Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Domains May Disappear After Search

Zonk posted more than 5 years ago | from the risky-business-out-here dept.

379

Ponca City, We Love You writes "Daily Domainer has a story alleging that there may be a leak that allows domain tasters to intercept, analyze and register your domain ideas in minutes. 'Every time you do a whois search with any service, you run a risk of losing your domain,' says one industry insider. ICANN's Security and Stability Advisory Committee (SSAC ) has not been able to find hard evidence of Domain Name Front Running but they have issued an advisory (pdf) for people to come forward with hard evidence it is happening. Here is how domain name research theft crimes can occur and some tips to avoiding being a victim."

cancel ×

379 comments

Sorry! There are no comments related to the filter you selected.

suck it faggots (-1, Troll)

Anonymous Coward | more than 5 years ago | (#21840256)

smoke the cock

never use the web for such queries (4, Informative)

jacquesm (154384) | more than 5 years ago | (#21840264)

Always use a command line tool. The webservices are notorious for such sniffing, I've never seen or heard about it happening from the unix command line.
Better still, simply use your registrar to do a registration, if that works then it was free :)

http://rndpic.com/ [rndpic.com]

Re:never use the web for such queries (1, Informative)

Anonymous Coward | more than 5 years ago | (#21840446)

It's not much of a stretch from selling NXDOMAIN data to logging all whois queries. I think the time has come for encrypted whois, at least between nics and registrars. Unfortunately most registrars are clueless about how this stuff actually works and some nics are so utterly clueless that they only offer web-based whois.

Re:never use the web for such queries (5, Interesting)

Anonymous Coward | more than 5 years ago | (#21840612)

I am positive this happened to me, and I only used the whois command from the OpenBSD command line to look the domain up. It was not a domain name that I can imagine anyone else wanting, but it was fairly short. Two days later (after checking with my client) I went to register it and it had been taken. I became immediately suspicious. Three days after that, I see this story...

Would it help anyone to know who took the domain? I can't seem to get to the article yet.

Re:never use the web for such queries (2, Interesting)

jacquesm (154384) | more than 5 years ago | (#21840670)

Interesting! What provider where you using ? Which whois server and can you figure out the hops that your request passed through ? Chances are that your packets have been 'sniffed' at some hop in between your BSD machine and the whois registry server. That chance exists but is significantly smaller than having it happen when you use a web based service.

The best protection is to keep the 'window' between testing and registering as short as you can manage, preferably no more than a few *minutes* !

Data mining (4, Informative)

karl.auerbach (157250) | more than 5 years ago | (#21840304)

It has long been rumored that domain name registries snap up names when they see signs of interest. Unfortunately ICANN's committees don't have the tools to really open up the clamshell and see what is really going on deep inside registries and registrars.

However, there is another matter - that of data mining of the query packets that arrive at root and top level domain servers.

ICANN's contracts do not prohibit data mining of the query stream, in fact they openly permit it. Thus Verisign has the right to look at incoming queries and generate a body of information about what domain names are being uttered by users. It's not a big step from that to come up with a list of names that would be nice things to have if one wants to spatter up a bunch of Google Adsense ads and collect click revenue.

(Also, because the entire domain name, not just the top level parts, hits root and top level domain servers, through a bit of statistical reduction, one can produce a data stream that is of interest not only to paying marketeers but, perhaps, to certain national intelligence agencies.)

Re:Data mining (1)

XxtraLarGe (551297) | more than 5 years ago | (#21841132)

The simple way to combat this is to do searches on thousands of domain names that nobody is going to be interested in, like "babysealfurfactoryoutlet.com", "flyingfrenchflamingofloat.com" etc. Break their banks on stupidity.

This has been happening a long time (5, Interesting)

jafiwam (310805) | more than 5 years ago | (#21840306)

Though, not on the "in minutes" time scale.

My buddy and I even made up names with random letters in a string of 15 or 20, then some porn words stuck on the end ".com".

Sure enough, two days later some squatter had them.

I think the leak is in the registrars themselves. Imagine the money someone could get from the squatters by simply setting up a script to automatically email these queries somewhere.

"Never a more wretched den of scum and villany" describes the whole domain registration process pretty well I think.

Re:This has been happening a long time (1, Interesting)

Anonymous Coward | more than 5 years ago | (#21840374)

Amusing. Increase the scale of that operation a bit and you could quickly bankrupt a careless squatter.
One would think that in a predatory environment like that, the squatters are doing that to each other already.
Surprised random strings worked.

nope, they dont pay (4, Informative)

asv108 (141455) | more than 5 years ago | (#21840456)

Amusing. Increase the scale of that operation a bit and you could quickly bankrupt a careless squatter.

Actually most of bigger squatting operations don't pay a dime on a per name basis. They hold the name for 30 days, then release it at no cost.

Re:nope, they dont pay (4, Insightful)

liquidpele (663430) | more than 5 years ago | (#21840572)

Exactly. That's the real problem... squatters can register a domain for 30 days to see if it would be profitable, then release it and get a refund if it's not. It's literally no-risk for them, and it creates a horrible situation for the rest of us.

