Domains May Disappear After Search 379
Ponca City, We Love You writes "Daily Domainer has a story alleging that there may be a leak that allows domain tasters to intercept, analyze and register your domain ideas in minutes. 'Every time you do a whois search with any service, you run a risk of losing your domain,' says one industry insider. ICANN's Security and Stability Advisory Committee (SSAC ) has not been able to find hard evidence of Domain Name Front Running but they have issued an advisory (pdf) for people to come forward with hard evidence it is happening. Here is how domain name research theft crimes can occur and some tips to avoiding being a victim."
never use the web for such queries (Score:5, Informative)
Better still, simply use your registrar to do a registration, if that works then it was free
http://rndpic.com/ [rndpic.com]
Re:never use the web for such queries (Score:5, Informative)
http://technet.microsoft.com/en-us/sysinternals/bb897435.aspx [microsoft.com]
Re:never use the web for such queries (Score:5, Interesting)
Would it help anyone to know who took the domain? I can't seem to get to the article yet.
Re: (Score:3, Interesting)
The best protection is to keep the 'window' between testing and registering as short as you can manage, preferably no more than a few *minutes* !
Easier solution (Score:5, Interesting)
Re: (Score:3, Informative)
Re: (Score:3, Insightful)
Why would you wait to days and check with your client when you can register a domain for about two bucks? I'm a cheapass but man, you have me beat. You can't even buy a single beer in a bar for two bucks!
You should have gone ahead and registered it as soon as you thought of it without doing any whois lookup, THEN checked with your client. If he didn't want it you were out two bucks. If he did then you could have transferred it anywhere, to
What registrar registers a domain for $2? (Score:4, Interesting)
Re:What registrar registers a domain for $2? (Score:5, Insightful)
-nB
Comment removed (Score:4, Informative)
Re: (Score:3, Funny)
Re:never use the web for such queries (Score:4, Informative)
The perpetrator, in this case, was one Hank Ceigler, who, it turns out, was working for GoDaddy at the time. I'm not sure if he was a contractor or a full-time employee, but he was definitely involved in the domain business. I contacted him to see if he was interested in selling the domain, and he quoted a price over twice the appraised value of the domain.
I would love to know why GoDaddy is still allowed to register domains. They're scum.
Re:never use the web for such queries (Score:4, Interesting)
Just to present a counterpoint: a couple of years ago, the opposite happened to me. I registered a domain name based on the name of my character in an online game. It was certainly an unusual name that I had never run into.
A few days later, I got a somewhat angry email from someone wanting to know why I had taken that name, because it was their surname, and they had planned on registering it. Once I explained the situation the guy calmed down and all was well.
But the moral is that it is quite possible that someone, completely innocently, took the domain you were researching, within a day or so you doing it, because that's exactly what happened with my domain. In my case, I just got lucky... 2 days later, the domain would have been gone.
Re: (Score:3, Insightful)
'Every time you do a whois search with any service, you run a risk of losing your domain,'
So if I do a whois search on mcgrew.info [mcgrew.info] I risk losing my domain? That hardly seems likely! But if I hadn't registered it it wouldn't be mine, now would it? You cannot steal imaginary property, and if it's only in your head it's by definition imaginary.
And why would one do a whois search to look up a domain one wanted? I'
Re: (Score:3, Interesting)
Re:never use the web for such queries (Score:5, Interesting)
Doing a whois request at a reliable registrar's web-site doesn't go through your ISP's DNS. The larger registrars are probably more trustworthy than your run-of-the-mill ISP. For example, I believe GoDaddy and Network Solutions have stated that they would never provide such information to third parties.
Re:never use the web for such queries (Score:4, Interesting)
The domain wasn't registered when he queried it. But since he didn't buy it right then and there, it WAS registered an hour or so later, by the very site he typed it into.
This has been going on for years, but now the scammers don't even have to rely on roommate stupidity.
Data mining (Score:5, Informative)
However, there is another matter - that of data mining of the query packets that arrive at root and top level domain servers.
ICANN's contracts do not prohibit data mining of the query stream, in fact they openly permit it. Thus Verisign has the right to look at incoming queries and generate a body of information about what domain names are being uttered by users. It's not a big step from that to come up with a list of names that would be nice things to have if one wants to spatter up a bunch of Google Adsense ads and collect click revenue.
