It's funny -- I saw the headline and immediately did a CTRL+F for NameCheap. It's the same registrar again and again[0] for what seems like years now[0].
Okay? Namecheap is a massive registrar, abuse is bound to happen, but they actually deal with the abuse and in an incredibly short amount of time, most reports I submit are taken care of in less than 30min.
If you actually look into the history of the domains linked to "Josef Bakhovsky" and registered with Namecheap you can see they've got put on serverHold
A lot of registrars don't deal with abuse at all and simply say "report it to the hosting company", example here (domain in question was a Redline Stealer C2):
> Please, be aware that we, as a domain-only provider and not providing any content, hosting or e-mail services, are not in a position to judge the content of a website. For that reason, our normal procedure is that we inform our reseller and the domain holder, but will not suspend the domain names without an official WIPO decision or court order.
And an example from the article, NameSilo didn't take the domains down even after talking to Krebs?
> hey actually deal with the abuse and in an incredibly short amount of time, most reports I submit are taken care of in less than 30min.
I don't know what your secret is. I'll admit they're a bit better than they used to be, but I regularly see stuff I report to them left online for weeks! Is there something that works better than their online reporting form?
Domains used for things like URL shorteners or free form/survey/website builders that get abused by phishers over and over and over again stay online too. Domains that eventually take down a single URL within a few weeks after it's reported, but do nothing to prevent the next one or the next one or the next one.
Namecheap seems perfectly happy to keep taking money from what are basically safe havens for scammers.
> but I regularly see stuff I report to them left online for weeks.
What kind of abuse are you reporting? The few reports I send about spam tend to take a bit longer than the rest (since I need to send along email headers, etc.) but I've never had reports take weeks.
> Is there something that works better than their online reporting form?
I've used both Twitter and the form, there's been a few times where I've had to nudge them, but with the hundreds of reports I've done I'd say they're definitely one of the best domain registrars at handling abuse, some registrars I don't even bother reporting to anymore because they refuse to do anything whatsoever (dynadot, openprovider, godaddy, nicenic, key-systems to name a few)
> Domains used for things like URL shorteners or free form/survey/website builders that get abused by phishers over and over and over again stay online too. Domains that eventually take down a single URL within a few weeks after it's reported, but do nothing to prevent the next one or the next one or the next one.
That's a case I rarely come across but yeah that does sound like they handle it poorly, in my opinion they should be suspending the entire domain if the service is repeatedly slow at taking action.
Or if you read the article, it seems that this group was previously using NameCheap, but instead has moved on to NameSilo. So maybe NameCheap has gotten better about combating fraud?
After a forum I was on got flooded with CSAM shit, I did some hunting and found out it was all hosted on Godaddy hosting. I collected all the info and sent it to them, and got silence. I checked around, and it sounds like tons of people had done the same thing, and the ones who got responses were along the lines of "not our problem, call the FBI", and people who reported through FBI/NCMEC still saw zero action. I was looking at years old threads of people reporting the same exact sites I was trying to report, with no one getting anywhere.
These are straight up child porn sites, hosted by GoDaddy hosting (not just the domains), which were up for years on the plain internet, not on Tor, or even something where passwords were required or something. This wasn't a long time ago either, this was like, a few years ago, and no one at GoDaddy gave a shit. Absolutely infuriating.
I wouldn't expect GoDaddy to care, unless they'd had a compliance fear of G-d put into them.
But if the proper US authorities were knowingly permitting that material and activity to persist on a big US company's servers, one theory would be that they're using it to map out people who produce, distribute, and seek that material.
This resulting in more people encountering the evil material might only increase political support for this and other surveillance efforts.
Or maybe this is actually small potatoes among the tasking of the authorities, and they don't have enough resources for all of it, so they have to triage.
What could be the rationale? Not wanting to validate the CSAM for fear of becoming responsible for it, or not wanting to hire the staff/buy the infrastructure to "cleanly" handle such stuff?
