Coward]

the whois creation date shows the date when the domain was first created on the system not the last modified,

https://www.expireddomains.net/faq/#question17101 [expireddomains.net]

Re:

[Anonymous Coward]

If you read up on it you will see that before the ownership change it was expiring in 2029. Nobody forgot anything.

Re:

[Anonymous Coward]

It lapsed because the owner couldn't be arsed to renew it properly, and now someone else owns it.

Stop being stupid please.
If it expired and someone else grabbed it, then it would show created in 2020 or 2021.

That's not how it works. That's how it *SHOULD* work, but I've never seen any registrar do it that way.

The "Created" date is always the date it was *FIRST* created, *NOT* the date is was renewed or transferred or anything else.

Christmas

[eminencja]

The domain will be restored on Christmas, right after perl6 is released.

Re:

[robsku]

...and here I was thinking I've had perl6 installed for some years now...

Re:

[hawk]

nom, that's just the name of the Duke Nuke'em Forever executable . . . :)

Re:

[phantomfive]

If their domain name got stolen, it could happen to yours, too.

Re:

[guacamole]

All twenty nine perl users will be thoroughly confused by this event.

Troll much?

[robsku]

Why do you have to troll around? Of course it's still around, and will be as long as there are us, who like to write applications and scripts with it, around.

Re:

[robsku]

...chances are, if you're a Linux user, your system has at least some perl code installed. Whether it's just some screensavers of xscreensaver or it's derivatives, IRC client plugins or something more critical, I would think that it's still relevant as some use perl.com for CPAN.

And don't just reply with "but I don't have any perl code on my system", because that's actually not that relevant.

Regex has a steep learning curve, much like Linux

[raymorris]

I understand why some people would have a hard time getting started with Perl.

Because Perl is part is part of the ed, sed, grep, awk, Perl lineage, Perl programmers tend to use regular expressions. Because sed, grep, and awk tend to be one-liners, traditionally regex is often written without whitespace and meaningful names. Also regex, like assembly, tends to be very concise with single-character operators rather than long descriptive function names. That makes regular expressions hard to read. I get that.

W

Re:

[dmahurin]

Sorry, perl will not come back.

If I were to pick one thing that sets perl apart (in a bad way), it would be the dollar sign.

If instead of "my $x = 1", it was "my x = 1", then it would be more natural to every other other language user out there.

The dollar sign (and the @) is a shell script legacy and unfortunately always hints that it is not a real language.

Re:

[Anonymous Coward]

Wow, 4 digit id and complaining about Perl sigils, while knowing they were widely used in shell scripting languages before, so it was not considered "weird" to use them. I am not particularly for sigils, but they are just a way of doing things, languages that don't have them replace them with other things which are quite often worse, although you find out about them later, they are not obvious as weird symbols in the code that can "freak out" noobs.
And the GP is correct, Python doesn't have much over Perl a

Re:Regex has a steep learning curve, much like Lin

[raymorris]

> If I were to pick one thing that sets perl apart (in a bad way), it would be the dollar sign.
> If instead of "my $x = 1", it was "my x = 1", then it would be more natural to every other other language user out there.

I can understand where you're coming from.there, some languages don't use sigils or similar. Some do, some don't. To me, it's natural to use:

*name (the string stored at name, in C)
[rbi] (the string stored in rbi, in x64 assembler)
$name (the string stored in name, in Perl)
name^ (the value stored in name, in Pascal)

I guess if you've only ever used Python the idea of distinguishing between a storage space vs what is currently stored there could seem foreign.

  Some use a naming convention like intAge and arrAges to get half the value of sigils, at least distinguishing the type of storage, though only by convention.

Re:

[nagora]

Sorry, perl will not come back.

If I were to pick one thing that sets perl apart (in a bad way), it would be the dollar sign.

An odd choice. I don't see the problem with that.

I would pick the lack of a sane object system. But then, there's not much else in the scripting space that does it better. At best, you have a choice of badly implemented systems by people who should have learnt Smalltalk before trying to design an OOP.