Re:nope, they dont pay (5, Insightful)

gmack (197796) | more than 5 years ago | (#21840580)

Actually most of bigger squatting operations don't pay a dime on a per name basis. They hold the name for 30 days, then release it at no cost.

They don't need to release it. They just get another shell company to snap it up.

Domain tasting is causing nothing but headaches for the internet at large and they need to abolish it.

Re:nope, they dont pay (3, Insightful)

HTH NE1 (675604) | more than 5 years ago | (#21840582)

Actually most of bigger squatting operations don't pay a dime on a per name basis. They hold the name for 30 days, then release it at no cost.
Well, there's your solution. Don't just search for availability: register with presumption of availability and hold onto it for 30 days instead, and if you decide you don't want it, release it at no cost.

Re:nope, they dont pay (3, Funny)

HTH NE1 (675604) | more than 5 years ago | (#21840628)

Oh, and by the way, this article is a dupe.

Re:nope, they dont pay (5, Funny)

Some_Llama (763766) | more than 5 years ago | (#21840968)

actually it's not a dupe, i went to submit this article but then checked two days later this was posted by someone else. I think i got article tasted :(

Re:This has been happening a long time (4, Interesting)

Shotgun (30919) | more than 5 years ago | (#21840694)

My buddy and I even made up names with random letters in a string of 15 or 20, then some porn words stuck on the end ".com".

So there's the answer to the problem. Bombard the servers with requests for random names. The sleazoids will be forced to either go through the names manually, looking for likely candidates, OR they'll have to register everything...which might tend to get a tad expensive. A script that would hit the whois server with a single randomly generated name every time someone logged into a linux box would probably not put undue hardship on the root servers, but still generate way to many names to feasibly register.

The way to break a scam is to make it expensive to continue. A similar scheme could work for spam. Go through the filtered emails, making a list of URLs. Wait for slow network usage, and do a throttled wget to /dev/null on the websites. Once they can't sell Viagra from their DDOSed site, they'll stop. Someone will eventually try spamming with a URL of a big corporation. The big CEO will sit down with the Pres, explain their problem, the finally the FBI, CIA, NSA, MADD, and AARP will all be called out, and the spam problem will finally be brought to an end. (Heh, I jest...but only slightly).

Re:This has been happening a long time (2, Insightful)

John Hasler (414242) | more than 5 years ago | (#21840782)

> So there's the answer to the problem. Bombard the servers with requests for random names.
> The sleazoids will be forced to either go through the names manually, looking for likely
> candidates, OR they'll have to register everything...which might tend to get a tad
> expensive.

It doesn't cost them a penny. Google "domain tasting".

Re:This has been happening a long time (4, Informative)

orclevegam (940336) | more than 5 years ago | (#21840826)

As some have pointed out it costs the squatter nothing. They have a loophole because many registrars allow a 30 day trial period on a domain in which you can have it and if you decide you don't want it you can get rid of it for no cost. The squatters can then play a shell game by having a set of dummy companies swap the domain between themselves without ever passing the 30 day mark. With only 3 companies a squatter could tie a domain up for just under 3 months, and never have to pay a penny.

Re:This has been happening a long time (4, Informative)

liquidpele (663430) | more than 5 years ago | (#21841040)

If you want to be 100% safe, you can do the following...

1) Join the zone file program of the TLD provider of the TLD (top level domain for non-geeks) you're interested in. For .com and .net, you can join here for free: zone file access program [verisign.com]

2) Search the zone file for the domain you want. You can even import it into a database like I did, but that takes a loooong time (1.5 days on my 800 mhz pc, inserting using perl into mysql without any indexes at all). Grep would serve you much better for simple searches.

The only bad thing is it takes time and bandwidth to download the giant zipped files...

Re:This has been happening a long time (1)

orclevegam (940336) | more than 5 years ago | (#21841092)

Cool resource. Thanks for the link, it's part of my bookmarks now.

Re:This has been happening a long time (1)

Razed By TV (730353) | more than 5 years ago | (#21841134)

With enough false domain names poisoning the squatters and an increase in unprofitable 30 day trial registrations, the registrars may decide to forgo the 30 day trials. The cost of a domain name is not prohibitive, so I can't see this making a huge loss in sales.

Re:This has been happening a long time (0)

Anonymous Coward | more than 5 years ago | (#21840784)

"I think the leak is in the registrars themselves. Imagine the money someone could get from the squatters by simply setting up a script to automatically email these queries somewhere."

For sure. I first encountered this practice in 2005 while working for a company that wanted to start two new offshoot businesses. I was charged with researching and obtaining the domains. I spent the afternoon using their existing service, 1&1 internet, to find appropriate new domains and after about 5 hours work I reported back with a list of the best candidates. 24 hours later 6 of the 8 choices had "gone".

I found this so unbelieveable I pointed out that the registrar _must_have_ used the search query to obtain these domains.

So not to be stung again I formulated a the best plan I could think of to stop it happening. As someone has already said, only use command line tools. Type the domains you want into a host query for some obscure DNS server, then follow up the ones that you are interested in with a discrete whois query. Never use the "find domains" search from an ISP or hosting provider!

