With millions of visitors per week Solarmovie is a thorn in the side of the major movie studios. The site indexes links to pirated copies of movies and TV-shows, which can be streamed directly through third party sites.
Apart from the ISP blockade in the UK, Solarmovie hasn’t run into any significant trouble. However, that changed yesterday when the site’s owner found out that someone had stolen the Solarmovie.tl domain name.
An unknown ‘hacker’ gained access to the name.com registrar where the domain was held and quickly transferred it to another registrar. How this could have happened is a mystery to Solarmovie admin Chris, who notes that they used a secure password.
“We have no idea how the registrar was accessed. The account had a 10 character long randomly generated password,” Chris informs TorrentFreak.
“I wonder why the name.com registrar didn’t send a confirmation link to the account’s primary email when it was changed. Registrars shouldn’t allow changes to login details in such an easy way without triple checking against swindlers,” he adds.
The Solarmovie.tl domain was transferred to EuroDNS and the registrant name changed to Gabriel Vasilica of HAVARD THABO LLP. The stolen domain now redirects to Solarmovie.ag, which initially displayed a “coming soon” landing page, but is now hosting a copy of the Solarmovie website.
The ‘fake’ Solarmovie has put up a notification informing visitors that the .AG domain is the site’s new home.
The ‘real’ Solarmovie, meanwhile, has reverted back to its old Solarmovie.so domain where it remains accessible as usual. They hope that the registrar can help them get the old domain back. Time will tell whether that’s possible.
“Currently we are talking to our registrar about possible measures we can take to have the domain returned. As for now, we revert back to solarmovie.so domain,” Chris says.
While it’s unclear who’s behind the domain hijack there are several signs that it’s the same person who stole the 1Channel.ch domain, which later became Vodly.to. For example, both vodly.to and solarmovie.ag use the same IDs for the Newrelic stats service.
Whoever’s behind the stolen domains and however they pulled it off, other streaming sites should be warned.
Update: Solarmovie’s Twitter account was hijacked briefly as well, but has been restored an hour ago.