Subdomain Squatting
April 10, 2008 1:14 PM Subscribe
Wow, that's pure sleaze. I can't figure out from the article (and the Googles haven't lit up with the story yet) if this applies to domains where there's no rules for subdomains, or if they're actually grabbing up everything that isn't explicitly given a DNS rule--can I specify a rule for *.mydomain.com and be sure that foo.mydomain.com isn't going to redirect to a spammy landing page?
Both ways are pure evil, of course, but if they don't allow catch-alls, they're going to have a loooot of angry (ex) customers. Of course, anyone with a sense of outrage probably jumped ship six weeks ago, so maybe they're just banking on the fact that their entire remaining customer base just doesn't follow the news...
posted by Mayor West at 1:30 PM on April 10, 2008
Both ways are pure evil, of course, but if they don't allow catch-alls, they're going to have a loooot of angry (ex) customers. Of course, anyone with a sense of outrage probably jumped ship six weeks ago, so maybe they're just banking on the fact that their entire remaining customer base just doesn't follow the news...
posted by Mayor West at 1:30 PM on April 10, 2008
but if they don't allow catch-alls, they're going to have a loooot of angry (ex) customers. Of course, anyone with a sense of outrage probably jumped ship six weeks ago, so maybe they're just banking on the fact that their entire remaining customer base just doesn't follow the news...
I just found out that my current provider - Inmotion - doesn't allow catchalls. We had switched to them after a supremely negative experience with Network Solutions.
posted by dubold at 1:37 PM on April 10, 2008
I just found out that my current provider - Inmotion - doesn't allow catchalls. We had switched to them after a supremely negative experience with Network Solutions.
posted by dubold at 1:37 PM on April 10, 2008
Network Solutions have been sleazeballs for as long as I can remember. They were okay when they were the only game in town, but as soon as ICANN forced some competition among registrars, NetSol went straight for the gutter.
posted by hattifattener at 1:40 PM on April 10, 2008
posted by hattifattener at 1:40 PM on April 10, 2008
i registered my first domain in 1997, back when network solutions was the only game in town.
and that is my only regret so far. haven't given them any money since.
posted by quarter waters and a bag of chips at 1:51 PM on April 10, 2008
and that is my only regret so far. haven't given them any money since.
posted by quarter waters and a bag of chips at 1:51 PM on April 10, 2008
The whole nature of subdomain squatting might make it a little complicated to hit the mainstream media though, no?
posted by laconic titan at 1:55 PM on April 10, 2008
posted by laconic titan at 1:55 PM on April 10, 2008
> They were okay when they were the only game in town...
No, no they weren't.
Registering a domain name in 1996, when the dotcom boom was already under way, took a phonecall. They only accepted registrations by phone. My operator had run out of carbon paper. I ended up having to run whois on a previous site I'd registered and read the results back to her because it would otherwise have meant a one-day turnaround while she requested my account data in writing from another department.
They'd still be taking registrations by post and phone if they didn't have competitors with websites.
posted by ardgedee at 2:03 PM on April 10, 2008
No, no they weren't.
Registering a domain name in 1996, when the dotcom boom was already under way, took a phonecall. They only accepted registrations by phone. My operator had run out of carbon paper. I ended up having to run whois on a previous site I'd registered and read the results back to her because it would otherwise have meant a one-day turnaround while she requested my account data in writing from another department.
They'd still be taking registrations by post and phone if they didn't have competitors with websites.
posted by ardgedee at 2:03 PM on April 10, 2008
dubold, do they give a reason why they don't support catchalls?
I've always meant to move my sites off register.com...I wasn't even aware there'd be limitations to what I can do with my DNS.
posted by JaredSeth at 2:06 PM on April 10, 2008
I've always meant to move my sites off register.com...I wasn't even aware there'd be limitations to what I can do with my DNS.
posted by JaredSeth at 2:06 PM on April 10, 2008
ardgedee, same exact thing happened to me. God I hate those people, even 12 years later it still burns. They were awful-- and apparently still are. DNA is important!
posted by cell divide at 2:39 PM on April 10, 2008
posted by cell divide at 2:39 PM on April 10, 2008
Registering a domain name in 1996, when the dotcom boom was already under way, took a phonecall. They only accepted registrations by phone.
Huh? I was the "hostmaster" at a medium-sized Texas ISP from 1996-98 and 98% of my interaction with NetSol was via email (and those ASCII template forms everyone used back then).
I never had to call them on the phone unless there was a problem, and even then it was hard to get in touch with someone who could actually take care of the issue.
posted by mrbill at 2:42 PM on April 10, 2008
Huh? I was the "hostmaster" at a medium-sized Texas ISP from 1996-98 and 98% of my interaction with NetSol was via email (and those ASCII template forms everyone used back then).