Re:This has been happening a long time (2, Informative)

Tiger4 (840741) | more than 5 years ago | (#21841082)

I just tried it over at Network Solutions (took three words and glued them together). The made up name wasn't registered. They not only offered to register the name for me, but it also offered me common Misspellings that would be a near match, common search term names similar to the one I queried, and Premium names that are already available for sale, all on the same registration page. How much of a stretch is it to assume they track this kind of thing and pass it on to someone to register?

"domain tasting" (4, Funny)

TheWoozle (984500) | more than 5 years ago | (#21840330)

Over the years, the Internet and its resulting commercialization have lead to some truly awful buzzwords and mangling of the language (may the person who first coined "blog" rot in hell)...

But ye gods! "domain tasting"?!

I can see it now... "The slashdot.org '97 was a superb one; It had a playful nose, a full, rich body and a piquant aftertaste. The digg.com '07, however, can only be described in scatalogical terms."

Re:"domain tasting" (1)

B3ryllium (571199) | more than 5 years ago | (#21840480)

You think you have it bad? I misread it as "Domain Tasing".

Re:"domain tasting" (1)

Jason Levine (196982) | more than 5 years ago | (#21840576)

"Domain Tasering"?

Maybe that's a good idea. Taser these guys right in their... um... "domains." ;-)

Re:"domain tasting" (5, Funny)

B3ryllium (571199) | more than 5 years ago | (#21840630)

"Don't register me, Bro!"

Re:"domain tasting" (1)

jo42 (227475) | more than 5 years ago | (#21840818)

(may the person who first coined "blog" rot in hell)
"blog" AKA "big log" is something you leave in the toilet bowl after a large meal.

Does this apply to me? (4, Funny)

InvisblePinkUnicorn (1126837) | more than 5 years ago | (#21840334)

How does this apply to me? I make it a point whenever entering my credit card number and personal information into an order form, to do a Google search first to make sure someone else doesn't have the same information, so they don't get confused and send my order to them instead.

Theft? Crimes? (5, Insightful)

mi (197448) | more than 5 years ago | (#21840338)

Here is how domain name research theft crimes [emphasis mine -mi] can occur

Theft? Crimes? Does Slashdot now think, an idea can be "property" and/or "stolen"?

Re:Theft? Crimes? (1)

Chysn (898420) | more than 5 years ago | (#21840384)

> Theft? Crimes? Does Slashdot now think, an idea can be "property" and/or "stolen"?

Too-SHAY.

Re:Theft? Crimes? (1)

bangzilla (534214) | more than 5 years ago | (#21841086)

It's "Touché" actually....

Not a new trend. (4, Informative)

palegray.net (1195047) | more than 5 years ago | (#21840400)

I'll swear this has been happening for years. I've taken to the habit of not searching for a new domain until I'm ready to buy it, right then and there. In the past, I've seen cases where customers have searched for a domain, found it to be available, and by the time they had a meeting the next morning to discuss buying it have it be registered by someone else (usually a squatter). In a sense, it's just common sense that a lot of the domain search "services" would engage in a competitive practice like this. I'm not saying it's ethical, but it's been going on for a long time.

Maybe the community can come up with a list of guaranteed reputable domain search services that take measures to prevent this sort of activity, and support those organizations.

it HAS been happening for years. (2, Interesting)

killmofasta (460565) | more than 5 years ago | (#21840698)

This type of domain name sniffing and squatting has been happening for years. I 'tested' registration of a domain name on ICANNs biggest contractor. They havent changed their page. and the next morning, as I was paying for the registration, the registration record came up 'owned' by someone else. ( Purchased the following day. Since I tested the name at about 11:15 p.m. It was an automated system, in place and doing its dirty work.) A squatting company in Pasadena, who sold it to someone in Oregon. Nothing has appeared on the site EVER, and that was a way back in 1999, but it kinda angered me that it happened, and I never understood the mechanism, but now see clearly that ICANNs contractors were behind it. There is a domain-name squatters magazine, and a domain-name squatters trade show!

Don't use Godaddy (2, Interesting)

teknopurge (199509) | more than 5 years ago | (#21840404)

I've heard rumors of GD domain "tasting" for the past 18 months, maybe longer. If true, it's pretty pathetic that they need to do that in order to make money.

Re:Don't use Godaddy (1)

SydShamino (547793) | more than 5 years ago | (#21841090)

This happened to me a few years ago, with Godaddy's whois lookup (while logged in to my Godaddy account) with the domain buylocal.com. It was untaken when I queried, then snapped up by Godaddy within a few days.

Needless to say, Godaddy doesn't get my business any more.

its actually pretty common (3, Informative)

asv108 (141455) | more than 5 years ago | (#21840406)

I've executed many whois domain searches in the past, only to find the domain I looked at registered the next day. There are a few ways to avoid this problem:
  • Register a domain as soon as you search for it
  • Avoid using registry based WHOIS tools.
The ICANN requirements for becoming a registrar are VERY weak. There are a lot of disreputable operations out there who could be colluding with domain prospectors. Even with the bigger registry operations, its still possible for people to get access to the whois queries. You have no idea what that web whois box is actually querying, and there is no privacy guarantee.

