[German]Warning to users who are interested in the Perl programming language and have previously accessed the Perl[.]com domain. The domain has been stolen and the IP has been redirected to an address associated with malware campaigns.
The domain perl[.]com belongs to the Perl Foundation and has been used to publish news and articles about the Perl programming language since 1997. Now the domain has been hijacked. On reddit there is this thread where the whole thing is addressed. The domain perl[.]com (without HTTPS) indicates that it is for sale and there would be advertisements. The whois record of January 27, 2021 indicates an unfriendly takeover.
Here's a screenshot of the sales message in question that someone posted on Twitter.
A short time later, the unfriendly takeover of the domain perl[.]com by brian d foy was confirmed on Twitte. It seems to have hit more domains according to a follow up tweet.
The colleagues at Bleeping Computer also point out the issue in this tweet and have summarized the state of affairs in this article.
The log files says, that the domain had been hijacked and the recovery process may be ongoing. Here is the excerpt:
Wednesday, January 27, 2021
The perl.com domain was hijacked this morning, and is currently pointing to a parking site. Work is ongoing to attempt to recover it.
We encourage you NOT to visit the domain, as there are some signals that it may be related to sites that have distributed malware in the past.
Some users may have it selected as their CPAN mirror. To update your mirror in CPAN.pm use o conf urllist http://www.cpan.org/
# perl -MCPAN -eshell
cpan shell — CPAN exploration and modules installation (v2.20)
Enter 'h' for help.
cpan> o conf urllist http://www.cpan.org/
Please use 'o conf commit' to make the config permanent!
cpan> o conf commit
commit: wrote '/root/.cpan/CPAN/MyConfig.pm'
Work is underway to attempt to recover the domain. If you're looking for the content, you can visit perldotcom.perl.org.
Bleeping Computer has collected the information, that the domain has been hijacked and is under the attacker's control. The IP address points to a page that was used for malware campaigns. Anyway, the recovery may take some time. The Perl Foundation has set up a replacement site at perldotcom.perl.org, where content can be retrieved.
Cookies helps to fund this blog: Cookie settings