Brian d foy, founder of the Perl Mongers organization, has published a detailed analysis of an incident in which the perl.com domain was taken over by unauthorized persons. The domain capture did not affect the server infrastructure of the project and was carried out at the level of changing the owner and replacing the DNS server settings at the registrar. It is alleged that the computers responsible for the domain were also not compromised and the attackers used social engineering methods to mislead the Network Solutions registrar and change the owner data, using fake documents to confirm ownership of the domain.
Disabling two-factor authentication in the registrar's interface and using a contact email pointing to the same domain are also mentioned among the factors that contributed to the attack. The domain was seized back in September 2020, in December the domain was transferred to the Chinese registrar BizCN, and in January, to obfuscate the traces, it was transferred to the German registrar Key-Systems GmbH.
Until December, the domain remained with Network Solutions in accordance with ICANN's requirements prohibiting the transfer of the domain to another registrar within 60 days after the change of contact information. If information about the domain capture were disclosed before December, the process of returning the domain would be significantly simplified, so the attackers did not change DNS servers for a long time and the domain continued to work without arousing suspicion, which prevented the timely detection of the attack. The problem surfaced only at the end of January, when the scammers redirected traffic to their server and tried to sell the domain on the Afternic website for $190.
Of the events related to the Perl language, one can also note the refusal of the archive of CPAN modules from using mirrors in favor of using a content delivery network that relieves the load from the main server. In June, it is planned to completely clear the list of mirrors, in which only one entry will remain - www.cpan.org. The ability to manually configure the CPAN client to work through an explicitly specified mirror will remain.
Source: opennet.ru