I never had to call them on the phone unless there was a problem, and even then it was hard to get in touch with someone who could actually take care of the issue.
posted by mrbill at 2:42 PM on April 10, 2008
JaredSeth: I was told it was to cut down on spam. IANAsysadmin.
posted by dubold at 2:49 PM on April 10, 2008
posted by dubold at 2:49 PM on April 10, 2008
You're the IANA sysadmin?!
posted by East Manitoba Regional Junior Kabaddi Champion '94 at 2:57 PM on April 10, 2008 [5 favorites]
posted by East Manitoba Regional Junior Kabaddi Champion '94 at 2:57 PM on April 10, 2008 [5 favorites]
> ...from 1996-98 and 98% of my interaction with NetSol was via email (and those ASCII template forms everyone used back then)
The registration by phone was necessary to process the credit card, as I recall -- I didn't want to set up a billing account with NetSol.
While she was waiting for the papers to process my domain name we chatted about their office processes, and that's when I learned she was working in a call center that operated entirely through carbon paper, and domain name lookups had to be handled by interoffice mail.
posted by ardgedee at 3:09 PM on April 10, 2008
The registration by phone was necessary to process the credit card, as I recall -- I didn't want to set up a billing account with NetSol.
While she was waiting for the papers to process my domain name we chatted about their office processes, and that's when I learned she was working in a call center that operated entirely through carbon paper, and domain name lookups had to be handled by interoffice mail.
posted by ardgedee at 3:09 PM on April 10, 2008
You're the IANA sysadmin?!
stupid acronyms!
(I'm not a) sysyadmin.
posted by dubold at 3:40 PM on April 10, 2008
stupid acronyms!
(I'm not a) sysyadmin.
posted by dubold at 3:40 PM on April 10, 2008
How do things like this even happen? I mean, are there board meeting where someone in the shadows of some high-backed chair makes pronouncements like "Bring me more money!" and sycophantic yes men scramble around to come up with ideas:
"We could use the Internet to sell babies!", "No, too labor intensive"
"Or we could convince people that we are their bank and they need to transfer us all their money", "That's pretty good, let's table that for now"
"Ooh, I got it, we could use all those reputable sites out there as places to unwillingly sell our advertisement!", "But that would make us evil... Bwahahahh, run with that shit."
Fuckers.
posted by quin at 3:56 PM on April 10, 2008 [2 favorites]
"We could use the Internet to sell babies!", "No, too labor intensive"
"Or we could convince people that we are their bank and they need to transfer us all their money", "That's pretty good, let's table that for now"
"Ooh, I got it, we could use all those reputable sites out there as places to unwillingly sell our advertisement!", "But that would make us evil... Bwahahahh, run with that shit."
Fuckers.
posted by quin at 3:56 PM on April 10, 2008 [2 favorites]
Not that I have any remotely warm feelings towards Network Solutions, but isn't this not how DNS works? Like, they need to delegate the gotgame.com SLD to gotgame's ISP (via NS records), which should then be queried for the A or CNAME records which ultimately pull up the address of gotgame's web servers. The only way I can think of that they could technically carry out the wildcard hijinks described in the article would be if they were actually hosting gotgame's DNS record, as opposed to delegating them.
posted by whir at 5:04 PM on April 10, 2008
posted by whir at 5:04 PM on April 10, 2008
Not that I have any remotely warm feelings towards Network Solutions, but isn't this not how DNS works?
No way, man. DNS works via magic, nothing more than that.
posted by OverlappingElvis at 5:39 PM on April 10, 2008
No way, man. DNS works via magic, nothing more than that.
posted by OverlappingElvis at 5:39 PM on April 10, 2008
> Like, they need to delegate the gotgame.com SLD to gotgame's ISP (via NS records)
They also control that part in this case.
There are two services involved in serving DNS: the registration of domain names, and the provision of a server to answer lookups for that name with NS records. Your name server can be provided by your hosting provider, or by your domain's registrar, or by someone else completely.
NetSol's main business is the registration part, but they also offer DNS servers to their customers, because running one's own can be a bit of a pain. It is this part of their service that is being affected here, not the registration end which is where they've previously acted in poor faith. If you only registered your name with NetSol, but aren't letting them run your DNS servers, you're safe.
Looks like they've reacted to being caught red-handed, as they seem to have taken down the advert pages at the moment. Currently, unwanted wildcard subdomains are pointing to an NSI 'under construction' page. Which is still not good, obviously.
posted by BobInce at 6:27 PM on April 10, 2008
They also control that part in this case.