(Also, because the entire domain name, not just the top level parts, hits root and top level domain servers, through a bit of statistical reduction, one can produce a data stream that is of interest not only to paying marketeers but, perhaps, to certain national intelligence agencies.)
Re:Data mining (Score:4, Interesting)
The obvious disadvantage is that they can't use one registrar to determine that a domain is available and then shop around and use a cheaper registrar to actually buy the domain.
The advantage is that no third party squatter will be able to snipe the domain for themselves - unless of course they use the same registrar.
Re:Data mining (Score:4, Interesting)
THIS is one of the things they are trying to prevent.
Re:Data mining (Score:4, Interesting)
Now, the squatters COULD start developing a list of IP addresses that are doing lookups, and filtering them out of their results. Of course, this would be all right as it would mean you were protected from someone sneaking in and squatting the name you looked up. Even if the squatters filtered on both IP address AND multiple hits, this could be resolved by allowing real name lookups to be submitted into the random name lookup web site. Then if you wanted to lookup ihatedomainnamesquatters.com, not only you but everyone else that has been looking up random names, will look up ihatedomainnamesquatters.com also. It would be virtually impossible to tell the difference between real interest, and fake.
Plus, if you wanted to both fund the site AND be ironic, you could put advertising on the web page.
Re: (Score:3, Insightful)
Unless, of course, the squatters would find the website and filter
Re: (Score:3, Insightful)
Re:Data mining (Score:4, Interesting)
The stated reason for allowing retraction of registrations is to allow mistakes to be corrected. But with domains costing just a few dollars to register for a year, how much harm is done by making the customer pay for such mistakes? Answer - none at all. Meanwhile unscrupulous domain tasters are registering, and then returning, millions of domains a day for free.
The DNS marketplace has probably the most widespread corruption of any economy in the world today.
This has been happening a long time (Score:5, Interesting)
My buddy and I even made up names with random letters in a string of 15 or 20, then some porn words stuck on the end ".com".
Sure enough, two days later some squatter had them.
I think the leak is in the registrars themselves. Imagine the money someone could get from the squatters by simply setting up a script to automatically email these queries somewhere.
"Never a more wretched den of scum and villany" describes the whole domain registration process pretty well I think.
Re:This has been happening a long time (Score:5, Interesting)
So there's the answer to the problem. Bombard the servers with requests for random names. The sleazoids will be forced to either go through the names manually, looking for likely candidates, OR they'll have to register everything...which might tend to get a tad expensive. A script that would hit the whois server with a single randomly generated name every time someone logged into a linux box would probably not put undue hardship on the root servers, but still generate way to many names to feasibly register.
The way to break a scam is to make it expensive to continue. A similar scheme could work for spam. Go through the filtered emails, making a list of URLs. Wait for slow network usage, and do a throttled wget to
Re: (Score:3, Insightful)
> The sleazoids will be forced to either go through the names manually, looking for likely
> candidates, OR they'll have to register everything...which might tend to get a tad
> expensive.
It doesn't cost them a penny. Google "domain tasting".
Re:This has been happening a long time (Score:4, Interesting)
if a concerted effort were made to cause them to truely jam up the system with this. We could potentially cause them to have a cost. you see...they can taste and taste but realize that there is a bigger fish who is letting them taste his waters.... the registrar that allows tasting.
So... right now, domain squatting is a headache for us, but overall, a minor one, and an even more minor one for the resgitrar. If we could hit them with enough queries, that they truely "taste up" the system... you do two things....
1) You decrease their profit per domain
2) You cause headaches for the registrar as you turn up the volume and jam things up for everyone else
thus... you make their bottom line a small bit worst, and their cost to the tit they are feeding off of go up.
Do it enough and they will either have to stop using whois, or the registrars will stop letting them taste.
Either way, its a win for everyone else. This is totally one of those things where the situation needs to get worst so it can be made better, there is currently just no real pressure on the registrars.
I say.... jam up whois with queries!
-Steve
Re:This has been happening a long time (Score:5, Funny)
if one of these guys was found in his home, dead, his lifeless body hanging by a rope attached to his testicles, blood completely drained, and the word "SQUATTER" carved into his flesh (with forensics reporting it was carved in before he died).... well that would make the news.
If it then happened to one more of these guys every week... we might see a decrease in this buisness model.
Not encouraging anyone...just... planting seeds.... maybe some will take root....
