Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

MySpace and GoDaddy Shut Down Security Site

kdawson posted more than 7 years ago | from the sudden-darkness dept.

Security 344

Several readers wrote in with a CNET report that raises novel free-speech questions. MySpace asked GoDaddy to pull the plug on Seclists.org, a site run by Fyodor Vaskovich, the father of nmap. The site hosts a quarter million pages of mailing-list archives and the like. MySpace did not obtain a court order or, apparently, compose a DMCA takedown notice: it simply asked GoDaddy to remove a site that happened to archive a list of thousands of MySpace usernames and passwords, and GoDaddy complied. Fyodor says the takedown happened without prior notice. The site was unavailable for about seven hours until he found out what was happening and removed the offending posting. The CNET article concludes: "When asked if GoDaddy would remove the registration for a news site like CNET News.com, if a reader posted illegal information in a discussion forum and editors could not be immediately reached over a holiday, Jones replied: 'I don't know... It's a case-by-case basis.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered


Case-by-case basis... (4, Insightful)

192939495969798999 (58312) | more than 7 years ago | (#17771764)

in case it would be bad for our PR, then no, in case it would be good for our PR, then yes, we take the site down. /sarcasm?

Re:Case-by-case basis... (3, Interesting)

namityadav (989838) | more than 7 years ago | (#17771988)

Interestingly enough, the action would turn out to be good for http://www.seclists.org/ [seclists.org] too as thousands of people are going to check that website after reading this story on Slashdot (I know I did).

Re:Case-by-case basis... (4, Insightful)

nmb3000 (741169) | more than 7 years ago | (#17772634)

The problem is that whatever the cause, this was bad for GoDaddy's PR, and Slashdot users should let them know.

I'd suggest that everyone here who is disgusted with this action, especially those who have domains registered with GoDaddy, email GoDaddy public relations [mailto] and/or email their domain registration support [godaddy.com].

Just as an example, here is what I sent:

Regarding the recent action GoDaddy took against Seclists.org, I want to know just *why* I should keep my domains at GoDaddy, and not transfer to somebody who shows some respect for their customers.

I find it disgraceful that GoDaddy would bend over when somebody like MySpace pushes a little. How can I now know that my domains are safe from being shut down on a whim? By not following any meaningful procedure to resolve the conflict, you have caused myself and many others to loose any faith we had with you as a registrar.

When my domains expire in a few months, I will be transferring them to another registrar unless GoDaddy publicly apologizes to Fyodor Vaskovich, the owner of Seclists.org. In addition, he should also receive some compensation for his trouble, such as a free three-year renewal for all his domains.

See http://it.slashdot.org/article.pl?sid=07/01/26/154 2218 [slashdot.org] for more information and more customer responses.
Maybe if they get hit hard enough, somebody over there--maybe even ol' Bobby Parsons (does anyone know his email address?)--will figure out that companies can't pull this kind of crap anymore without repercussions.

Overkill (4, Insightful)

Kelson (129150) | more than 7 years ago | (#17771766)

Let's see... one page out of 250,000 on a site turns out to have content that could compromise security at another site. So MySpace contacts the registrar, and gets the entire site shut down?

That's like using a hand grenade to swat a fly.

The logical way to go about this is as follows:

  1. Contact the site maintainer and convince them them to take the page down.
  2. If that fails, contact the hosting provider, and convince them to take the page down. (Just the page, not the whole site.)
  3. If that fails, and only then, contact the registrar and convince them to suspend the site.

Myspace should not have even contacted GoDaddy until they took the first two steps. And once GoDaddy was contacted, they should have done more investigation, which would have made it clear that they were looking at one page out of a quarter million... at which point they should have either told MySpace to contact the host, or done it themselves.

Even if, after all these steps, GoDaddy still decided to suspend the registration, they should have contacted him first: remove this page or we'll have to disable your site. Failing that, they should have told him why it was being suspended (beyond the vague reference to TOS abuse) and how he could resolve it.

Disabling the entire site with (apparently) minimal investigation is overreaction, plain and simple. That quote from Jones, where they refused to rule out taking down an entire news site to block access to one story -- or even one comment -- is telling.

Re:Overkill (1)

bladesjester (774793) | more than 7 years ago | (#17771822)

From a lot of the stories that I've heard, this seems to be par for the course for GoDaddy. They've also supposedly been known to basically hold domain names hostage when people want to change services.

It's one of the big reasons that I don't register domain names through them.