There are two services involved in serving DNS: the registration of domain names, and the provision of a server to answer lookups for that name with NS records. Your name server can be provided by your hosting provider, or by your domain's registrar, or by someone else completely.
NetSol's main business is the registration part, but they also offer DNS servers to their customers, because running one's own can be a bit of a pain. It is this part of their service that is being affected here, not the registration end which is where they've previously acted in poor faith. If you only registered your name with NetSol, but aren't letting them run your DNS servers, you're safe.
Looks like they've reacted to being caught red-handed, as they seem to have taken down the advert pages at the moment. Currently, unwanted wildcard subdomains are pointing to an NSI 'under construction' page. Which is still not good, obviously.
posted by BobInce at 6:27 PM on April 10, 2008
Holy shitburgers. Of all the scum-flavored, scum-filled, scum-coated things I've seen a big business do online, this is the scummiest.
posted by beaucoupkevin at 6:54 PM on April 10, 2008
posted by beaucoupkevin at 6:54 PM on April 10, 2008
I really, really loathe Network Solutions. But. A client of mine has all his domains registered with them, and I just tried a number of different unassigned subdomains. As per nominal behavior, none resolved.
The idea that they do this more or less manuallyfor to certain of their highest-traffic customers makes more sense in terms of venality, but also seems more likely to be exposed. I consider NetSol venal indeed, but not that dumb.
So, I'm willing to believe this is all a result of some misconfigured DNS somewhere.
Not that I have any remotely warm feelings towards Network Solutions, but isn't this not how DNS works?
Yeah, exactly. My client controls his own DNS servers, too. It doesn't make a lot of sense, at least with the available anecdotal information.
posted by dhartung at 12:19 AM on April 11, 2008
The idea that they do this more or less manually
So, I'm willing to believe this is all a result of some misconfigured DNS somewhere.
Not that I have any remotely warm feelings towards Network Solutions, but isn't this not how DNS works?
Yeah, exactly. My client controls his own DNS servers, too. It doesn't make a lot of sense, at least with the available anecdotal information.
posted by dhartung at 12:19 AM on April 11, 2008
I don't see how this is much different than ISPs redirecting invalid DNS requests to search sites via DNS. Comcast, Time Warner etc. do this already. Even OpenDNS.org (geek blog darlings that they are) forward bad requests to a branded Google search. I'd need to see some proof of the damage on Google before I'd start throwing around terms like "hijacking." Wildcard subdomains are not the same as "subdomain growth" as mentioned in the article. I can't see where this practice is connected to his site being "banned from Google."
The Google algorithm relies on links. Spiders don't travel by coming up with random URLs and trying to navigate to them. One can't link to a "wildcard" subdomain. Therefore, the whole idea that this will somehow inherently poison Google results is incorrect, AFAICT.
Although I suppose it would be possible for, say, a competitor to link to non-existent subdomains in order to "seed" a spam link. The practice may lend itself to abuse, but it's hardly "endangering people's livelihoods." IMO this is a shrill "let's everybody hate on Network Solutions" post that hardly deserves the attention it's getting.
ps microsoft sucks. ;)
posted by greensweater at 8:03 AM on April 11, 2008 [1 favorite]
The Google algorithm relies on links. Spiders don't travel by coming up with random URLs and trying to navigate to them. One can't link to a "wildcard" subdomain. Therefore, the whole idea that this will somehow inherently poison Google results is incorrect, AFAICT.
Although I suppose it would be possible for, say, a competitor to link to non-existent subdomains in order to "seed" a spam link. The practice may lend itself to abuse, but it's hardly "endangering people's livelihoods." IMO this is a shrill "let's everybody hate on Network Solutions" post that hardly deserves the attention it's getting.
ps microsoft sucks. ;)
posted by greensweater at 8:03 AM on April 11, 2008 [1 favorite]
Can anyone point to a live example of this phenomenon? app.gotgame.com just gives me a 404 message.
posted by Eater at 8:59 AM on April 11, 2008
posted by Eater at 8:59 AM on April 11, 2008
Well, for what it's worth gotgame.com is using NetSol as their web-hosting ISP as well (why anyone would want to do this, I can't imagine).
This makes me more inclined to think that this is some kind of misconfiguration on the gotgame.com side of things.
Eater, the fact that app.gotgame.com (or xyzzy.gotgame.com, etc) resolves to a page at all is evidence of the wildcard record; if it wasn't present then the various subdomains would give you a dns failure rather than a 404 page.
posted by whir at 10:45 AM on April 11, 2008
% dig @ns97.worldnic.com. gotgame.com any [...] ;; ANSWER SECTION: gotgame.com. 7200 IN NS ns98.worldnic.com. gotgame.com. 7200 IN SOA NS97.WORLDNIC.COM. namehost.WORLDNIC.COM. 0 10800 3600 604800 3600 gotgame.com. 7200 IN NS ns97.worldnic.com. gotgame.com. 7200 IN A 205.178.145.65 gotgame.com. 7200 IN MX 10 inbound.gotgame.com.netsolmail.net.