Re:This has been happening a long time (Score:4, Insightful)
Tho is domain squatting really a "petty crime"? I agree... it is petty to squat on a domain, as it is petty to jay walk, or spit on the sidewalk etc.
However, is it really so petty when it is systematic? Is it really so petty when it is repeated over and over to the point of the denial of others of their fair use of publically accessable services?
Surely it is petty to fill water bottles from park drinking fountains and turn around and sell the full bottles. Is it still petty when you have expanded the operation such that your organization has people at 90% of the fountains, constanatly filling water so that all the thirsty people who don't want to pay your extortionist prices need to stand in long lines and wait for their water? How about when you have taken all of the public fountains, and nobody can even get their water?
We are not talking about petty crime here, we are talking about organized crime.
-Steve
Re: (Score:3, Interesting)
Re:This has been happening a long time (Score:5, Informative)
Comment removed (Score:5, Informative)
Re:This has been happening a long time (Score:5, Funny)
Sir, Have you seen this site's masthead? Do you have any idea where you are?
Comment removed (Score:4, Informative)
Re:This has been happening a long time (Score:4, Interesting)
These are the steps that should be taken:
- Identify domain squatters. Should be easy, they're the ones holding the domains.
- Become a "taste tester." Use the squatters' DNS servers to taste thousands of random names daily, both directly and via unethical ISPs or search engines.
- Exchange your list of random names with other taste testers.
- Attempt to access all the random names from everyone's lists, at least daily for the next 91 days.
- Once the domain squatters identify the taste testers, the squatters will be forced to exclude the taste testers from their automated harvesting, or will be spending millions of dollars registering utter crap.
- The taste tester network could offer "safe testing services" for legitimate searchers.
This could all be automated in a series of fairly simple scripts. What would be needed would be the widespread distribution and coordination of the random lists.The nice thing about the scheme is that squatters could be aware of and even secretly participate in it and it would still work. They'd have no better chance of identifying legitimate queries from random queries. And they can't exactly poison random data.
Re:This has been happening a long time (Score:4, Interesting)
Re: (Score:3, Informative)
Re: (Score:3, Interesting)
nope, they dont pay (Score:5, Informative)
Actually most of bigger squatting operations don't pay a dime on a per name basis. They hold the name for 30 days, then release it at no cost.
Comment removed (Score:5, Insightful)
Re:nope, they dont pay (Score:5, Insightful)
Actually most of bigger squatting operations don't pay a dime on a per name basis. They hold the name for 30 days, then release it at no cost.
They don't need to release it. They just get another shell company to snap it up.
Domain tasting is causing nothing but headaches for the internet at large and they need to abolish it.
Re:nope, they dont pay (Score:4, Insightful)
Re:nope, they dont pay (Score:4, Funny)
Re:nope, they dont pay (Score:5, Funny)
"domain tasting" (Score:5, Funny)
But ye gods! "domain tasting"?!
I can see it now... "The slashdot.org '97 was a superb one; It had a playful nose, a full, rich body and a piquant aftertaste. The digg.com '07, however, can only be described in scatalogical terms."
Re: (Score:2)
Re: (Score:2)
Maybe that's a good idea. Taser these guys right in their... um... "domains."
Re:"domain tasting" (Score:5, Funny)
Re:"domain tasting" (Score:5, Funny)
Mangling language (Score:3, Insightful)
Does this apply to me? (Score:5, Funny)
Theft? Crimes? (Score:5, Insightful)
Theft? Crimes? Does Slashdot now think, an idea can be "property" and/or "stolen"?
Re: (Score:2)
Too-SHAY.
Not a new trend. (Score:4, Informative)
Maybe the community can come up with a list of guaranteed reputable domain search services that take measures to prevent this sort of activity, and support those organizations.
it HAS been happening for years. (Score:2, Interesting)
Don't use Godaddy (Score:3, Interesting)
You sure about that? (Score:3, Interesting)
Actually, Bob Parsons (CEO of GoDaddy) has been complaining about "domain tasting" and "domain kiting" for years. Google Bob Parsons domain tasting [google.com] and look at the results. I wouldn't be surprised if it's happening upstream from Godaddy, but I'd be shocked to find Godaddy is in any way willingly facilitating the practise.
its actually pretty common (Score:4, Informative)
- Register a domain as soon as you search for it
- Avoid using registry based WHOIS tools.
