Domains May Disappear After Search 379
Ponca City, We Love You writes "Daily Domainer has a story alleging that there may be a leak that allows domain tasters to intercept, analyze and register your domain ideas in minutes. 'Every time you do a whois search with any service, you run a risk of losing your domain,' says one industry insider. ICANN's Security and Stability Advisory Committee (SSAC ) has not been able to find hard evidence of Domain Name Front Running but they have issued an advisory (pdf) for people to come forward with hard evidence it is happening. Here is how domain name research theft crimes can occur and some tips to avoiding being a victim."
Theft? Crimes? (Score:5, Insightful)
Theft? Crimes? Does Slashdot now think, an idea can be "property" and/or "stolen"?
Re:Poison the NXD data? (Score:5, Insightful)
Re:Poison the NXD data? (Score:1, Insightful)
Don't do a whole lot of searches very rapidly. Set the timing up to use random, sporadic, infrequent intervals. Make a program to share with the whole world so that everyone can install it and run it in the background such that it will only use idle, spare cpu cycles and bandwidth. If tens of thousands of people would run it, the result would be like death by a bazillion tiny little paper cuts, all coming in from all directions, to these "domain taster-squatters". After all, don't they actually end up having to eventually pay for all the domains they've squatted upon?
Trial garbage (Score:5, Insightful)
Wouldn't doing away with that stupidity make things a lot harder for these losers that park / squat domains?
Dan East
Comment removed (Score:5, Insightful)
Re:nope, they dont pay (Score:5, Insightful)
Actually most of bigger squatting operations don't pay a dime on a per name basis. They hold the name for 30 days, then release it at no cost.
They don't need to release it. They just get another shell company to snap it up.
Domain tasting is causing nothing but headaches for the internet at large and they need to abolish it.
Re:nope, they dont pay (Score:4, Insightful)
Google it first..? (Score:5, Insightful)
Re:https://www.easywhois.com/ (Score:2, Insightful)
Re:This has been happening a long time (Score:3, Insightful)
> The sleazoids will be forced to either go through the names manually, looking for likely
> candidates, OR they'll have to register everything...which might tend to get a tad
> expensive.
It doesn't cost them a penny. Google "domain tasting".
Network Solutions Whois seems safe (Score:3, Insightful)
By the way, the solution to the "tasting" problem is to either put a very low limit on the number of "free tastes" people or companies can have in a year.
Another way is to simply charge tem a pro-rated amount based on a minimum usage, say, 1/26 of the annual fee for 2 weeks.
Another way is to charge a non-refundable setup fee, say, 1/12 of the annual fee, which would be credited against the 12th month of service. Whatever this fee is, it should cover the actual costs of registering and de-registering a domain plus provide an optional small profit to the registrar.
Domains come up too fast (Score:5, Insightful)
There's been some concern about this over at the Anti-Phishing Working Group. Much phishing seems to come from domains held for very short periods. But it turns out that's not "domain tasting". It's phishers buying domains with stolen credit card numbers, using retail domain registrars. After a few days, the credit card number is detected as stolen, the transaction is reversed by the bank, and the registrar deletes the domain.
This seems to be a separate problem from "domain tasting". But the "grace period" loophole that makes "domain tasting" possible also enables this scam. If registrars couldn't return domains to the TLD registry without paying, they'd have to raise their standards of customer validation.
Re:Poison the NXD data? (Score:3, Insightful)
Re:I'm off to write a script (Score:3, Insightful)
Is domain parking worth it? (Score:2, Insightful)
Why is This So Hard to Verify? (Score:5, Insightful)
Mangling language (Score:3, Insightful)
By instinct, I would pronounce a lot of words the wrong way, such as "draught" or "digest", because I don't know how to pronounce those words except phonetically. I never learned the roots of the words or how to pronounce certain things when or why. Some words are going to sound or look weird to me or even seem out of place just because I don't know these things, so I will be much more likely to use words that mean something more to me and tie into my experiences more.
I don't know if you've seen some french books, and then heard french people talking. Around here at least, it's totally not the same thing. One is definitely more formal and one is definitely more slang-laden. It doesn't even matter if the book is for casual reading. If you walk into a job, then you're not going to use the slang-laden french either, you'll turn to the more formal french. And then when you're hanging out with friends, it's back to slang-french. That's just how things will always be until people in formal situations accept slang, or people are taught languages formally and learn the roots of their languages as well.
Re:never use the web for such queries (Score:3, Insightful)
'Every time you do a whois search with any service, you run a risk of losing your domain,'
So if I do a whois search on mcgrew.info [mcgrew.info] I risk losing my domain? That hardly seems likely! But if I hadn't registered it it wouldn't be mine, now would it? You cannot steal imaginary property, and if it's only in your head it's by definition imaginary.
