Wednesday, January 27, 2021

perl.com hijacked

 The perl.com domain was hijacked this morning, and is currently pointing to a parking site.  Work is ongoing to attempt to recover it.

 We encourage you NOT to visit the domain, as there are some signals that it may be related to sites that have distributed malware in the past.

  Some users may have it selected as their CPAN mirror.  To update your mirror in CPAN.pm use o conf urllist http://www.cpan.org/

# perl -MCPAN -eshell
cpan shell -- CPAN exploration and modules installation (v2.20)
Enter 'h' for help.

cpan[1]> o conf urllist http://www.cpan.org/
Please use 'o conf commit' to make the config permanent!
cpan[2]> o conf commit
commit: wrote '/root/.cpan/CPAN/MyConfig.pm'

Update 2021-01-28:

Work is underway to attempt to recover the domain.  If you're looking for the content, you can visit perldotcom.perl.org.

Update 2021-01-30:

Network Solutions is working with Tom Christiansen, the rightful registrant, on the recovery of the Perl.com domain. There is no estimated timeline for its recovery but the process is underway. The Perl.com site is temporarily at perldotcom.perl.org. Anyone using a perl.com host for their CPAN mirror should use www.cpan.org instead. Please direct all inquiries to brian d foy (brian.d.foy@gmail.com).

Update 2021-02-01:

We have contacted Network Solutions and verified that cpan.org is in the right hands and secured.

Update 2021-02-02:

Verisign has restored the proper nameservers (*.bitnames.com) for perl.com. You should see addresses in 151.101/16. If you still see something different, please leave a comment in GitHub issue #313. Some providers or services may have sinkholed or blocked Perl.com; if you are still seeing that, please let us know.

Update 2021-02-05:
Network Solutions has recovered the domain and your whois output should reflect that. If you notice that your firewalls or other security layers still mark perl.com as compromised, please leave us a note at https://github.com/tpf/perldotcom/issues/313.