The ICANN requirements for becoming a registrar are VERY weak. There are a lot of disreputable operations out there who could be colluding with domain prospectors. Even with the bigger registry operations, its still possible for people to get access to the whois queries. You have no idea what that web whois box is actually querying, and there is no privacy guarantee.Comment removed (Score:5, Informative)
Re: (Score:2)
And one of the least reputable.
Re:its actually pretty common (Score:4, Informative)
Also - GoDaddy has a quite nice spam policy - which other cheap registrars often don't have and they actually do not care much because being too strict about spam would not give them income.
joker.com would be nice because their web interface is clean and they don't try to sell you a kitchen sink with your domain, but their spam policy has at least in the past been non-existant.
Re:its actually pretty common (Score:5, Informative)
Re: (Score:3, Interesting)
MD5 lookup as defence (Score:5, Interesting)
Re: (Score:2)
Also, if you have to use a web based tool use a reputable registrar (I'm using 'moniker' now, after having used bulkregister for years but I didn't feel like staying with enom after the bulkregister takeover, enom has a pretty bad rep, as does godaddy).
Re: (Score:2)
Re: (Score:3, Interesting)
Re: (Score:3, Interesting)
They have the list of the domain names. They only need to calculate a forward MD5 checksum on each domain, and build an index with the MD5 checksum as the key. As new domains are added, checksum them and add them.
Poison the NXD data? (Score:2)
Re:Poison the NXD data? (Score:5, Insightful)
Re: (Score:2)
After a few hits, the squatter will register the domain. This costs $$
it cost you nothing to do a whois and run an automated script to hit random
URLs from a list. Once a domain is registered, it can be dropped from the list
and never pinged again.
Re: (Score:3, Insightful)
Re: (Score:3, Insightful)
In a word, no. Also, I don't think setting up a low level DDoS on the registrars is really the direction we want to move in.
The hypothesized "synthetic demand"[*] does not really deny service to the registrars. It's essentially "crying wolf" on domains for which there is not actually demand. This would hopefully exert some amount of drag on the squatters' business model to make a difference. If they did notice it, they'd just spend some additional time adding extra smarts to the process.
[*] Just to be silly, I've done a whois on syntheticdemand.com, which at the time I write this post does not exist. Wonder how soon that
I'm off to write a script (Score:2)
Millions of them. Have fun squatters!
Re: (Score:2)
Re: (Score:3, Insightful)
Re: (Score:3, Insightful)
Now say I spread that request out so that one computer is doing a whois per month but still the same total. Less likely to get banned and I could probably up that to 2-3 per day and still be safe.
If you DDoS the entire thing, you're done. NO ONE can do anything their scripts will be useless the
https://www.easywhois.com/ (Score:5, Informative)
One of the problems stem from the fact that any whois query can be sniffed (or SNORTed) if it passes over the wrong network hop anyway, so there isn't much you can do unless you're ready on the trigger to register the domain almost immediately. One thing you CAN do if you're going to do web queries (because not everybody has a whois command line installed) is query via;
https://www.easywhois.com/ [easywhois.com]
Note httpS. I can certify that Mark J doesn't do domain tasting [privateworld.com], that's not the business EasyDNS is in [www.cnw.ca]. So if you do do a query via EasyWhois it's not going to get snagged after 24 hours (at least not from our end).
[ Disclaimer: Yeah I work for EasyDNS
Re: (Score:2, Insightful)
Re: (Score:2)
NUBS! (Score:2)
Domain tasting is wrong and evil (Score:5, Interesting)
Much of not most of the spam I'm deflecting nowadays seems to come from 'tasted' domains. Or just made up. I almost don't care about the difference.
The last time I read about this, more than a month ago, one snarky idea was to script a tool to randomly taste domains, constantly. If the registrars are forwarding the requests to squatters, they would go crazy with the surge in requests. The squatters would fritter away resources keeping up with these random searches, and eventually the WHOIS functionality of the registrars would have to change. And the script would change, and so on.
I think domain tasting ought to go away, or cost something. $2 for a 14 day taste would wreck the economics, maybe, certainly if random search scripts got going. My server could probably do 100,000 searches a day. I know it can send out 3-4 million spams a weekend, sadly.
Of course, the registrars could block my IP after a while. And blocks of IPs. So we need a Seti@Home-type script that hammers these things out, and let them block every dialup/dsl/cable/sat block. Hehe.
No, it's not devious enough.