Re:Overkill (2, Funny)

Dimentox (678813) | more than 7 years ago | (#17771840)

Your post contains information that could hurt the DMCA, Please shut down /. your compliance is manditory. :P (DMCA is Easilly abused.. hince Anshee Chung)

Re:Overkill (2, Insightful)

SatanicPuppy (611928) | more than 7 years ago | (#17772024)

Why would they bother when they know GoDaddy will cave in a second? Send an email to a guy who runs a security site, and he'll tell you where to shove it...Not like he didn't know that MySpace would object to that information being public!

Unless your web hosting company is willing to go to bat for you, you'll never, ever, hear from a company like MySpace before your site is taken off line.

Overkill is an understatement (5, Insightful)

A beautiful mind (821714) | more than 7 years ago | (#17772044)

It should be downright bloody illegal to do what Godaddy did. Or if not illegal, it should have serious repecussions for them as a registrar up to the point of dropping their registrar status.

Besides, Myspace's effort was entirely useless. Those usernames/passwords were already compromised, Fjodor's site was just one that had it from the many places it can be found. The sensible thing would have been a forced password reset for the users involved not trying to coerce a registrar.

My position is that unless a legal, court ordered action is forced on the registrar, it should be forbidden to drop anything. And in the case there is content that shouldn't be public on the site, that is a _hosting_ issue not a domain issue. Go bugger the hosting company with legal documents.

Re:Overkill (0, Troll)

AutopsyReport (856852) | more than 7 years ago | (#17772216)

So consider this: you run a business and another website manages to get the usernames and passwords of your customers, and posts them online. Do you:

1) Contact the site maintainer and convince them them to take the page down. Keep in mind that the website owner obviously didn't care about the sensitivity of the information, otherwise the page(s) would have never been made public. Additionally, would you be willing to risk the time lag between a response and action -- anywhere from 24 hours and beyond -- knowing quite well that your customers private information is available?

2) If that fails, contact the hosting provider, and convince them to take the page down. (Just the page, not the whole site.) So now you've waited for a response from the site owner and probably didn't receieve one. Time goes by, you get even more frustrated, so you decide to contact the host. Same deal here. Wiping out a page probably isn't a high priority, so you wait.

3. If that fails, and only then, contact the registrar and convince them to suspend the site. Sounds like the best solution of them all! You get the problem solved without going through the two previous steps -- and the problem is solved much faster.

So to reiterate, if your customers login information is publicly available, do you diplomatically try to resolve the situation, or do you go straight to the top to slit this website's throat?

When it's a matter of business and protecting my customer's information, I'll take the knife over a kinder approach anyday, and this is exactly what MySpace did. And they did nothing wrong.

Re:Overkill (5, Informative)

Scott Lockwood (218839) | more than 7 years ago | (#17772336)

0) Take responsibility for your security being laughable, fire the people responsible, and secure your own shit before flinging it at others?


Re:Overkill (1)

AutopsyReport (856852) | more than 7 years ago | (#17772404)

... And I'm certain you'd be saying the same thing if your bank or credit card agency had a security flaw in its system and your privacy was at stake. Wouldn't you want them to correct the situation asap?

Are you forgetting that, although the public thinks its just a MySpace account, many of those users probably have the same password for many other websites, programs, etc.

Real-world analogy (1)

Kelson (129150) | more than 7 years ago | (#17772500)

Sounds like the best solution of them all! You get the problem solved without going through the two previous steps -- and the problem is solved much faster.

OK. Let's take a real-world analogy. You're trying to capture a criminal suspect who lives in a town of 250,000. You know his name. You know where he lives. You know he's at home. Do you:

A. Send police to his home and arrest him?
B. Place the entire city under house arrest, saving you the trouble of sending that squad car?

Re:Real-world analogy (1)

AutopsyReport (856852) | more than 7 years ago | (#17772576)

Bad example because GoDaddy was essentially acting like the police, taking the 'criminal' down without affecting any nearby citizens. They didn't place a chokehold on the Internet to shut down the website.

And even if you put the city under house-arrest, as you say, you still have to send the police in. So your analogy really doesn't apply here.

Re:Overkill (2, Insightful)

operagost (62405) | more than 7 years ago | (#17772666)

1) Contact the site maintainer and convince them them to take the page down. Keep in mind that the website owner obviously didn't care about the sensitivity of the information, otherwise the page(s) would have never been made public.
The site maintainer didn't post the content, one of the users did. The webmaster may not have even been aware of the content. In the era of Web 2.0, draconian action such as that taken by MySpace and GoDaddy will result in chaos.

Re:Overkill (1)

theshowmecanuck (703852) | more than 7 years ago | (#17772220)

What if it was credit card information. The time it takes to contact the site owner could result in millions of dollars of theft. On a case by case basis, it makes sense to do this. Sometimes time is what they don't have. Given the high profile MySpace has received around predictors etc, maybe they felt it was prudent to do this. Granted I might not like it if it happened to me, but at the same time, it is understandable. I am all for free information, as long as it doesn't open things up to the criminal element.

