A few notes, for reference we are a Tucows RSP (reseller something something). 1) Domains go through a two step (fuzzy plus) expiration process, 30 days to be renewed and then 40 days to be 'redeemed' by the owner - then they are supposed to be released to the open market for reuse. The fuzzy is that some registrars either renew themselves for parking pages (those strange search/advertising pages) OR some how they just get stuck -- NetSol being really good at that. At some point after the official expiration date the registrars are allowed to 'park' a domain and get any revenue they can for the advertising on the parking page. So the net-net what you saw was the parking page from eNom and that is why you were able to recover it so quickly -- a lesson to all - check your domain(s) at least monthly and get a registrar or reseller who works for your interest. 2) Tucows is a registrar directly with one level of resllers, sounds like your case has Enom doing 2 level of reselling 3) I know of no connection of eNom and Tucows and couldn't find one on a quick scan of our Tucows dealer information 4) Whois is in fact a 2 step process however any recent whois client actually does a two step look up starting with the TLD whois manager. Also, I looked up your host IP at the TLD name servers so things had been fixed by the time I looked, or had not propagated to reach all name servers - could have been at either end of the problem. You don't usually see the intermediate step unless you can request a verbose lookup, Our first step looks like this ===================================== whois server for *.com is whois.crsnic.net ... connected to whois.crsnic.net [199.7.55.74:43] ... Whois Server Version 2.0 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Domain Name: TNRGLOBAL.COM Registrar: TUCOWS INC. Whois Server: whois.tucows.com Referral URL: http://domainhelp.opensrs.net ======================================= Jim's looks like this: ===================================== whois server for *.com is whois.crsnic.net ... connected to whois.crsnic.net [199.7.52.74:43] ... Whois Server Version 2.0 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Domain Name: NATIONAL-WIRELESS.COM Registrar: ENOM, INC. Whois Server: whois.enom.com Referral URL: http://www.enom.com ========================================= Isn't the internet fun :) Rich ussailis at shaysnet.com wrote: > Here's what happened. > > I was not hijacked, but the URL registeration payment was not credited to > my account. > > Of course the URLs were paid for at least a month before the due date, more > than 2 months before the cutoff date. There are two problems that occurred > because of the way URL registrations are now renewed. > > 1. The actual registertation passes thru several vendors. The guy that does > the service for me is a reseller for another, higher level, registrar, who, > it turn, is also a reseller for a higher level registrar. I believe the > final registrar for my URLs is Enom. Somehow they are related to Tucows. > > They were paid some time ago for 4 URL renewals. They renewed one, > www.rf-wireless.com. The rest fell thru the cracks on their end. > > Now here is the second issue... > > 2. Whois doesn't work they way it did. In the past doing a whois search > brought up all the current data for a URL...any URL, registered thru > anybody. > > Now a whois search must be done at the web site of the final feeder in this > registation chain to bring up current correct data. A gereral whois brings > up data, but not necessarily current data. > > The business that I use to renew URL registration checks every URL they > rebew with a general web whois search. They just discovered this problem, > and now are checking all their clients. > > Enom fixed their mistake. Quickly. I don't know how much business I might > have lost, but I have learned to watch this stuff more carefully. > Fortunatelly my businss is not a many clients, each client providing a > small amount business, but rather it is few clients / year, each > representing a substantial amount of business. So I probably haven't lost > any. > > My thanks to all who responded, esp to the fellow who called. He also > noticed the problem. > > To all those with business URLs, I can say, find out who the top feeder in > this registration business is for your web site, and check the info for > your URL. > > I am looking into a 10 year renewal. By then I'll be so old I won't care > anymore. > > Jim Ussailis > jim at nationalwireless.com > > > > > > Original Message: > ----------------- > From: ussailis at shaysnet.com ussailis at shaysnet.com > Date: Tue, 6 Nov 2007 11:50:20 -0500 > To: hidden-discuss at lists.hidden-tech.net > Subject: [Hidden-tech] Web URL hijack > > Something new to me, and perhaps something for us to watch out for... > > My URL has been hijacked. There is a new site up on it > (www.nationalwireless and www.national-wireless.com). The new site is > strictly advertising. It pretends to be a search engine, but it only > searchs among a limited number of advertisers. > > As I understand it the "pointing" to the URL has been changed. It appears > that www.NuSeek.com is also involved. I have found several other emails > complaining about this. > > For us that are very busy, we should take (find?) the time to check our > websites. I have no idea how long this has been going on, nor how many > clients I may have lost. > > If any are interested, www.rf-wireless.com is a representation of my real > site. The other two 'pointed' to this one. > > Jim Ussailis > ussailis at shaysnet.com > ussailis at verizon.net > > > -- Rich Roth CEO On-the-net Bringing you complex online systems since the net was young http://www.tnrglobal.com - http://www.on-the-net.com/rr/