Trial garbage (Score:5, Insightful)
Wouldn't doing away with that stupidity make things a lot harder for these losers that park / squat domains?
Dan East
Re:Trial garbage (Score:4, Funny)
Back in the day when a domain registration was $100 for two years, we had the misfortune to hire a dyslexic person to type in orders. We ended up losing several thousand dollars, (quite a lot for a small business,) and even having him double and triple check the spelling didn't work. In short, he was let go after a few months.
Common sense (Score:4, Interesting)
I'm thinking that I'm not liking the direction this is going...
Sniffing, tasting, hmmm, what comes next, digesting? Excreting?
Re: (Score:3, Funny)
Interesting... I just tried with the word "carkfuck" and got 0 results. I wonder what it will look like next week? Oh Shit! It will point to slashdot!
PS: I had to try a few nonsen
Google it first..? (Score:5, Insightful)
Looks like command line is safe (Score:2)
When I read this, I was a bit concerned there might be someway queries were being intercepted by command line tools, but that doesn't seem to be the case. I have a big list of open domain names that I was considering about 15 months ago, and doing a quick survey just now, there are quite a number that are still open. There were also a number of them that were now taken, but the dates on them didn't show any particular scary pattern. Just sometime in the last 15 months someone else thought of my rejects. :)
First domain name front running, now this (Score:3, Informative)
I guess from now on one will have to register a name blind and see what happens.
Don't use whois at all. (Score:2)
Don't use whois. Just open up a webbrowser and enter the doman you want. See what the browser returns. If possible use different dns servers or locations. Your search should look like normal web querys. Onces you are sure that you domain isn't registered go snarp up the fucker.
Omg don't do that! (Score:5, Informative)
"It is such a strong urge to type the domain name into the address bar and see what website comes up. Most users think perhaps there is already a company using the name and this will be a quick end to the question. Wrong! This is the most dangerous thing to do. Internet Service Providers (ISP) sell NXD (Non-eXistent Domain) data."
Backfire (Score:2)
Network Solutions Whois seems safe (Score:3, Insightful)
By the way, the solution to the "tasting" problem is to either put a very low limit on the number of "free tastes" people or companies can have in a year.
Another way is to simply charge tem a pro-rated amount based on a minimum usage, say, 1/26 of the annual fee for 2 weeks.
Another way is to charge a non-refundable setup fee, say, 1/12 of the annual fee, which would be credited against the 12th month of service. Whatever this fee is, it should cover the actual costs of registering and de-registering a domain plus provide an optional small profit to the registrar.
Domains come up too fast (Score:5, Insightful)
There's been some concern about this over at the Anti-Phishing Working Group. Much phishing seems to come from domains held for very short periods. But it turns out that's not "domain tasting". It's phishers buying domains with stolen credit card numbers, using retail domain registrars. After a few days, the credit card number is detected as stolen, the transaction is reversed by the bank, and the registrar deletes the domain.
This seems to be a separate problem from "domain tasting". But the "grace period" loophole that makes "domain tasting" possible also enables this scam. If registrars couldn't return domains to the TLD registry without paying, they'd have to raise their standards of customer validation.
Is it corruption? (Score:2)
Why is This So Hard to Verify? (Score:5, Insightful)
Re: (Score:3, Funny)
This is old news (Score:3, Interesting)
Been going on for ages (Score:3, Insightful)
If you can afford a Nominet membership, two static IP addresses and a Linux box with Apache, Perl, GPG and BIND, you too can become a domain scammer! Sell domain names "from" some riduculously low figure, which -- it transpires, after reading the small print, which is so small you have to press ctrl + "+" several times just to be able to see it -- only applies to long, unpronounceable strings, with actual words coming at a higher rate. Set yourself up a dodgy affiliate programme {is that a tautology?} where people can put a little form on their pages querying your WHOIS service. A little drive-by download which diverts other domain queries to your own server wouldn't go amiss {best to do this from one of your affiliates' pages, though}. Now you know what domains people are looking up and, being a Nominet member, you are in a position to register the most interesting ones straight away {you can even do this fully-automatically, since all you have to do to buy a domain is send a GPG-encrypted email}.
Registering a domain is so cheap, if you're a member of Nominet, that it's worth a few failures for the successes you will achieve. (You can also register easy mistypings of the name, and post content there which might help persuade the owner of the correctly-spelt domain to purchase those domains from you.)