Re:Overkill (2, Insightful)

moranar (632206) | more than 7 years ago | (#17772428)

What if they were califlowers? Or Polonium 290? Or Nigerian scam letters? What's that got to do with this situation? Even if they were credit card numbers and data, they're already on the wild and phished, the person who posted them on the seclists forum has the data anyway. Nuking domains isn't the solution to that problem.

mass market effect (1)

Speare (84249) | more than 7 years ago | (#17772264)

I completely agree 100% with all that you said. I also know that it would never happen.

Companies that are at the size and scale that allows them to say, in a condescending voice, "we're the world's largest X" in the span of a simple phone conversation, are completely incapable of the approach that you gave.

Personal, manual, coordinated investigation for a case involving 0.001% of your business? No frickin' way. There's probably 50 such cases every day, if not every hour. The order of the day is to pull the plug first, get whined and bitched at, and even publically slagged later. Manual labor costs barely justify a "consumer relations" person to smooth over the bruised egos of an irate domain-holder once in a while. The chances of upsetting a C|Net reporter on each one of these little cases is so low that they can almost ignore the downside of being consumer-unfriendly.

Roughly speaking, this transition, from big successful company to huge mean company, is about when they start using the term 'consumer' instead of 'customer.' The term 'consumer' is there to highlight the situation where they have customers on both sides, and there's a conflict of interest in helping the little customer (B2C) when a big customer (B2B) complains.

Re:Overkill (1)

daeg (828071) | more than 7 years ago | (#17772340)

In this case, all of those fly in the face of what MySpace should have done.

MySpace should have invalidated all the usernames and passwords found in the list and notified those with compromised accounts that they need to change their password and alert them that they were compromised. Or just delete the profiles entirely, as they've probably already been compromised and filled with links to V!@Gr@ websites.

MySpace could even then use the list of passwords to detect hacking attempts and use it to improve their security systems. If someone tried a number of logins from the list, for instance, they are obviously attempting to do something nefarious (or just bored/dumb).

If your root password were on a mailing list, would you stamp your feat and demand everyone delete the e-mail, or would you change your root password?

Case by case basis (4, Insightful)

popo (107611) | more than 7 years ago | (#17771784)

In other words, "We have no backbone. We obey power. You have none. MySpace does. Any questions?"

Myspace is the new AOL (4, Insightful)

brennanw (5761) | more than 7 years ago | (#17771790)

In the linked article Fyodor calls MySpace the "new AOL." I can see it. It certainly seems to encourage people to throw all caution to the wind.

As to what MySpace did, I'm honestly surprised how incredibly angry that makes me. I thought I was jaded by the petulance of businesses at this point. And Godaddy's response -- geez. I don't understand how a business can take your money and then refuse to talk to you.

Well, no -- I understand how they can do it. I understand it perfectly well. They do it because they figure they can get away with it, because even if they piss off one customer, how are the rest ever going to find out? Or care?

Re:Myspace is the new AOL (4, Interesting)

walt-sjc (145127) | more than 7 years ago | (#17772118)

The ultimate blame in this case falls on GoDaddy for pulling the trigger. They should have told myspace "not our problem and you don't have the authority to ask for this action andyway. Get a court order."

I have a few domains registered with godaddy at the moment. In about an hour, they no longer will be, with a letter to their CEO (US Mail) saying why.

GoDaddy is now known as GoAwayDaddy in my book.

I think you're right... (1)

brennanw (5761) | more than 7 years ago | (#17772348)

... when I think about it more, what MySpace did was reprehensible but it's really the standard level of reprehensible I've come to expect from companies that grow more sociopathic the more successful they become. But GoDaddy pulled the plug and gave their paying customer no way of trying to resolve the problem -- he had to force the issue on his own. That leaves a really sour taste in my mouth. It almost makes me wish I had domains registered there just so I could transfer them.

GoDaddy probably complied... (5, Interesting)

mhazen (144368) | more than 7 years ago | (#17771792)

....because Rupert Murdoch would have just bought them and fired the people who questioned whether NewsCorp has the right to restrict freedom of information.

And, by the way, I hope GoDaddy's reading this. I'm moving my domains away from you because of your lackadaisical approach to our constitutional rights.

Constitutional Rights (1)

brennanw (5761) | more than 7 years ago | (#17771846)

do not apply to your business relationship with a registrar.