Re:its actually pretty common (4, Informative)

liquidpele (663430) | more than 5 years ago | (#21840614)

A lot of "disreputable" operations indeed.

This happened with me on godaddy, one of the biggest.
My advice is NEVER EVER EVER use a web-based whois. EVER.

Instead, Download the sysinternals tool mentioned in an above post, or use Sam Spade (or just command line if on *nix). And even then, if you find one you might want - register it!! It's only $9 or so, and not worth loosing if it's a good one.

Re:its actually pretty common (1)

cstdenis (1118589) | more than 5 years ago | (#21840758)

Happened to me too with them in 2004. This is nothing new.

Re:its actually pretty common (1)

John Hasler (414242) | more than 5 years ago | (#21840842)

> This happened with me on godaddy, one of the biggest.

And one of the least reputable.

Re:its actually pretty common (4, Informative)

zyzko (6739) | more than 5 years ago | (#21841054)

Could you back that up? There are horror stories for every registrar, but GoDaddy is in my opinion one of the best of the cheap ones. Their customer support actually works (I have always got a response to email within 2 hours - Network Solutions has 12-24 hour answer time at best and they cost 5x as much as GoDaddy, not to mention their refusal policy to transfer domains to other registrars without phonecalls (I'm not living in the USA so the phonecalls to them are expensive international ones) just because they think transfer is "suspicious").

Also - GoDaddy has a quite nice spam policy - which other cheap registrars often don't have and they actually do not care much because being too strict about spam would not give them income.

joker.com would be nice because their web interface is clean and they don't try to sell you a kitchen sink with your domain, but their spam policy has at least in the past been non-existant.

Re:its actually pretty common (1)

Some_Llama (763766) | more than 5 years ago | (#21841060)

"There are a few ways to avoid this problem:"

There HAS to be a better way of dealing with this than instant registering of possibly wanted domains. We know there is a problem with domain squatting for 5-7 years now, we have tried somethings to alleviate the problem (like the ability to sue to get a squatter to release brand names) but there should be some solution we can come up with that would eradicate the problem once and for all.

sheesh, come on people, we are the techies who make this stuff work, can't we find a more elegant solution than trying to out squat the squatters?

MD5 lookup as defence (5, Interesting)

zakeria (1031430) | more than 5 years ago | (#21840420)

perhaps whois should provide Md5 lookup for a domain instead so people cant snoop at the domain being queried.. so instead of for example whois: somedomain.tld its whois: a79f888f1c2dc50c6b354c0d816f5bf5 simple and effective.

Re:MD5 lookup as defence (1)

atraintocry (1183485) | more than 5 years ago | (#21840506)

Right, or any decent form of encryption. But that wouldn't solve the problem of the registrars giving you away.

But my question is, since secrets and the internet don't mix, how has anyone engaging in this avoided being found out? Surely somebody would have blown the whistle by now. So maybe the snoops are the main problem after all.

Re:MD5 lookup as defence (1)

jacquesm (154384) | more than 5 years ago | (#21840542)

That's an *excellent* suggestion !

Also, if you have to use a web based tool use a reputable registrar (I'm using 'moniker' now, after having used bulkregister for years but I didn't feel like staying with enom after the bulkregister takeover, enom has a pretty bad rep, as does godaddy).

Re:MD5 lookup as defence (0)

Anonymous Coward | more than 5 years ago | (#21840558)

simple and effective.


Not so simple as the majority of people who search for domains :-/

Can you say "marketing dept"?

Re:MD5 lookup as defence (1)

RayMarron (657336) | more than 5 years ago | (#21840764)

Umm... since hashes are one-way, how is the recipient of the whois request to know which domain to look up for you? Brute force? Nice try, but back to the drawing board.

Re:MD5 lookup as defence (1)

Fred_A (10934) | more than 5 years ago | (#21841018)

Umm... since hashes are one-way, how is the recipient of the whois request to know which domain to look up for you? Brute force? Nice try, but back to the drawing board.
I don't know... a79f888f1c2dc50c6b354c0d816f5bf5.com has a nice ring to it...

Re:MD5 lookup as defence (2, Interesting)

Skapare (16644) | more than 5 years ago | (#21841114)

They have the list of the domain names. They only need to calculate a forward MD5 checksum on each domain, and build an index with the MD5 checksum as the key. As new domains are added, checksum them and add them.

Re:MD5 lookup as defence (1)

orclevegam (940336) | more than 5 years ago | (#21840774)

Uhm... except for that whole problem of hash collisions. Plus as was already pointed out it doesn't do you any good when it looks like it's the registrars themselves snooping you. Using hashes would also require the registrars to maintain a second registration DB of hashes which invariably will mean one of them will offer a hash -> domain mapping service and you're right back at square one (more or less, would have to be "hash" -> "list of possible domains" due to collisions).

Re:MD5 lookup as defence (2, Interesting)

liquidpele (663430) | more than 5 years ago | (#21840848)

Not a bad idea, but the whois DB would need to supply a random salt for you to use, since one could otherwise build a huge table of names and corresponding md5s (they exist online already). But even then, the registrar couldn't change the salt because they'd have to regenerate the md5 for every domain you might lookup (just doing it once is crazy, don't it multiple times is unrealistic).