And why would one do a whois search to look up a domain one wanted? I'd go to my registrar and try to register the damned thing! If it was already registered it wouldn't cost me anything. This seems a silly non-issue and I'd like someone to enlighten me.
Here is how domain name research theft crimes can occur
So there is a law against "stealing" someone's idea? What law? In what country? And how could such a law actually solve anything? It isn't a crime if it's not against the law, now is it?
Please don't od this insightful because the summary has me feeling so damned ignorant I just may (gasp) RTFM.
And don't get me wrong and start flaming. IMO this is a shady shoddy practice but no law could fix it, since the internet is global and laws are country-specific. It sems ICAAN is the only one who could do something, and they seem lately to be just another arm of the corporate cartel that runs the world's governments. Since it's most likely the corporates doing this sleaze, I don't see anybody's government or ICAAN doing jack about it.
Re:never use the web for such queries (Score:3, Insightful)
Why would you wait to days and check with your client when you can register a domain for about two bucks? I'm a cheapass but man, you have me beat. You can't even buy a single beer in a bar for two bucks!
You should have gone ahead and registered it as soon as you thought of it without doing any whois lookup, THEN checked with your client. If he didn't want it you were out two bucks. If he did then you could have transferred it anywhere, to your servers or your host.
Re:What registrar registers a domain for $2? (Score:5, Insightful)
-nB
Re:Poison the NXD data? (Score:3, Insightful)
[*] Just to be silly, I've done a whois on syntheticdemand.com, which at the time I write this post does not exist. Wonder how soon that will get registered?
Re:I'm off to write a script (Score:3, Insightful)
Now say I spread that request out so that one computer is doing a whois per month but still the same total. Less likely to get banned and I could probably up that to 2-3 per day and still be safe.
If you DDoS the entire thing, you're done. NO ONE can do anything their scripts will be useless they're just going to chalk it up to a DDoS and go on. However if you load it up to 90% of capacity then these automated "take a whois and register it" scripts will be registering everything possible. If you get enough computers loading the system so that everything is being registered someone is going to notice it.
Re:This has been happening a long time (Score:4, Insightful)
Tho is domain squatting really a "petty crime"? I agree... it is petty to squat on a domain, as it is petty to jay walk, or spit on the sidewalk etc.
However, is it really so petty when it is systematic? Is it really so petty when it is repeated over and over to the point of the denial of others of their fair use of publically accessable services?
Surely it is petty to fill water bottles from park drinking fountains and turn around and sell the full bottles. Is it still petty when you have expanded the operation such that your organization has people at 90% of the fountains, constanatly filling water so that all the thirsty people who don't want to pay your extortionist prices need to stand in long lines and wait for their water? How about when you have taken all of the public fountains, and nobody can even get their water?
We are not talking about petty crime here, we are talking about organized crime.
-Steve
Re:never use the web for such queries (Score:2, Insightful)
Come to the table with that signed contract and the consideration that was negotiated for it, and you won't get laughed out of the room.
Re:Data mining (Score:3, Insightful)
Unless, of course, the squatters would find the website and filter on its contents ;).
Re:Data mining (Score:3, Insightful)
Re:Data mining (Score:1, Insightful)
I'd suggest you look at the registrars rather than the registry.
The reality is that ICANN impose certain restrictions and requirements on VeriSign. One is domain name tasting. Another is that VeriSign allow ICANN-accredited registrars register new domains - it isn't for VeriSign to say who should or who should not be accredited. If ICANN says that DomainHiJackerServicesInc is an accredited registrar, then VeriSign must accept their registrations.
Been going on for ages (Score:3, Insightful)
If you can afford a Nominet membership, two static IP addresses and a Linux box with Apache, Perl, GPG and BIND, you too can become a domain scammer! Sell domain names "from" some riduculously low figure, which -- it transpires, after reading the small print, which is so small you have to press ctrl + "+" several times just to be able to see it -- only applies to long, unpronounceable strings, with actual words coming at a higher rate. Set yourself up a dodgy affiliate programme {is that a tautology?} where people can put a little form on their pages querying your WHOIS service. A little drive-by download which diverts other domain queries to your own server wouldn't go amiss {best to do this from one of your affiliates' pages, though}. Now you know what domains people are looking up and, being a Nominet member, you are in a position to register the most interesting ones straight away {you can even do this fully-automatically, since all you have to do to buy a domain is send a GPG-encrypted email}.
Registering a domain is so cheap, if you're a member of Nominet, that it's worth a few failures for the successes you will achieve. (You can also register easy mistypings of the name, and post content there which might help persuade the owner of the correctly-spelt domain to purchase those domains from you.)