Being charitable, it's plausible that they read the Tweet, did some recon on their end, determined that the websites were abusive, and banned them based on that. Just because the Tweet was the only public information preceding the ban doesn't mean it was the only information.
I am not familiar with regulation in this space, but why should a domain registrar care about a URL shortener that has a pointer to another malicious domain? They can ban the destination malicious domain obviously, but censoring an URL shortener feels like asking a DNS service to not to resolve a website, which is commonly criticized on HN.
More like blaming the Department of Motor Vehicles for issuing a car registration for the vehicle, owned by a rental agency, that the terrorist used to drive into people.
The .us TLD is trash. I've walked away and am just letting my .us domains expire.
Fun fact: they, in contrast to just about every other TLD, refuse to redact WHOIS information. Having my address and phone number connected to my domains is so fun! I feel so young again.
Requiring public WHOIS information for .us was like half the article. It notes at the end how the NTIA is currently considering changing the rule and looking for comments as well as how security experts have been opposing it for potentially worsening the spam problem.
Sure, I can register a .me, or a .com, or a .net, or a .org, or like 100 other TLDs. I don't have this issue except on .us.
WHOIS redaction is a standard feature of domain registrars these days, about N-1 TLDs support it, and like you said I can vote with my feet (and I am).
Something I've been wondering about lately - maybe you have some insight into how this works?
The .in TLD doesn't allow privacy protection as seen in the list you linked above but whois still shows "Redacted for Privacy Purposes" for everything but the country and state/province of the registrant.
I'm not sure about .in specifically, but it is worth noting that the information you are required to provide to register a domain and the information that is published on WHOIS is not necessarily the same.
At this point I consider every link shortening service to be malicious. The "good" ones, at best, take down the URLs that are reported to them but they don't do anything to stop the same scammers from creating more. They don't even seem to bother searching for other active URLs pointing to the same malicious content.
Yep, wish there was a good up to date list of every link shortener I could block by default but instead it seems like every day some new one pops up. Probably because the last domain they created got blocked on enough sites and its trivial to write one that is unmoderated and abused by CSAM spammers.
That seems a bit like saying DNS is malicious, networking is malicious, information is malicious. Almost everything in this world could be used maliciously, and that can't easily be stopped with great success.
Everything can be abused, some things are abused more often than others. There comes a point when something becomes more trouble than it's worth. DNS/networking/information hasn't hit that threshold, but open DNS resolvers, open SMTP relays, and URL shorteners seem to have.
I found some scammers who were registering portions of public addresses as URLs. Not sure where they scrapped them from but it was surely to get around detection.
URLs would be like 123NotRealSteetCA, or even otRealStreetCalifornia, where NotRealStreet are actually real US addresses or portions or real addresses.
no, what actually happens is they run a stupid global shared phonebook and le bad people add entries to malware in it. le bad people could just as well do this (whatever it is the'yre doing) without domains at all. but i don't expect anyone who's hobby horse is DNS to tell the forest from the trees. the fact that people get uppity over stuff like this is a testament to the internet being too locked down (it also costed billions of dollars of tax money to get here). i don't get why nobody remembers 20 years ago when they knew how every malware scam etc was obvious and trivial to avoid except for their bumpkin parents.
The whole thing about .us needing real name and address of a person and you cannot hide your identity is hilarious. Everytime I had someone spamming me from .us and their data were obviously fake (Registrant name: Tom Cat, Address: Local trash can), the registrar didn't even bother replying to my emails. This has happened with GoDaddy and Dynadot, NameCheap (which is outsourcing all their support to Eastern Europe countries like Russia, so these people are actually looking at your sensitive data) cannot talk for others.
> NameCheap (which is outsourcing all their support to Eastern Europe countries like Russia, so these people are actually looking at your sensitive data)
Is it really called outsourcing when they are themselves located in Ukraine (formerly Russia)?
[0] https://news.ycombinator.com/item?id=32626618
[1] https://news.ycombinator.com/item?id=24231307