This makes me more inclined to think that this is some kind of misconfiguration on the gotgame.com side of things.
Eater, the fact that app.gotgame.com (or xyzzy.gotgame.com, etc) resolves to a page at all is evidence of the wildcard record; if it wasn't present then the various subdomains would give you a dns failure rather than a 404 page.
posted by whir at 10:45 AM on April 11, 2008
ardgedee, mrbill: By "okay", I meant "just okay", that is, kinda sucky but not surprisingly so. Like mrbill, my early interactions with them were using those ascii email forms. I was all excited one year when they offered to let people use PGP authentication for changes rather than super-insecure passwords-in-cleartext-email authentication: was this a sign of emerging clue? But no, although I told them not to accept changes not signed by my PGP key, they continued to accept passworded changes, and soon forgot about the PGP thing. Sigh.
posted by hattifattener at 10:51 AM on April 11, 2008
posted by hattifattener at 10:51 AM on April 11, 2008
the fact that app.gotgame.com (or xyzzy.gotgame.com, etc) resolves to a page at all is evidence of the wildcard record; if it wasn't present then the various subdomains would give you a dns failure rather than a 404 page.Sure, but that innocuous wildcarding could be done by the owner of the domain. I'm curious to see the NetSol advertising that was mentioned in the post.
posted by Eater at 12:25 PM on April 11, 2008
Hi guys, couple of quick clarifications about my post... this in fact does only affect sites that are also hosted with Network Solutions as well as having them as their registrar. I also cannot see doing that... but then again, I can't see any good reason to use them as your registrar in the first place, either.
The Google algorithm relies on links. Spiders don't travel by coming up with random URLs and trying to navigate to them. - greensweater
Please read this post on the Google Webmaster Blog:
Crawling through HTML forms
And this on on Matt Cutts' blog, the Google engineer in charge of the Webspam team:
Solved: another common site review problem
So, it's not just links, although you are right, something needs to point them there, somehow... but webmasters typo all the time when writing code. In this instance simply leaving off one of the w's in the www, or adding one in, will trigger this. Then toss in that G might decide to guess at the input of the search box on one of those pages, and you're off and running. Plus you are also right in that it is one way that someone could easily screw a competitor.
Can anyone point to a live example of this phenomenon? app.gotgame.com just gives me a 404 message. - Eater
Sure, but that innocuous wildcarding could be done by the owner of the domain. I'm curious to see the NetSol advertising that was mentioned in the post. - Eater
Here you go guys... a fully developed website, by a company that provides staffing services to legal offices:
http://www.qpqlegal.com/
Who are unknowingly hosting pages like this:
QPLegal's evil twin brother
posted by mvandemar at 8:56 PM on April 12, 2008
The Google algorithm relies on links. Spiders don't travel by coming up with random URLs and trying to navigate to them. - greensweater
Please read this post on the Google Webmaster Blog:
Crawling through HTML forms
And this on on Matt Cutts' blog, the Google engineer in charge of the Webspam team:
Solved: another common site review problem
So, it's not just links, although you are right, something needs to point them there, somehow... but webmasters typo all the time when writing code. In this instance simply leaving off one of the w's in the www, or adding one in, will trigger this. Then toss in that G might decide to guess at the input of the search box on one of those pages, and you're off and running. Plus you are also right in that it is one way that someone could easily screw a competitor.
Can anyone point to a live example of this phenomenon? app.gotgame.com just gives me a 404 message. - Eater
Sure, but that innocuous wildcarding could be done by the owner of the domain. I'm curious to see the NetSol advertising that was mentioned in the post. - Eater
Here you go guys... a fully developed website, by a company that provides staffing services to legal offices:
http://www.qpqlegal.com/
Who are unknowingly hosting pages like this:
QPLegal's evil twin brother
posted by mvandemar at 8:56 PM on April 12, 2008
Wow thanks for alerting me to this. It's amazing the things businesses do online.
posted by wsiebler at 6:10 PM on April 13, 2008
posted by wsiebler at 6:10 PM on April 13, 2008
« Older Virginia Tech Artifacts | Remember Me Newer »
This thread has been archived and is closed to new comments
"Not Just Thieves and Hijackers, Now Using Tactics That Can Get Your Site Banned From Google"
I thought they meant if you do did what netsol was doing, you'd be banned from google. But actually it looks like it means that what they are doing could actually get their own customers banned from google.
posted by delmoi at 1:19 PM on April 10, 2008