That said, Godaddy acted irresponsibly and their reaction to the whole thing guarantee I'll never consider them if I want to register a domain. ... not that I need any more. Six is probably too much as it is...

Re:Constitutional Rights (1)

pla (258480) | more than 7 years ago | (#17772300)

Constitutional Rights do not apply to your business relationship with a registrar.

From whom do the registrars derive their power?

IANAL(BIRGL), but I'd bet that, with big enough players involved (Google vs Fox, for example), a good lawyer could make a case that the registrar, in its capacity as an outsourced agent of the US Government, has some degree of obligation to obey the first amendment.

Re:Constitutional Rights (1)

Kelson (129150) | more than 7 years ago | (#17772320)

do not apply to your business relationship with a registrar.

That's right, the Constitution doesn't actually say you have a right to freedom of speech, only that Congress can't make a law abridging it. Wait, why does this sound familiar [slashdot.org]?

You misunderstand... (1)

brennanw (5761) | more than 7 years ago | (#17772482)

the Constitution only applies to the relationship between a citizen and the government. The Government can't take action to supress my free speech (well, obviously it can -- but it shouldn't be able to) -- but these rights can be almost nonexistant when it comes to business relationships. For example, I can't say anything I like in a privately owned building on the grounds that I have free speech -- when I'm on private property, my right to free speech is drastically weakened.

A webhost is also not bound by the constitution -- it can refuse to host anyone it likes, and if it finds your content objectionable for any reason it can shut you down. This is because the server space is privately owned, and you have to play by their rules.

A registrar is not precisely the same thing as a webhost, and perhaps it is under more strict federal regulation and oversight. But I don't think you can take constitutional protections for granted in a business arrangement with a private company.

Re:Constitutional Rights (1)

mhazen (144368) | more than 7 years ago | (#17772408)

I would agree if the content was posted under a GoDaddy service. The information was not, meaning that GoDaddy pulled a domain registration from a client for nothing which they have any purview over, nor did they (seemingly) have a contract with the client for anything more than providing domain registration services.

While not identical, it would be analogous to General Motors reposessing a car your purchased from them because you received a speeding ticket.

Re:GoDaddy probably complied... (1)

rajafarian (49150) | more than 7 years ago | (#17771972)

I'm moving my domains away from you...

Me, too. Who are you going with?

Re:GoDaddy probably complied... (1)

Dimentox (678813) | more than 7 years ago | (#17771998)

GKG.net =) Actually i have never had a issue with GKG, cheep and you can get customer service on the phone in less than a min.

Re:GoDaddy probably complied... (1)

networkBoy (774728) | more than 7 years ago | (#17772132)

I'm using e-nom(domain) and pagesgarden(previous domain and current host). In both cases I have had my host stand up to BS letters from lawyers (see link in sig). When I moved my domain from Pagesgarden to e-nom I told them I wanted a blinded whois. They happily transferred the domain reg and even helped me with the transition to ensure minimal exposure to downtime.

Two thumbs up to both.

So a TLD registrar can shut down queries if he (1, Interesting)

Anonymous Coward | more than 7 years ago | (#17771794)

does not agree with my content?

It's time for some contract review...

Am I the only one wondering this? (0, Flamebait)

djblair (464047) | more than 7 years ago | (#17771798)

What the hell was a list of usernames and passwords doing on the site anyway? Can anyone shed some light on this? That's a huge security risk. An attacker could use usernames and passwords to launch a massive spam attack via MySpace's messaging features.

Re:Am I the only one wondering this? (1)

arodland (127775) | more than 7 years ago | (#17772014)

"Massive spam attack"... wait, you can use MySpace for something else?

No, you're not. (0)

Anonymous Coward | more than 7 years ago | (#17772028)

What the hell was a list of usernames and passwords doing on the site anyway?

Thank you!

I don't have any problem with what was done. These are private companies and private websites and if I thought some internet site was compromising the security of others, I'd pull the plug too and ask questions later.

Re:No, you're not. (1)

malkavian (9512) | more than 7 years ago | (#17772196)

From even the text in the summary: It seems the editor of the forums was not present at the time, and somebody actually posted that in a public forum.
Once noticed (somebody told him the problem), he pulled the post.

Now, if that list was posted on Slashdot, would they pull that registration? If someone posted it on the BBC site, would they pull that?
Hell, it's probably cached in Google and a variety of other search engines. Are they going to pull those too?

Re:Am I the only one wondering this? (1)

sanimalp (965638) | more than 7 years ago | (#17772030)

well actually, I believe someone set up a fishing site and harvested lots of Myspace credentials, and then posted them on one of the various lists hosted on the site.

