Domains May Disappear After Search

Ponca City, We Love You writes "Daily Domainer has a story alleging that there may be a leak that allows domain tasters to intercept, analyze and register your domain ideas in minutes. 'Every time you do a whois search with any service, you run a risk of losing your domain,' says one industry insider. ICANN's Security and Stability Advisory Committee (SSAC ) has not been able to find hard evidence of Domain Name Front Running but they have issued an advisory (pdf) for people to come forward with hard evidence it is happening. Here is how domain name research theft crimes can occur and some tips to avoiding being a victim."

never use the web for such queries

[jacquesm]

Always use a command line tool. The webservices are notorious for such sniffing, I've never seen or heard about it happening from the unix command line.
Better still, simply use your registrar to do a registration, if that works then it was free :)

http://rndpic.com/ [rndpic.com]

Data mining

[karl.auerbach]

It has long been rumored that domain name registries snap up names when they see signs of interest. Unfortunately ICANN's committees don't have the tools to really open up the clamshell and see what is really going on deep inside registries and registrars.

However, there is another matter - that of data mining of the query packets that arrive at root and top level domain servers.

ICANN's contracts do not prohibit data mining of the query stream, in fact they openly permit it. Thus Verisign has the right to look at incoming queries and generate a body of information about what domain names are being uttered by users. It's not a big step from that to come up with a list of names that would be nice things to have if one wants to spatter up a bunch of Google Adsense ads and collect click revenue.

(Also, because the entire domain name, not just the top level parts, hits root and top level domain servers, through a bit of statistical reduction, one can produce a data stream that is of interest not only to paying marketeers but, perhaps, to certain national intelligence agencies.)

Re:never use the web for such queries

[Pyrion]

SysInternals (now Microsoft) has a whois CLI tool for Windows as well.

http://technet.microsoft.com/en-us/sysinternals/bb897435.aspx [microsoft.com]

Not a new trend.

[palegray.net]

I'll swear this has been happening for years. I've taken to the habit of not searching for a new domain until I'm ready to buy it, right then and there. In the past, I've seen cases where customers have searched for a domain, found it to be available, and by the time they had a meeting the next morning to discuss buying it have it be registered by someone else (usually a squatter). In a sense, it's just common sense that a lot of the domain search "services" would engage in a competitive practice like this. I'm not saying it's ethical, but it's been going on for a long time.

Maybe the community can come up with a list of guaranteed reputable domain search services that take measures to prevent this sort of activity, and support those organizations.

its actually pretty common

[asv108]

I've executed many whois domain searches in the past, only to find the domain I looked at registered the next day. There are a few ways to avoid this problem:

• Register a domain as soon as you search for it
• Avoid using registry based WHOIS tools.

The ICANN requirements for becoming a registrar are VERY weak. There are a lot of disreputable operations out there who could be colluding with domain prospectors. Even with the bigger registry operations, its still possible for people to get access to the whois queries. You have no idea what that web whois box is actually querying, and there is no privacy guarantee.

Re:never use the web for such queries

[Anonymous Coward]

It's not much of a stretch from selling NXDOMAIN data to logging all whois queries. I think the time has come for encrypted whois, at least between nics and registrars. Unfortunately most registrars are clueless about how this stuff actually works and some nics are so utterly clueless that they only offer web-based whois.

nope, they dont pay

[asv108]

Amusing. Increase the scale of that operation a bit and you could quickly bankrupt a careless squatter.

Actually most of bigger squatting operations don't pay a dime on a per name basis. They hold the name for 30 days, then release it at no cost.

https://www.easywhois.com/

[Simon Carr]

I'm more than just not surprised by this, I've known it without proof for years. Doing queries for total junk domains, and then three or four days later finding out that those domains had been registered? Too weird. And that was years ago.