A better option is just to encode the whois query using SSL, and have tools auto-reject the connection if the cert is invalid for any reason so no one can automate a man-in-the-middle attack.

Poison the NXD data? (1)

RandoX (828285) | more than 5 years ago | (#21840436)

Would it be possible to request so many nonexistant domains to make this unprofitable? Or would they just figure you're having a seizure at your keyboard and drop your IP from the logs?

Re:Poison the NXD data? (4, Insightful)

jandrese (485) | more than 5 years ago | (#21840496)

No, because they get to sit on the domain name for free for 30 days and then drop it if they want. Domain Name registration is an amazingly shady part of the internet for being such an important piece. I have long suspected that the registrars (especially the no-name ones) and the domain squatters are one in the same.

Re:Poison the NXD data? (1)

starman97 (29863) | more than 5 years ago | (#21840780)

Publish the names you've looked up so that other people can run a script to hit them.
After a few hits, the squatter will register the domain. This costs $$
it cost you nothing to do a whois and run an automated script to hit random
URLs from a list. Once a domain is registered, it can be dropped from the list
and never pinged again.

Re:Poison the NXD data? (1)

John Hasler (414242) | more than 5 years ago | (#21841108)

> Once a domain is registered, it can be dropped from the list and never pinged again.

They have a five day grace period. If the domain doesn't get enough hits before the end of the grace period they can and will cancel the registration and pay nothing. You want to ping the hell out of the site for the first five days it is registered and then never hit it again.

Re:Poison the NXD data? (1, Insightful)

Anonymous Coward | more than 5 years ago | (#21840528)

Would it be possible to request so many nonexistant domains to make this unprofitable? Or would they just figure you're having a seizure at your keyboard and drop your IP from the logs?

Don't do a whole lot of searches very rapidly. Set the timing up to use random, sporadic, infrequent intervals. Make a program to share with the whole world so that everyone can install it and run it in the background such that it will only use idle, spare cpu cycles and bandwidth. If tens of thousands of people would run it, the result would be like death by a bazillion tiny little paper cuts, all coming in from all directions, to these "domain taster-squatters". After all, don't they actually end up having to eventually pay for all the domains they've squatted upon?

Re:Poison the NXD data? (2, Insightful)

orclevegam (940336) | more than 5 years ago | (#21840942)

After all, don't they actually end up having to eventually pay for all the domains they've squatted upon?
In a word, no. Also, I don't think setting up a low level DDoS on the registrars is really the direction we want to move in.

Re:Poison the NXD data? (1)

houstonbofh (602064) | more than 5 years ago | (#21841078)

Would it be possible to request so many nonexistant domains to make this unprofitable? Or would they just figure you're having a seizure at your keyboard and drop your IP from the logs?

Run the search slow via tor so it comes from many IP addresses. Also, do some bulk "tasting" of your own. If enough of us do that, it could become unprofitable for the registrars...

I'm off to write a script (1)

Progman3K (515744) | more than 5 years ago | (#21840440)

that will query random domain names.

Millions of them. Have fun squatters!

Re:I'm off to write a script (1)

jacquesm (154384) | more than 5 years ago | (#21840624)

I hope you are joking, please don't do this, abusing the whois system is an excellent way to get yourself blacklisted in inconvenient places. Piss off enough people and you will be in the shithouse for years to come.

Re:I'm off to write a script (1)

0100010001010011 (652467) | more than 5 years ago | (#21840878)

Anyone know what Storm costs for an hour of use?

I'd actually consider this a 'good' use for a bot net. Let every single one randomly generate a string. Base it off of gpw so that they look like actual words. I'd like to see if their scripts can keep up. Maybe it'll show that something is actually broken in the system.

Re:I'm off to write a script (2, Insightful)

jacquesm (154384) | more than 5 years ago | (#21840944)

Let me get this clear, you think that destroying a fairly vital part of the internet infrastructure by a ddos is a good use of a bot net ?

Re:I'm off to write a script (0)

Anonymous Coward | more than 5 years ago | (#21841014)

Domain squatters are an important part of the internet? Don't say that Whois will be affected, they have the bandwidth necessary to survive a DDoS. The idea is to get the squatters to register useless domains, so much that it loses it's profitability.

Re:I'm off to write a script (1)

Fred_A (10934) | more than 5 years ago | (#21841052)

Let me get this clear, you think that destroying a fairly vital part of the internet infrastructure by a ddos is a good use of a bot net ?
If it's what it takes to get the ICANN to acknowledge that that vital part is severely broken, I think there's some merit to the idea. I doubt anything else will motivate anyone to fix this mess.

Re:I'm off to write a script (1)

lexallen (1209410) | more than 5 years ago | (#21840756)

Share the script please

https://www.easywhois.com/ (4, Informative)

Simon Carr (1788) | more than 5 years ago | (#21840464)

I'm more than just not surprised by this, I've known it without proof for years. Doing queries for total junk domains, and then three or four days later finding out that those domains had been registered? Too weird. And that was years ago.