Of course, there is GnuSmalltalk. I've written a few scripts in that and it's actually very nice. And genuinely OO.

Re:

[raymorris]

I probably don't do enough OOP that I care that much about the details, but there is one thing I LOVE about Perl's objects. They are transparent. You can see exactly how objects work. It's like a cut-away engine, showing how engines work internally. That's hidden in most languages; you can't tell what's going on under the hood.

If I was doing a lot of GUI (not web based) or some other programming for which OOP is the natural choice, maybe I'd see something in Perl's default object system that I'd want to

Re:

[kbrannen]

I hadn't thought much about Perl's objects being so transparent as a plus, but I can see that now that you say it. Most people complain about Perl object in being hard to use ... personally I don't find them hard, but the boilerplate in them can be a bit annoying, still they're simple to do.

There's some work being done to put a "new skin" on Perl objects for Perl 7 to make them easier to create and use. I'm interested to see where that goes. From what I've seen it has some interesting parts, but the devil

Re:

[Ed Tice]

Of all the reasons to pick or not pick a language, this would have been *last* on my list. Perl used to be dynamically scoped which made it very hard for those of us used to static-scoping to maintain. My understanding is that Perl can now be statically-scoped if that's what your used to (and I think still dynamically scoped if you prefer?) It has aspects of a functional language which are useful albeit sometimes foreign. So I can see why people don't look at it. But certainly not because I need to use

Re:

[Anonymous Coward]

Much like the learning curve for Linux is steeper than the learning curve for Windows 10, or for Facebook for that matter.

Some time ago I switched my granny's ancient computer from Windows to Mint. The only thing she's ever called me about due to the switch was how to do something in LibreOffice Writer (she used to use MS Word).

What is it you think is so much harder about learning Linux than learning Windows?

Fair point, easy things are easy

[raymorris]

That's a fair point - easy things are easy on both operating systems.

Google?

[msauve]

> the IP addresses assigned to the domain were changed... to the Google Cloud IP address ...The IP address ... has a long history of being used in older malware campaigns and more recent ones.

You'd think Google would have the technology to search for who's been paying them to use that address.

99 problems, I used Perl and ...

[thesjaakspoiler]

https://xkcd.com/1171/ [xkcd.com]

Consider other languages with similar configuratio

[HiThere]

This is why I don't like languages that dynamically update from places out on the web. I want each update of libraries to be intentional. And I'm looking at things like Rust and go when I say that. (Yes, they've got ways around the auto-update. So does Perl. And I didn't mention Javascript, because it's got worse problems.)

Re:

[HiThere]

It's my understanding that when you run a script that invokes CPAN, it downloads the routines. Just like Javascript does. With Rust and go it only happens at compile time, which is a lot safer, but still bothers me. And all of them allow you to have local repositories rather than use the web version...but "using the most updated version" is really pushed.

Re:

[Ed Tice]

Using the most updated version is pushed because backporting security updates is expensive and boring and no open source projects want to do it. So your choice is use the latest version of use a version with known vulnerabilities. As far as I know, the downloads happen at compile time or packaging time for non-compiled languages. You can't download at runtime as their may have been breaking changes. And the package managers are there to solve a problem whereby people used to download a version and merge

Re:

[drinkypoo]

It's my understanding that when you run a script that invokes CPAN, it downloads the routines.

It depends on what you're doing with CPAN. Presumably you mean it invokes CPAN to do an install. When you do an install, yes, it downloads any sources it needs and compiles and/or installs them. The sources are retrieved from third party servers and verified with signatures from the CPAN repo.

I am tempted to presume that the CPAN repo is also identified by signature, but I don't actually know/remember.

I preferred public key registrar interaction

[Greeneland]

Registering a public key and having to sign all your registration requests with that seemed like a much more secure way than what is done now. Not only that but it seemed easier to me. I miss it.

Larry Wall was right...

[Anonymous Coward]

There is more than one way to do it...

using Perl was bad enough

[DulcetTone]

but now this