Jotform is an online form creation service that can be used by free and paying customers to create online forms in an easy to use what you see is what you get interface. A short blog post by Jotform co-founder Aytekin Tank today revealead that an unnamed US government agency has "temporarily suspended" the jotform.com domain. The announcement itself was posted on the company's jotform.net domain.
Tank did not go into further details in the short post first, but later on posted two updates that suggested that user generated content was the cause for the domain suspension.
Commenters suggested that it had to do with a phishing attack on a South African bank that used forms on the jotform domain to steal personal information from the bank's users.
Tank also mentioned that forms may not be working anymore if they are pointing to the com address. He suggested to change the domain extension to .net instead to make them work again if that is the case. A knowledge base article is available to aid users who have dozens or even hundreds of forms that need to be changed.
Jotform customers should have received emails by now that inform them about the issue.
Some issues have not been addressed yet. It is for instance not clear why only the .com domain was suspended and why the .net domain was left untouched. The most likely reason is that the the contents were posted solely on the jotform.com domain.
And then there is the question how this could happen in first place. Was Jotform contacted by the authorities or bank representatives first to take down the contents without domain suspension? Several users who left comments suggested that a DCMA letter to Godaddy, the domain hosting company, was the culprit. This however does not explain Tank's statement that a US government agency has shut down the domain temporarily.
Facts are scarce at this point in time. The scary thing about this is that this can happen to any website that is hosting user generated contents. Taking down a phishing site, or phishing contents on a site, is a high priority task, considering that more users become victims of the trap the longer the site stays on line.
Jotform customers at this point in time can only change their form's domain name extensions to get them working again. It is likely that the domain will be up and running again in the coming days.
Update: The jotform.com website is up again. There is still no word about what happened. You can read more about it here on Hacker News
JotForm.com has been suspended by Godaddy for more than 24 hours now. They have disabled the DNS without any prior notice or request. They have told us the domain name was suspended as part of an ongoing law enforcement investigation. In order to resolve the issue, they asked us to contact the officer in charge at U. S. Secret Service.
When I contacted the Secret Service, the agent told me she is busy and she asked for my phone number, and told me they will get back to me within this week. I told them we are a web service with hundreds of thousands of users, so this is a matter of urgency, and we are ready to cooperate fully. I was ready to shutdown any form they request and provide any information we have about the user. Unfortunately, she told me she needs to look at the case which she can do in a few days. I called her many times again to check about the case, but she seems to be getting irritated with me. At this point, we are waiting for them to look into our case.
Our guess is that this is probably about a phishing form. We take phishing very seriously. Our Bayesian phishing filter has suspended 65.000 accounts last year. We have been training it for many years, so it can detect phishing forms with great accuracy. We also take any reports about phishing very seriously and quickly suspend the accounts and let the other party know about it. By the way, we are also very serious about false positives. If we suspend an account accidentally, we will quickly resolve the issue, and apologize.
I believe this can happen to anybody who allows users to create content on the web. So, if you have such business, my recommendation would be to make sure that you can contact your most active users quickly if your domain is disabled. Many of our users are shocked and angry at us. But, many also thanked us for quickly letting them know about the issue by email and providing instructions to continue operating their forms. Since DNS propagation takes some time, many active users were able to switch their forms to the new domain before it went down. We still have not contacted all users, we are sending emails most active users first.