RE: myspace makes GoDaddy take out Fyodor

["Richard M. Smith" <rms () computerbytesman com>]

As an aside, using the DNS system to censor Web sites is sometimes
necessary.  Back in 2004, a number of folks and myself investigated a piece
of malware that turned people's home computers into Web proxy servers in
order to host porn and phishing Web sites.  Every 10 minutes, DNS records
would get updated to move a Web site from one home computer to another.  The
goal was to make it hard to shut down the Web sites.  I tried to get the
domain registration company to turn off the domain names being used by the
scammers, but had no luck.  The system was finally shut down when analysis
of the malware showed that a master host system at Everyone's Internet was
running the whole show.  Turning off the master killed the network of scam
Web sites.  Had the scammers moved the master system around to other
hijacked home computers, the DNS system might have been the only way to turn
off the scam network.

Richard

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On
Behalf Of Fyodor
Sent: Friday, January 26, 2007 1:42 AM
To: Nick FitzGerald
Cc: FunSec LList
Subject: Re: [funsec] myspace makes GoDaddy take out Fyodor

On Fri, Jan 26, 2007 at 04:48:58PM +1300, Nick FitzGerald wrote:
> Blue Boar wrote:
>
> I guess, as a customer, maybe that's what you should expect from a 
> $8.95/yr/.com registrar??

$10 per domain-year adds up.  Last month I did a bunch of multi-year
renewals and paid GoDaddy well over $1,000.  But I don't think their
shutdown policy should be based on how much a customer pays.

> Their margins are pretty thin so they won't invest much effort in 
> defending you (as a customer) against a "big" complaint from a big 
> complainer.

I don't expect them to invest much effort.  They should have just told
MySpace to email/call/sue the registrant (Insecure.Com LLC) and/or contact
our ISP.  Our phone number and email address are in whois and all over the
site.  It is not the registrar's job to police the content of our web sites.
And even if they do suspend a domain, the web content is still available to
anyone who knows the IP, has the DNS record cached, or access the site
through a different domain name.  So contacting the hosting provider or ISP
can be more effective.

If Myspace had presented GoDaddy with a court order to remove the domain
record, that would be different.  But GoDaddy should have just bounced this
complaint to us rather than suspending our domain with no warning or reason
given.

Cheers,
Fyodor
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.