One of the problems stem from the fact that any whois query can be sniffed (or SNORTed) if it passes over the wrong network hop anyway, so there isn't much you can do unless you're ready on the trigger to register the domain almost immediately. One thing you CAN do if you're going to do web queries (because not everybody has a whois command line installed) is query via;


https://www.easywhois.com/ [easywhois.com]


Note httpS. I can certify that Mark J doesn't do domain tasting [privateworld.com] , that's not the business EasyDNS is in [www.cnw.ca] . So if you do do a query via EasyWhois it's not going to get snagged after 24 hours (at least not from our end).


[ Disclaimer: Yeah I work for EasyDNS :) ]

Re:https://www.easywhois.com/ (2, Insightful)

Anonymous Coward | more than 5 years ago | (#21840660)

Having the connection between your browser and the registrar encrypted is irrelevent, as the whois query the registrar sends out will be unaffected.

Re:https://www.easywhois.com/ (1)

Simon Carr (1788) | more than 5 years ago | (#21840760)

As noted, yep. But at least you can cut down on the variables if you're using a more reputable web front-end. Mark has gone on the record to make whois search privacy an issue.

Re:https://www.easywhois.com/ (1)

Score Whore (32328) | more than 5 years ago | (#21841080)

One of the problems stem from the fact that any whois query can be sniffed (or SNORTed) if it passes over the wrong network hop anyway, so there isn't much you can do unless you're ready on the trigger to register the domain almost immediately.


One problem with this idea is that most DNS registrars are not backbone tier-1 and tier-2 network providers and even those that are will not see that vast majority of traffic.

NUBS! (1)

DeeQ (1194763) | more than 5 years ago | (#21840500)

There is a opt out program so that your WHOIS isn't tracked.

Domain tasting is wrong and evil (4, Interesting)

rickb928 (945187) | more than 5 years ago | (#21840552)

Period.

Much of not most of the spam I'm deflecting nowadays seems to come from 'tasted' domains. Or just made up. I almost don't care about the difference.

The last time I read about this, more than a month ago, one snarky idea was to script a tool to randomly taste domains, constantly. If the registrars are forwarding the requests to squatters, they would go crazy with the surge in requests. The squatters would fritter away resources keeping up with these random searches, and eventually the WHOIS functionality of the registrars would have to change. And the script would change, and so on.

I think domain tasting ought to go away, or cost something. $2 for a 14 day taste would wreck the economics, maybe, certainly if random search scripts got going. My server could probably do 100,000 searches a day. I know it can send out 3-4 million spams a weekend, sadly.

Of course, the registrars could block my IP after a while. And blocks of IPs. So we need a Seti@Home-type script that hammers these things out, and let them block every dialup/dsl/cable/sat block. Hehe.

No, it's not devious enough.

Trial garbage (4, Insightful)

Dan East (318230) | more than 5 years ago | (#21840554)

Can anyone give one legitimate reason why anyone would need to "trial" a domain? Is that to see how it looks in the browser's address bar?

Wouldn't doing away with that stupidity make things a lot harder for these losers that park / squat domains?

Dan East

Yes.. (1)

msimm (580077) | more than 5 years ago | (#21840892)

But a lot of companies that have made enough money to grease a lot of palms would fight it with everything they had.

Common sense (3, Interesting)

huckamania (533052) | more than 5 years ago | (#21840590)

Packets are being sniffed as they traverse thru the tubes. Try this, do a google search for something made up. Try to get a page result of 0. Do this a few times and write down each time you get a 0 result. Come back in a few days and do a google search and you will probably find some custom pages. Is this google tasting?

I'm thinking that I'm not liking the direction this is going...

Sniffing, tasting, hmmm, what comes next, digesting? Excreting?

Re:Common sense (1)

Noexit (107629) | more than 5 years ago | (#21840986)

I think the "excreting" part is happening already.

The U.S. government believes that it can lie. (-1, Offtopic)

Futurepower(R) (558542) | more than 5 years ago | (#21840626)

Quote from the article: "I love when I see search engines like Google stick their neck out and tell the US Government that not even Uncle Sam can have access to user's search data."

When you read that some company told the U.S. government it could not have access, you should not believe that means the U.S. government did not get access. It could mean that access was allowed, but that the company was allowed to lie about it. It could mean that lower-level executives in the company were threatened with prison, arranged access, and were allowed to keep the access secret.

The U.S. government believes that it can get any information from any U.S. company at any time by threatening to put the executives of the company in prison. The U.S. government believes that it can keep that secret. The U.S. government believes that it can lie to the world and to U.S. citizens.

When there is widespread corruption, it is not wise to believe in limits to that corruption unless you have very good facts and reasons. The U.S. government has killed, or arranged the death of, or done things that resulted in the death of, an estimated 11,000,000 people since the end of the 2nd World War by invading or bombing 25 countries. All of that violence was for profit [krysstal.com] . For example, the purpose of occupying Iraq is to restrict the supply of oil and therefore drive up the price.

