US Agency Suspending Jotform.com Domain, What You Need To Know Now

Jotform is an online form creation service that can be used by free and paying customers to create online forms in an easy to use what you see is what you get interface. A short blog post by Jotform co-founder Aytekin Tank today revealead that an unnamed US government agency has "temporarily suspended" the jotform.com domain. The announcement itself was posted on the company's jotform.net domain.

Tank did not go into further details in the short post first, but later on posted two updates that suggested that user generated content was the cause for the domain suspension.

Commenters suggested that it had to do with a phishing attack on a South African bank that used forms on the jotform domain to steal personal information from the bank's users.

jotform

Tank also mentioned that forms may not be working anymore if they are pointing to the com address. He suggested to change the domain extension to .net instead to make them work again if that is the case. A knowledge base article is available to aid users who have dozens or even hundreds of forms that need to be changed.

Jotform customers should have received emails by now that inform them about the issue.

Some issues have not been addressed yet. It is for instance not clear why only the .com domain was suspended and why the .net domain was left untouched. The most likely reason is that the the contents were posted solely on the jotform.com domain.

And then there is the question how this could happen in first place. Was Jotform contacted by the authorities or bank representatives first to take down the contents without domain suspension? Several users who left comments suggested that a DCMA letter to Godaddy, the domain hosting company, was the culprit. This however does not explain Tank's statement that a US government agency has shut down the domain temporarily.

Facts are scarce at this point in time. The scary thing about this is that this can happen to any website that is hosting user generated contents. Taking down a phishing site, or phishing contents on a site, is a high priority task, considering that more users become victims of the trap the longer the site stays on line.

Jotform customers at this point in time can only change their form's domain name extensions to get them working again. It is likely that the domain will be up and running again in the coming days.

Update: The jotform.com website is up again. There is still no word about what happened. You can read more about it here on Hacker News

JotForm.com has been suspended by Godaddy for more than 24 hours now. They have disabled the DNS without any prior notice or request. They have told us the domain name was suspended as part of an ongoing law enforcement investigation. In order to resolve the issue, they asked us to contact the officer in charge at U. S. Secret Service.

When I contacted the Secret Service, the agent told me she is busy and she asked for my phone number, and told me they will get back to me within this week. I told them we are a web service with hundreds of thousands of users, so this is a matter of urgency, and we are ready to cooperate fully. I was ready to shutdown any form they request and provide any information we have about the user. Unfortunately, she told me she needs to look at the case which she can do in a few days. I called her many times again to check about the case, but she seems to be getting irritated with me. At this point, we are waiting for them to look into our case.

Our guess is that this is probably about a phishing form. We take phishing very seriously. Our Bayesian phishing filter has suspended 65.000 accounts last year. We have been training it for many years, so it can detect phishing forms with great accuracy. We also take any reports about phishing very seriously and quickly suspend the accounts and let the other party know about it. By the way, we are also very serious about false positives. If we suspend an account accidentally, we will quickly resolve the issue, and apologize.

I believe this can happen to anybody who allows users to create content on the web. So, if you have such business, my recommendation would be to make sure that you can contact your most active users quickly if your domain is disabled. Many of our users are shocked and angry at us. But, many also thanked us for quickly letting them know about the issue by email and providing instructions to continue operating their forms. Since DNS propagation takes some time, many active users were able to switch their forms to the new domain before it went down. We still have not contacted all users, we are sending emails most active users first.

Please share this article

Facebooktwittergoogle_plusredditlinkedinmail



Responses to US Agency Suspending Jotform.com Domain, What You Need To Know Now

  1. Marcin February 16, 2012 at 11:52 am #

    Thank you for this article we have 80 forms on different websites now they are all gone ...

  2. harry tuttle February 16, 2012 at 3:29 pm #

    Sounds like it is also a highly efficient way of getting the state to shut down your competitors.

    1. Hire some blackhats to generate infringing or illegal content on a competitors site.
    2. Send in the clowns.
    4. Leave comments in articles about the resulting domain seizure with details of how any miffed customers can transfer to your competing service.
    3. Kerching!

    Do you think I could patent this as a business method?

    • Martin Brinkmann February 16, 2012 at 3:34 pm #

      While I doubt that you could patent it, it is fairly certain that ruthless people are already making use of things like these to hurt their competition.

  3. harry tuttle February 16, 2012 at 3:54 pm #

    lol... I just read through my first post... and it appears that i can't count to four properly after too little sleep ;)

  4. kalmly February 16, 2012 at 5:40 pm #

    With or without SOPA. With or without due process. Remember when you lived in a free country?

  5. Morely the IT Guy February 16, 2012 at 6:20 pm #

    "Some issues have not been addressed yet. It is for instance not clear why only the .com domain was suspended and why the .net domain was left untouched. The most likely reason is that the the contents were posted solely on the jotform.com domain."

    No, the most likely reason is that the assclowns in the US Government think that only ".com" is an Internet domain.

Leave a Reply