GoDaddy Yanks Seclists

international | consumer issues | news report Thursday February 08, 2007 14:52 by R. Isible

NAZI Porn Domain Registrars Lend A Hand

The domain name registrar GoDaddy distinguished itself in Ireland when it unceremoniously stopped directing traffic to the website of RateYourSolicitor without apparently providing their paying customer time to resolve the situation. In another controversial case GoDaddy has repeated this failure to notify their client, in this case an important network security site.

A popular and useful resource for security professionals (on both sides of the white-hat/black-hat divide) is seclists.org [1]. It is primarily a vulnerability and exploit discussion mailing list centered around the essential network security tool nmap.

The original author of nmap and head-honcho behind seclists.org is a hacker [2] known as "Fyodor", a well-respected and responsible researcher in network security circles for many years and primary author of nmap [2a].

Subscribers to the mailing-lists noted that there were problems accessing the mail archives, and were incredulous to read Fyodor's account [3] of what had happened: with very little warning the registrar [4] had effectively shut down the site. This action was taken ,according to Fyodor, very summarily. Even more appalling is the high-handed manner in which GoDaddy refused to deal promptly with the situation when contacted by Fyodor.

There are differences from the RateYourSolicitor case (previously reported here [5] on indymedia.ie) in that Fyodor had not submitted bogus details for his contact information, and that the type of information posted in Fyodor's case was to do with security vulnerabilities and not alleged slander. Specifically, some security researchers believe in the idea of "full disclosure" [6] which usually means that if a problem is discovered then it should be published so that everyone is aware of it. There are a spectrum of interpretations on how long the discoverer should wait to publish after informing those that could be affected negatively by the disclosure. The contentious item on the seclist site was a list of username/password combinations that someone had obtained from the social-networking/blogging site Myspace. This is not the first time that such a list has been published as there are a lot of incautious people using Myspace. Apparently after receiving a complaint from Myspace, GoDaddy without forewarning or discussion effectively shut down seclists.org [6].

Bizarrely, there is no security advantage in removing the archived post: the information was obtained by people that probably have already passed it on to others that trade in such things. In fact the file is still available if you know where to look. Also, Fyodor has complied with reasonable requests to remove material in the past and would have done so if he had been contacted by MySpace. A suspicion remains that what is happening is that MySpace is attempting to pretend that no problem exists and is trying to cover up a vulnerability (this is the second leak (56,000 user/pass) and the previous was 34,000), thus leaving their customers in the dark.

The similiarity in the two cases clearly lies in the fact that GoDaddy are willing to favour those that complain about sites as opposed to those that are actually their paying customers. It can be pointed out that this is completely in accord with the contract that the customers entered into (GoDaddy's TOS and AUP are ridiculous) and so the only alternative is to find a registrar with a more acceptable history and contract. GoDaddy has already ruffled the feathers of GNU/Linux supporters by allowing Microsoft to claim [7] a large migration from GNU/Linux servers to Microsoft based servers, and the CEO Bob Parsons is an advocate of torture of prisoners [8], added to which many people have poor experiences [9] with their budget services. So, to some extent Fyodor and others got what they paid for: a service run by someone that is an unethical admirer of brute force.

But it is hard to find a domain registrar that will not offer AUP/TOS similar to GoDaddy. One of the best is Gandi.net [9a], and free-speech diehards "nearlyfreespeech.net" [9b] have a history of providing services to organisations and individuals with fairly disgusting [9c] opinions.

Fyodor has set up a website [10] NoDaddy which aims to collate all of these negative customer experiences into a single place in order to provide a warning to other consumers that they should probably search out a company with a more attractive corporate ethos.

1. http://seclists.org/

2. http://www.stallman.org/articles/on-hacking.html

2a. http://www.securityfocus.com/columnists/384

3. http://seclists.org/nmap-hackers/2007/0000.html

4. A registrar is a company that for a fee publishes electronic records that directs computers to a particular IP address (e.g. 123.456.789.012) when the more human readable FQDN is entered into for example a web browser (e.g. http://www.nakedpds.com )

5. http://www.indymedia.ie/article/78436

6. I say effectively as it should still have been possible to use the IP to access the site archives

7. On further reading it seems that GoDaddy probably still rely heavily on GNU/Linux but that they may have colluded with allowing Microsoft to convey the impression that the migration was large in order to falsely impute that IIS is a widely deployed platform
http://business.newsforge.com/article.pl?sid=06/04/20/1...id=37

8. The original URL for Bob Parson's post in his blog (in which he delivers homilies to the faithful devotees of success) has been redacted from his blog and Mr.Parsons backed down fairly quickly when a large number of customers told him they would never do business with him again:
http://www.bobparsons.com/CloseGitmoNowayThinkourinterr....html
If anyone has an archived copy of this or can find one I'd be grateful if they could repost it in full here as a comment. There's much discussion if it at the time, one of which quotes extensive sections:
http://mccarthy.vg/articles/05/06/21/1238206.shtml
http://www.darrenbarefoot.com/archives/2005/06/godaddy-....html

9. http://error.wordpress.com/2006/01/01/godaddy-sucks/

9a. http://www.gandi.net/

9b. https://www.nearlyfreespeech.net/services/domains.php

9c. http://www.boingboing.net/2004/08/20/bugmenotcom_return....html

10. http://nodaddy.com/