Re:The U.S. government believes that it can lie. (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#21840866)

"When there is widespread corruption, it is not wise to believe in limits to that corruption unless you have very good facts and reasons. The U.S. government has killed, or arranged the death of, or done things that resulted in the death of, an estimated 11,000,000 people since the end of the 2nd World War by invading or bombing 25 countries. All of that violence was for profit [krysstal.com]. For example, the purpose of occupying Iraq is to restrict the supply of oil and therefore drive up the price."

I still get a kick out of you moonbats.
Lets see..were your useful idiot marching orders "No War For Oil" not very long ago?
Oh..but now that 'that' mantra never came to pass (as well as 99% of your conspiracy theories), you have to change it up right?
So..lets get this straight.. Since the war didnt give us cheap oil as you moonbats were crying about, you now change it to 'driving up the cost of oil'.

Ya know... its really tough to keep up with you moonbats. If what you cry about doesnt happen, you just change up your accusations to fit the a possible trend.
You know..sorta like global warming. Well..now its called 'climate change' to cover the LACK of warming. Lets see, we have spats of record cold spells, this year was a record low for hurricanes, and more predictions are trending for cooler temperatures. Obviously this screws up your 'global warming' label. So, you change it up!

If it gets cold? Its 'climate change'..Blame Bush!
If it gets warm? Its 'climate change'..Blame Bush!
If there are no storms? Its 'climate change'..Blame Bush!
If there are storms? Its 'climate change'..Blame Bush!
Works out rather nice for you useful idiots.

I swear, the moonbattery really gets out of hand when it comes to your RELIGION of 'global warming'.

Ignorance and anger go together? (0)

Anonymous Coward | more than 5 years ago | (#21840904)

It is interesting that so many ignorant people are angry.

Google it first..? (5, Insightful)

garatheus (993376) | more than 5 years ago | (#21840638)

When thinking of potential domain names, I usually use the inurl: function in Google. I generally only use part of the name too - that way you're able to see all the potential variations of the domain name you're thinking of working with (and possibly giving you some inspiration too)...

Marklark, LLC is doing research domain harvesting (0)

Anonymous Coward | more than 5 years ago | (#21840662)

On May 1, 2006 I was researching a fairly obscure domain name. I used many tools, including several that created and checked various combinations of words. While I wish I could trace it back to a single search tool, there is no way of knowing which tool is the harvesting

Less than two days later my fairly obscure domain name was snapped up by Marklark, LLC and is now offered "for sale" for $1000. The domain is obscure enough that it is only of use to me so this sucks.

I hope we can screw these fuckers to the wall.

Registrant:
Marklark, LLC
P.O. Box 13309
San Luis Obispo, California 93406
United States

Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: ************ (Redacted)
Created on: 03-May-06
Expires on: 03-May-08
Last Updated on: 25-Apr-07

Administrative Contact:
Fleming, Mark domain.manager@smarty.biz
Marklark, LLC
P.O. Box 13309
San Luis Obispo, California 93406
United States
18058882789 Fax --

Technical Contact:
Fleming, Mark domain.manager@smarty.biz
Marklark, LLC
P.O. Box 13309
San Luis Obispo, California 93406
United States
18058882789 Fax --

Domain servers in listed order:
NS1.SEDOPARKING.COM
NS2.SEDOPARKING.COM

Re:Marklark, LLC is doing research domain harvesti (0)

Anonymous Coward | more than 5 years ago | (#21841006)

You could send him some faxes describing your feelings in a visual manner.

Looks like command line is safe (1)

Reality Master 101 (179095) | more than 5 years ago | (#21840676)

When I read this, I was a bit concerned there might be someway queries were being intercepted by command line tools, but that doesn't seem to be the case. I have a big list of open domain names that I was considering about 15 months ago, and doing a quick survey just now, there are quite a number that are still open. There were also a number of them that were now taken, but the dates on them didn't show any particular scary pattern. Just sometime in the last 15 months someone else thought of my rejects. :)

Some of the untaken ones are actually pretty short, decent names, so I'm pretty sure the command line is safe (for now).

Whats worse (1)

nobodymk2 (1137293) | more than 5 years ago | (#21840692)

Is when you've already visited the site, but for some obscure reason, even though they registered with a big-time registrar, another registar places it in their DNS, and, your browser connects to that one first, and -- bingo -- the site you've visited for the past 5 days is now replaced by some "Find what you're looking for, right now" site crawling with useless content, spyware, a search box, and advertisements that link to sites designed in the same fashion. (And it's not a "typo" when you have it bookmarked and the admin is a friend of yours and tells you to connect via the IP address).

That happened to me (1)

nakedbonzai (618338) | more than 5 years ago | (#21840716)

Instead of using /usr/bin/whois, I used some whois search engine for some stupid reason. A day later it was snatched up. Super annoying. I'm waiting for the company to lapse on renewing it so I can buy it back.

First domain name front running, now this (2, Informative)

smooth wombat (796938) | more than 5 years ago | (#21840746)

Apparently, this story goes along with this one [slashdot.org] .


I guess from now on one will have to register a name blind and see what happens.