One of the problems stem from the fact that any whois query can be sniffed (or SNORTed) if it passes over the wrong network hop anyway, so there isn't much you can do unless you're ready on the trigger to register the domain almost immediately. One thing you CAN do if you're going to do web queries (because not everybody has a whois command line installed) is query via;

https://www.easywhois.com/ [easywhois.com]

Note httpS. I can certify that Mark J doesn't do domain tasting [privateworld.com], that's not the business EasyDNS is in [www.cnw.ca]. So if you do do a query via EasyWhois it's not going to get snagged after 24 hours (at least not from our end).

[ Disclaimer: Yeah I work for EasyDNS :) ]

Comment removed

[account_deleted]

Comment removed based on user account deletion

First domain name front running, now this

[smooth wombat]

Apparently, this story goes along with this one [slashdot.org].

I guess from now on one will have to register a name blind and see what happens.

Re:This has been happening a long time

[orclevegam]

As some have pointed out it costs the squatter nothing. They have a loophole because many registrars allow a 30 day trial period on a domain in which you can have it and if you decide you don't want it you can get rid of it for no cost. The squatters can then play a shell game by having a set of dummy companies swap the domain between themselves without ever passing the 30 day mark. With only 3 companies a squatter could tie a domain up for just under 3 months, and never have to pay a penny.

Omg don't do that!

[sakdoctor]

From the page linked from TFA:

"It is such a strong urge to type the domain name into the address bar and see what website comes up. Most users think perhaps there is already a company using the name and this will be a quick end to the question. Wrong! This is the most dangerous thing to do. Internet Service Providers (ISP) sell NXD (Non-eXistent Domain) data."

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:its actually pretty common

[zyzko]

Could you back that up? There are horror stories for every registrar, but GoDaddy is in my opinion one of the best of the cheap ones. Their customer support actually works (I have always got a response to email within 2 hours - Network Solutions has 12-24 hour answer time at best and they cost 5x as much as GoDaddy, not to mention their refusal policy to transfer domains to other registrars without phonecalls (I'm not living in the USA so the phonecalls to them are expensive international ones) just because they think transfer is "suspicious").

Also - GoDaddy has a quite nice spam policy - which other cheap registrars often don't have and they actually do not care much because being too strict about spam would not give them income.

joker.com would be nice because their web interface is clean and they don't try to sell you a kitchen sink with your domain, but their spam policy has at least in the past been non-existant.

Re:This has been happening a long time

[Tiger4]

I just tried it over at Network Solutions (took three words and glued them together). The made up name wasn't registered. They not only offered to register the name for me, but it also offered me common Misspellings that would be a near match, common search term names similar to the one I queried, and Premium names that are already available for sale, all on the same registration page. How much of a stretch is it to assume they track this kind of thing and pass it on to someone to register?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:MD5 lookup as defence

[zakeria]

No... all domains that are registered have an existing MD5 sum... now if you lookup a MD5 encoded domain it gets tested against existing MD5/all domains in the registrar, if you have a match then the domain has already been registered if no match the domain is free to be registered.. another thing to note is the whois owners also dont know what you looked up so they can be out of the frame also!

Re:its actually pretty common

[Grey_14]

check out http://nodaddy.com/ [nodaddy.com] for a few horror stories, Admittedly every business that gets past a certain size will have 'hate' sites against it, but yanking a domain name from Fyoder was a pretty bad idea :P

Re:What registrar registers a domain for $2?

[sm62704]

Google is your friend [google.com]

Re:never use the web for such queries

[sporkmonger]

Happened to me too. Same exact story. Domain was good, but not something anyone else would be interested in. I did a search on a web service, and the domain was registered out from under me within an hour.

The perpetrator, in this case, was one Hank Ceigler, who, it turns out, was working for GoDaddy at the time. I'm not sure if he was a contractor or a full-time employee, but he was definitely involved in the domain business. I contacted him to see if he was interested in selling the domain, and he quoted a price over twice the appraised value of the domain.

I would love to know why GoDaddy is still allowed to register domains. They're scum.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion