How the fuck does some random-ass company have the authority to just yank domains away instantly like this, without consent or confirmation? That's what I want to know.
Most corporations regularly search for such domains, and submit cease-and-desist. I received one related to an eBay-related domain, but in my case, I hadn't built a business around it so it was easy enough to just take the site offline.
Wow, I wonder if that is what happened to my company's domain a decade ago. We lost control of our domain due to social engineering at GoDaddy. It was really, really tense as we worked to get control back. We got lucky and we able to retrieve the domain later that day.
How did they take it down the domain last time? Was it by picking on the registrar?
In my country they so this by asking all the ISPs to block the domain from their DNS servers. This works for 90% of the population, but all you have to do is just change the DNS server to something other than what the ISP gives you and you’re good to go.
Also, I just don’t get how current approach is any better. As far as I understand, there’s still a single point of failure, i.e. the site you get your “personal” domain from.
This is interesting, if only because the domain registrar hasn't dropped the domain or site, but outright disabled it so the site owners can't access it. Wonder what kind of legal threat they could have received that caused the domain registrar to do that?
Those issues are in theory handled by taking down the people who commits it, and in practice by taking down the domain names, since those normally has been registered using false credentials. One can hope/assume that this system will automatically revoke domains that expire or get removed.
I am writing this here on HN, because at the moment you cannot access our blog. Our domain name was shut down this morning, and I'm trying to get it back. Here's what happened...
Our company provides tools to help people put together pages for their businesses. Our free tool has been used to create over million page tabs on Facebook. Unfortunately but predictably, sometimes bad people use our app. Like spammers.
Overnight, our domain was blacklisted by Spamhaus because one of our pages contained spam. (Anybody want a free iPad?)
We run our infrastructure on Heroku, and use Bluehost for domain names. Well, as soon as Bluehost recieved notice from Spamhaus, they shut off the DNS for our domain. All million plus pages, gone in the blink of a DNS propagation.
Thankfully we were able to switch over to [appname].heroku.com for now and most of the pages are back, but we have paying customers who are in the dark because they rely on our custom domain name.
Our product, that over a million people rely on, suddenly ceased to exist. No advance notice. Nothing we could have done to stop it. Because of ONE bad apple.
This kind of thing will happen in SOPA world, if we let ourselves get there. But instead of being able to call my registrar and yell at them, I would have had to call the government, and oh-by-the-way they might fine or imprison me for having hosted spam.
Let me end with a practical, really-important-to-me-right-now question: is there any possible way to not get randomly nuked by Spamhaus?
That’s terrifying. By far the worst part of this. If they ban somebody for TOS violations that is fair, but preventing people from transferring out their domain and setting it to pendingdelete is really insidious. What they are doing is akin to stealing anyone domain name permanently with no recourse. This may be grounds for a lawsuit.
>with the authority and means to shut down domains for exactly this
How do you get that authority to do that? What does "shut down" entail? Does that mean you can unregister or hijack domains? I'd like to know more about this, as well as the accountability process and where I can report abusive behavior that will actually get addressed.
Or their domain registrar drops them. And their hosting company. And their ISP doesn't allow them to self host. And then they're effectively blackballed from the internet.
So the example they give here is onsmash.com. What's interesting is the domain still resolves to an IP in what looks like a CaroNet colo in North Carolina.
How are they taking over these domains I wonder? Or are they forcing the sites to host the take down notice on their own hardware?
I had a personal website where the URL was literally my full legal name. The domain would be of no interest to anyone other than me. I let it lapse around 2019 because I didn't want to pay for renewal, and figured I'd be fine leaving the site offline.
Immediately upon letting it lapse it's bought by someone who I believe lives in Russia. They took my website, rehosted an old version found on archive.org, and then put advertisements on the site. It was not rehosted well, half of the links were broken. I wouldn't be surprised if he tried to embed malware on there too.
I emailed the hosting company (DigitalFyre) with a DMCA request to get it taken down. Their support assured me they'd take it down but they never did.
After a year of it being up the domain expired and I bought it back just to prevent someone else from doing the same. I figured it wouldn't be profitable for them so I made the decision to wait them out early on.
I'm thinking the entire process is automated, where they'll buy up expired domains, rehost archived versions, and hope for either the previous owner to purchase it back or for ad revenue to make it worthwhile.
reply