Don't use whois at all. (1)

Lord Apathy (584315) | more than 5 years ago | (#21840762)

Don't use whois. Just open up a webbrowser and enter the doman you want. See what the browser returns. If possible use different dns servers or locations. Your search should look like normal web querys. Onces you are sure that you domain isn't registered go snarp up the fucker.

Omg don't do that! (4, Informative)

sakdoctor (1087155) | more than 5 years ago | (#21840956)

From the page linked from TFA:

"It is such a strong urge to type the domain name into the address bar and see what website comes up. Most users think perhaps there is already a company using the name and this will be a quick end to the question. Wrong! This is the most dangerous thing to do. Internet Service Providers (ISP) sell NXD (Non-eXistent Domain) data."

Backfire (1)

Joebert (946227) | more than 5 years ago | (#21840778)

Anyone up for flooding the Internet with whois requests so these automated processes register up a ton of crap domains & burn up all their funding ?

Fix? (1)

iminplaya (723125) | more than 5 years ago | (#21840838)

Stop using names, and start remembering IP addresses. This will be a nice challenge when IPv6 takes hold :-) But there ya go. Time to exercise those brains. 1 point 2 point 3 point 4... now the left hemisphere... and 5 point 6 point 7 point 8...C'mon girls, get that cortex up!

Network Solutions Whois seems safe (3, Insightful)

davidwr (791652) | more than 5 years ago | (#21840840)

I posted this [slashdot.org] over 18 hours ago. I checked it on Network Solutions's web-based Whois last night and again a few minutes ago. The domain is available.

By the way, the solution to the "tasting" problem is to either put a very low limit on the number of "free tastes" people or companies can have in a year.

Another way is to simply charge tem a pro-rated amount based on a minimum usage, say, 1/26 of the annual fee for 2 weeks.

Another way is to charge a non-refundable setup fee, say, 1/12 of the annual fee, which would be credited against the 12th month of service. Whatever this fee is, it should cover the actual costs of registering and de-registering a domain plus provide an optional small profit to the registrar.

Re:Network Solutions Whois seems safe (1)

rudy_wayne (414635) | more than 5 years ago | (#21840922)

No, the solution to the "tasting" problem is to eliminate it. There is absolutely no legitimate reason for "domain tasting". None.

Why would registrars allow you to repeatedly register thousands of domain names and then cancel them. For free. This doesn't generate one penny of profit for the registrars and it makes absolutely no sense ...... unless the registrars are in bed with the squatters/spammers.

.

Domains come up too fast (5, Insightful)

Animats (122034) | more than 5 years ago | (#21840868)

There's been some concern about this over at the Anti-Phishing Working Group. Much phishing seems to come from domains held for very short periods. But it turns out that's not "domain tasting". It's phishers buying domains with stolen credit card numbers, using retail domain registrars. After a few days, the credit card number is detected as stolen, the transaction is reversed by the bank, and the registrar deletes the domain.

This seems to be a separate problem from "domain tasting". But the "grace period" loophole that makes "domain tasting" possible also enables this scam. If registrars couldn't return domains to the TLD registry without paying, they'd have to raise their standards of customer validation.

Is it corruption? (1)

jandrese (485) | more than 5 years ago | (#21840874)

How far "up the chain" would someone have to be that would allow them to register domains "for free" for an extended period of time (6 months)? Is it possible these Domain Squatters can make a profit because of corruption somewhere, IE they pay only funny money for domain registration?

I don't rely on domain names nowdays (0, Troll)

JackMeyhoff (1070484) | more than 5 years ago | (#21840914)

I just enter my search into my firefox url bar and voala it comes up from google. Domain names are for pussies with more money than sense.

Is domain parking worth it? (2, Insightful)

bigredradio (631970) | more than 5 years ago | (#21840976)

Maybe someone can enlighten me here. If I look up a domain, then try to buy it and see if it is taken, I move on to some other variant of the name. Do people actually purchase from squatters? I guess it's the same as, do people buy products from email spam? It only takes a couple to make it profitable.

For those advising browser URL queries: (1)

HoaryCripple (187169) | more than 5 years ago | (#21841002)

Read the article. ISPs weill sell non-existent domain information for fun and profit. It is not safe to "just type in your query in the url bar of your browser."

better to go on the offensive (1)

SirLanse (625210) | more than 5 years ago | (#21841024)

Have an app that pings 1,000,000 combinations like the one you want.
It can run all night, and the tasters get a big mouthfull of NOTHING.
Run it for a couple weeks. See if they re-register some of them again and again.
A nickle a piece is cheap. But times a million will add up.
Maybe it could be set up like the SETI search so thousands of computers across
the web would work together to make tasting a bad investment.

Why is This So Hard to Verify? (5, Insightful)

Nom du Keyboard (633989) | more than 5 years ago | (#21841026)

Why is this so hard to verify. Use each registrar to test availability of domain xyzzyplugh99.com, changing the index number "99" for each test. Try back the next day and see which ones are sudden unavailable, then complain LOUDLY!

And you thought you were paranoid. (1)

www.sorehands.com (142825) | more than 5 years ago | (#21841116)

You thought you were just being paranoid when this happened. Other people told you were being paranoid.

Just remember, even if you are paranoid, they may still be out to get you too.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>