Re:Am I the only one wondering this? (1)

necro2607 (771790) | more than 7 years ago | (#17772040)

I would imagine it was a list of phished emails/passwords which have all long-since been disabled or changed...

Login/password lists like these exist all over the net, just search Google a bit, but make sure you turn off the "English results only" option. ;)

Re:Am I the only one wondering this? (2, Informative)

SatanicPuppy (611928) | more than 7 years ago | (#17772142)

There was a list compiled by a bunch of phishers that made it into the open a few months ago...Lot of security guys were using it to do things like check for the average complexity of passwords among users and suchlike. The first link I found was on Google was the Tech Reads [cyber-knowledge.net] blog, dated 9/16/6 (mdy), so this is nothing new.

Ordering a takedown in pointless...I can't believe that those users weren't informed that they should change their passwords, and if they were, what's the problem?

Re:Am I the only one wondering this? (1)

Gerald (9696) | more than 7 years ago | (#17772172)

The site in question (SecLists.Org [seclists.org]) is run by Fyodor and hosts archives for many security mailing lists. Someone posted MySpace passwords on one of those lists. MySpace could have contacted the original poster, the manager of the original list, or Fyodor directly. They had the domain shut down instead.

It's akin to Diebold or the RIAA having the slashdot.org domain yanked because someone posted an election machine or DRM exploit in a thread.

You just creeped me out... (1)

rewt66 (738525) | more than 7 years ago | (#17772528)

I can actually see this happening. It's election day 2008, and Slashdot posts yet another story about how hackable Diebold voting machines are. Some election official goes ballistic, and asks Slashdot's ISP and/or registrar to knock them off the net for the rest of election day. One or the other complies.


domain registrar neutrality (4, Insightful)

Anonymous Coward | more than 7 years ago | (#17771806)

Domain registrars should remain neutral in content disputes. Quis custodies ipsos custodes?

goDaddy dont care (0)

Anonymous Coward | more than 7 years ago | (#17771808)

go daddy dont care if you are stupid enough to host with them. you deserve all you get.

Legal Implications? (2, Insightful)

popo (107611) | more than 7 years ago | (#17771812)

IANAL but wouldn't the site owner have some serious legal ammunition against both MySpace and GoDaddy?

This seems to me to be an issue for the courts, not an IT department.

How timely (3, Interesting)

drinkypoo (153816) | more than 7 years ago | (#17771814)

I'm about to move my website from one host to another because my current shared hosting company (Netactuate, formerly VR Hosted) is falling down on their ass. I haven't even been able to load my cpanel this morning, and I tried two different connections - but their front page loads in a snap. I only jumped on them because of the gentoo hosting special but lunarpages is 2/3 the price of the discounted rate... I get 5GB and lunar gives 250GB, I get 200GB of transfer or something like that (I can't even load the cpanel to see what my quota is) and lunarpages gives 2.5 TB. I'll miss the shell access, but I can live without. Anyway, the moral of this story is that I think I'll take advantage of this moment to transfer my domain registration from godaddy to another registrar. Anyone have any recommendations?

Re:How timely (1)

PitaBred (632671) | more than 7 years ago | (#17772008)

dreamhost? They aren't a registrar, but they're a great host

Re:How timely (1)

drinkypoo (153816) | more than 7 years ago | (#17772054)

I said registrar, not web host. I have already picked a webhost - lunarpages. I set up someone else's website on their service and while the lack of a shell is an annoyance, the fact that they actually have everything else I want (including imagemagick) AND they provide the ABSOLUTE best ratio of price to disk space and monthly transfer more than makes up for it.

Re:How timely (1)

SNR monkey (1021747) | more than 7 years ago | (#17772010)

In case anyone is on the fence about GoDaddy (or planning on picking up a new registrar, or registering a new domain), they should probably read a recent post [slashdot.org] about GoDaddy. It makes for an interesting read.

Re:How timely (1)

SatanicPuppy (611928) | more than 7 years ago | (#17772242)

I will reply to this post to make the meta-post chain complete (a reply to a post about a post that was a reply to a post of mine).

I myself have had a lot of issues with GoDaddy, and I can't help but be surprised at the people who are acting so shocked. It's cheap webhosting. They don't give a damn about individual customers, and they don't have a great reputation.

Getting a good webhost is hard. You have to be willing to move around a lot, and to pay more than 8 bucks a month.

Re:How timely (0)

Anonymous Coward | more than 7 years ago | (#17772094)

Not clear from your post whether you're looking for hosting or domain registration, but in case you meant hosting, here goes:

I've been liking www.nearlyfreespeech.net -- you pay for exactly what you use; $1 per GB of transfer and $0.01 per megabyte-month of storage. Hosted on FreeBSD, with Perl, Python, PHP, shell access, MySQL, etc. Perhaps they're not the best deal for a site that gets a high (and regular) amount of traffic, but I've been very happy with them so far, in terms of cost and customer service.

What's the problem? (-1, Troll)

Frosty Piss (770223) | more than 7 years ago | (#17771844)

...asked GoDaddy to remove a site that happened to archive a list of thousands of MySpace usernames and passwords...

Sounds reasonable to me. Fyodor was out of line. And, it's not up to GoDaddy to filter through the 100,000's of Fyodor's pages, he's alrady shown the domain to be a security threat. If he wants GoDaddy to reverse its actions, he needs to clean up his act himself. That's not GoDaddy's job.

Re:What's the problem? (2, Informative)

arootbeer (808234) | more than 7 years ago | (#17771984)

The problem is reasonable. The response is not. There's a post above that illustrates the point, but this is the point.

Re:What's the problem? (1)

atomic777 (860023) | more than 7 years ago | (#17772330)

I'll bet you think this nasty "freedom of speech" ideal is a national security threat as well. All these damn people wanting to say whatever they want. They're out of line!

Re:What's the problem? (2, Insightful)

Zontar_Thing_From_Ve (949321) | more than 7 years ago | (#17772426)

...asked GoDaddy to remove a site that happened to archive a list of thousands of MySpace usernames and passwords...

Sounds reasonable to me.

And me too, but we seem to have the minority opinion here. I love reading the justifications on why this is "evil" of GoDaddy to do this. Then again, what do you expect from Slashdot readers? Last week everyone was up in arms because the RIAA and a SWAT team arrested a guy for "making mix tapes" when in fact he was a bootlegger with over EIGHTY THOUSAND bootleg CDs that got confiscated and it had nothing to do with mix tapes.

From Russia with your passwords (1)

AnnuitCoeptis (1049058) | more than 7 years ago | (#17771850)

I wonder when they start doing something 'good' for the internet community. Seeing IP connection from Russia on my servers somehow always makes me nervous...

And here I thought GoDaddy was a free-sprit co. (1)

Robert Goatse (984232) | more than 7 years ago | (#17771868)

Woo hoo, GoDaddy completely submitted to MySpace. As TFA said, Google for duckqueen1 if you're interested in the list.

not an intelligent move.. (5, Funny)

sanimalp (965638) | more than 7 years ago | (#17771882)

The LAST thing in the world i would want to do as a registrar, or ANY web based business for that matter, is to piss off a bunch of hackers. I think karma might prevail on this one.

the next few thousand registered usernames: (4, Funny)

A beautiful mind (821714) | more than 7 years ago | (#17772178)

The next few thousand registered usernames on myspace will strangely resemble something like:

';DROP database;select * from x where '=
';DROP database;--
\';\'\';DROP database;--

It is very strange indeed.

Re:not an intelligent move.. (1)

ruffnsc (895839) | more than 7 years ago | (#17772194)

Granted they might be hackers but I find that social engineering to gain access is like a subset of hackers. Its not script kiddies but then again it doesn't seem like phishers and the like are deserving of the term hacker IMO. In any case, I think it would piss anyone off if they just shut down a site because a bigger site asked. Anyone with enough emotion and motivation could find ways to retaliate.

Impressively retarded (2)

Klowner (145731) | more than 7 years ago | (#17771906)

So, anyone have any recommendations for less-retarded registrars which might actually deserve my money?

The simple and safe solution (0)

Anonymous Coward | more than 7 years ago | (#17772474)

If you REALLY feel strongly about this, you can become a registrar yourself. This is the direction that Fyodor should move in, given what he does.

Myspace would then either have to deal with him directly (which is what they should have done in the first place), or go to ICANN. Good luck with the latter.

Yes, it's more money. Yes, it's more hassle. The point is that there ARE options out there for the right price. If you really want to be resistant, incorporate offshore and set up your hosting service there.

Or if that's too much, just use an offshore hosting service.

Honestly, there are a lot of options out there. The only thing really surprising here is that Fyodor hasn't made use of them yet, given the grey area (as seen by some) that he deals in.

Time to remove my registrations from GoDaddy... (1)

ScooterBill (599835) | more than 7 years ago | (#17771930)

I can definitely say that I would be upset if my registrar simply shut down my site because "someone else" didn't like it.

There are proper ways of fixing these things.

MySpace and GoDaddy = Garbage (1)

Reed Solomon (897367) | more than 7 years ago | (#17771938)

Well I suppose I'll have to avoid using GoDaddy. I already avoid MySpace like the plague and mock anyone who uses it. Pretty lame. They could have just pulled it down temporarily until they contacted the guy but they had to remove everything.

note to self.. (0)

Anonymous Coward | more than 7 years ago | (#17771954)

never buy a domain from godaddy again...

Big surprise. (4, Interesting)

SatanicPuppy (611928) | more than 7 years ago | (#17771968)

You get what you pay for with GoDaddy. I certainly wouldn't expect them to take my side in a dispute with MySpace, News Corp, or, frankly, anyone with a significant number of lawyers on their side.

Providers, by and large, will cave to any request from a big company...Hell there was an article about it here a few days ago, that linked the BoF Experiment [www.bof.nl] where they posted a public domain work on 10 different places, and then sent DMCA takedown notices to all 10 places, and had 7 remove it immediately even though it was clearly marked as public domain.

Face it; a hosting site that will stick up for it's customers against a significant threat from a big company is hard as hell to find, and sure as hell GoDaddy isn't going to do it for 10 bucks a month.

Why where the passwords posted (2, Interesting)

cyberkahn (398201) | more than 7 years ago | (#17771980)

"remove a site that happened to archive a list of thousands of MySpace usernames and passwords"
Why where these posted on the site? Was this part of disclosure regarding a security issue that MySpace wasn't willing to address?

Umm, GoDaddy? (0, Redundant)

necro2607 (771790) | more than 7 years ago | (#17771994)

Ummm.. All I have to ask is, why the hell would you host a security site through a hosting company as "mickey-mouse" as GoDaddy? Come on... You can tell just how much they appreciate their customers by how much they spam you with offers to buy more features and unneccesary "added value" bullshit while you are trying to just buy a simple domain name registration or the like.

Re:Umm, GoDaddy? (2, Informative)

terrahertz (911030) | more than 7 years ago | (#17772202)

GoDaddy was not hosting the site, they are the registrar for the domain name. As such they control DNS for seclists.org, and part of what they did was to change the nameserver from what it was supposed to be to NS1.SUSPENDED-FOR.SPAM-AND-ABUSE.COM, effectively preventing most people from accessing the site.

The IP in the A record for seclists.org is registered to "MEER NET," who is either hosting the site or reselling the hosting, and had nothing to do with what GoDaddy did.

New Corporate Espionage method (1)

RyoShin (610051) | more than 7 years ago | (#17772036)

  1. Find a competiting business's website that is hosted by (or has their domain registered with) GoDaddy
  2. Search for some location where user-submitted content my be posted (perhaps forums, or a shoutout box)
  3. Post something that seems to be potentially "harmful" for their site security
  4. Contact GoDaddy to take down the entire site
  5. ??? (Case-by-case basis!)
  6. PROFIT!
You know, GoDaddy keeps doing things that make me question whether I should keep my domains registered with them or not.

The other side is a very slippery slope as well (2, Interesting)

frantzen (137260) | more than 7 years ago | (#17772100)

For instance if the propogation of a large scale worm depended on the a server at www.example.com. There are two effective ways to stop the worm in it's tracks. One is to shut down the server at www.example.com. And the other is to pull the domain record. In such a situation most of us would advocate yanking both. I can't say that a registrar should never take action like this without a court order. But I don't believe this instance was jusitified.

Better domain registrars? (1)

mmurphy000 (556983) | more than 7 years ago | (#17772110)

Does anyone have any experience with domain registrars that would have handled this situation better than did GoDaddy? I'd love a registrar that's demonstrated that it strikes a better balance between "anything goes" and "you so much as look at us cross-eyed and we'll shut you down".

Unconscionable (5, Interesting)

gellenburg (61212) | more than 7 years ago | (#17772204)

1. Unconscionable: How I feel about this whole matter. Completely unconscionable that GoDaddy could or WOULD do anything like this.

2. 142: The number of domains I have registered with GoDaddy.

3. $1500: Roughly the annual amount I pay for my domains to renew them each year.

4. 48: The number of hours I have allotted myself this weekend to transfer each and every one of them AWAY from GoDaddy to someplace like NameCheap.com or DomainMonitor. Haven't decided yet.

5. True: Boolean value for whether or not I am pissed-off.

6. Very Much: The level of item 5, above's, value.

Read the fine print, please (1)

tfbastard (782237) | more than 7 years ago | (#17772284)

This is why you should never, ever enter a contract without reading the fine print. It's all too easy to click the "I accept" button without reflecting what you've just accepted. I wouldn't be surprised if godaddy have a "we may yank your domain at any time for any reason" clause in there somewhere...

Pulling my sites (3, Informative)

All Names Have Been (629775) | more than 7 years ago | (#17772288)

I've sent email to GoDaddy's customer relations department asking for clarification of this, stating that I'm going to be pulling my personal sites (hosted there) and all domains (and my company's 350+ domains (no, we're not squatters..)). If this turns out to be true, and can't clarify their position on when they might arbitrarily pull sites based on nothing but a request other than "when we feel like it" EVERYONE should get the hell out of Dodge, as they obviously are responsible business partners. Waiting for my rely, which will probably never come.

Probably reasonable (2, Interesting)

S3D (745318) | more than 7 years ago | (#17772506)

I have only 2 domains with GoDaddy, but if they will not provide explanation, I'll pull out too and will help spread the word. Just wouldn't be able trust them. What if they transfer ownership of my domain if someone ask them ? What if they charge my credit card for some insane amount of money just because they feel like it?

Re:Probably reasonable (2, Insightful)

TubeSteak (669689) | more than 7 years ago | (#17772752)

if they will not provide explanation, I'll pull out too and will help spread the word. Just wouldn't be able trust them.
I thought it was rather obvious why GoDaddy dicked over SecList: MySpace is a big player on the internets & they get special treatement.

Serious question: What explanation from GoDaddy would satisfy you (or other /.ers), such that you continue giving them your business and would trust them? I would have thought the facts speak for themselves.

Not a Freedom Of Speech Issue (1)

mpapet (761907) | more than 7 years ago | (#17772362)

This is hardly a freedom of speech issue when the content in question is username/pwds. It would be if it were "billy-bob gates suckx and makes bad products..."

The more effective approach is to build the business case against choosing godaddy in the future. Nothing hurts them more than a shot in the pocketbook.

Personally, I question the wisdom of going with a company the size of godaddy to begin with. But that's me.

Re:Not a Freedom Of Speech Issue (1)

bigtangringo (800328) | more than 7 years ago | (#17772584)

Personally, I question the wisdom of going with a company the size of godaddy to begin with. But that's me.

Sorry? I certainly hope you're not implying they're small; because if that's the case you're terribly mistaken.

As of August 2006, they control 14.6 million domains and raked in over 15 million bucks in one quarter.

RTFA people, it was an archive (4, Informative)

FliesLikeABrick (943848) | more than 7 years ago | (#17772436)

Everyone who is asking "WTF why do they even have the list?!" needs to go back and read the seclists.org list. It is an archive of a mailing list post, one which tens or hundreds of sites probably also have archived.

I believe MySpace and GoDaddy are both to blame here for reasons that any sensical person can see. I think I'll be looking for a new registrar now.

I see a giant drop in revenue for GoDaddy (4, Insightful)

CharlieHedlin (102121) | more than 7 years ago | (#17772490)

I see a lot of slashdot readers pulling their domains to another registrar. I don't know if any are better, but at least there have to be some that haven't already taken these draconian messures.

I have a few domains up for renewal, and was considering GoDaddy. Not any more. I am sure slashot readers must control the registration of several million domains.

I hope this publicity shows as a giant drop on their revenue graph.

Fyodor Vaskovich? (0)

Anonymous Coward | more than 7 years ago | (#17772600)

who the hell is Fyodor Vaskovich?
afaik Gordon Lyon aka "Fyodor" is the father of nmap..

Hypocrits (1)

vertinox (846076) | more than 7 years ago | (#17772686)

I know a band that had petitioned GoDaddy to take action against a Russian website selling their MP3s illegally (not all of mp3 but a small fish like Muza something.com) but no actions was taken. I guess you have to be a big dog like MySpace to pull something like this off.

Frist 4sot!! (-1, Troll)

Anonymous Coward | more than 7 years ago | (#17772728)

Join GNAA (GAY which allows leaving tahe play Jesus Up The users of BSD/OS. A faster than this Maintained that too too many rules and from one folder on the project

Question is... (1, Insightful)

C_Kode (102755) | more than 7 years ago | (#17772742)

How exactly do you as the hosting provider handle such a thing? I believe GoDaddy did the right thing to a point. They should have taken it down immediately, but should have tried to contact Fyodor immediately also. What you have to remember is it was listing user names and passwords of 250,000 MySpace users. I'm not a fan of MySpace or GoDaddy, but they did the right thing no matter how you feel about it. What if someone posted your account information (banking, email, FTP, unix, , SS#, etc) along with 250,000 other peoples on Google's home page along with any other prevalent information. Would you prefer your information be displayed for hours if the hosting provider could not get a hold of Google for the next seven hours, or shut it down immediately to stop the flow of that information and would (or *should*) get Google's attention quickly.

I don't know how much of an effort they made to contact Fyodor, but I don't think taking down that information was wrong.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account