Click to Save up to $300/yr on calls
January 25, 2007 5:20 PM PST
GoDaddy pulls security site after MySpace complaints
Last modified: January 25, 2007 5:52 PM PST
- Related Stories
-
Politicos mull data retention by Web hosts, registrars
September 26, 2006 -
JavaScript opens doors to browser-based attacks
July 28, 2006 -
ICANN needs to clamp down on domain name abuse
June 21, 2006 -
GoDaddy.com suffers outage
November 30, 2005 -
Nessus security tool closes its source
October 6, 2005 -
Go Daddy ad cut from second Bowl airing
February 8, 2005 -
VeriSign sues ICANN to restore Site Finder
February 26, 2004 -
Madonna.com embroiled in domain ownership spat
August 21, 2000
A popular computer security Web site was abruptly yanked offline this week by MySpace.com and GoDaddy, the world's largest domain name registrar, raising questions about free speech and Internet governance.
MySpace demanded that GoDaddy pull the plug on Seclists.org, which hosts some 250,000 pages of mailing list archives and other resources, because a list of thousands of MySpace usernames and passwords was archived on the site. GoDaddy claims its customers own about 18 million domains.
GoDaddy complied. In a move that Seclists.org owner Fyodor Vaskovich said happened with no prior notice, the company deleted his domain name--causing his site to be effectively unreachable for about seven hours on Wednesday until he found out what was happening and removed the password list.
"They didn't tell me why they removed the site," Vaskovich, creator of the popular Nmap security auditing utility, said in a phone interview. "At a very minimum, we should get warning."
Vaskovich said he spent "hours and hours" on the phone with GoDaddy on Wednesday before he finally got through to someone who was willing to listen. As a result of this experience, he said in an e-mail announcement, "I'm in the market for a new registrar. One who doesn't immediately bend over for any large corporation who asks."
For her part, GoDaddy general counsel Christine Jones defended the abrupt deletion, saying: "We tried to contact the registrant, but they were not available at the time. To protect the MySpace users from potentially having private information revealed, we removed the site."
Jones pointed out that GoDaddy's terms of service say the company "reserves the right to terminate your access to the services at any time, without notice, for any reason whatsoever."
Jones and Vaskovich, however, tell substantially different versions of exactly what happened. Jones characterized the episode as lasting only about an hour, saying her abuse department unsuccessfully "tried to contact" Vaskovich and "he actually contacted us about an hour" later after the removal occurred.
But Vaskovich provided CNET News.com with a log of correspondence from GoDaddy that corroborates his version of the story. It indicated that only 52 seconds elapsed from an initial voice mail notification to the time the domain was marked as "suspended." GoDaddy did not immediately respond to follow-up questions.
Vaskovich says MySpace did not contact him directly. MySpace declined to respond to repeated inquiries on Thursday.
Michael Froomkin, a law professor at the University of Miami who has written about domain name regulation, says this is the first time he's heard of a registrar abruptly taking a customer offline without a court order.
"Some people might feel safer with a registrar that's a little more pro-customer," Froomkin said.
Froomkin said this week's incident raises novel free speech questions--not legal ones, as long as GoDaddy's terms of service are broad enough. Rather, he said, the issue is "the quality of their review" of complaints received from firms like MySpace.
GoDaddy's Jones said that "we're not knee-jerk--we try to be responsible about verifying complaints." There's a broad spectrum of policies among domain name registrars, she acknowledged, with GoDaddy "probably the most aggressive."
But, Jones said, GoDaddy has a 24-hour abuse department that deletes domain names used for spam or child pornography on a daily basis. "We're not here to allow people to put illegal content on the Internet," she said. "We take this safety and the security of the Internet very seriously...We take our responsibility pretty seriously. We're the largest registrar in the world."
When asked if GoDaddy would remove the registration for a news site like CNET News.com, if a reader posted illegal information in a discussion forum and editors could not be immediately reached over a holiday, Jones replied: "I don't know...It's a case-by-case basis."
See more CNET content tagged:
GoDaddy,
registrar,
MySpace,
domain name,
mailing list
I have shut down several websites over time without people getting much notice at all - mostly for reasons of defrauding customers of money trying to pose as other companies or organizations.
But sometimes, ISPs / Hosts and namely registrars are unhelpful and some are even accused of being the malicious ones int he bunch. Bob Parsons and GoDaddy are some of the most upgright registrars there are - organizations around the globe "float" domains - and Mr. Parsons is against this in every way, as we all should be.
ICANN has no control. .TV does whatever they want - at least people should have rights regarding proper notification methods. Also, if only a page of a website or pages(s) of a website are the problem, only THEY should be removed, unless they are a majority of the website.
Publishers have rights as well as others, however, we must always remember that your security may have been at risk in this case.
http://stalkertrack.com/promotion.html
KieranMullen
KieranMullen
to delete customers' domains without a legal court order.
Did myspace get busted for spamming? Not as far as I have ever heard.
RackSpace was their host and they did take the server offline, but only long enough to find the server owner who admitted selling subdomains to the hacker (who admitted the attack). They put the site back on w/ a verbal promise that they no longer hack -- yeah, right -- and refused to give me the hacker's real name w/o a subpoena.
I think GoDaddy did the right thing in taking the site offline. In fact, I disagree with their eventual decision to restore it. There is no excuse/reason to publish a list of uid's/passwords and no responsible ISP should publish that. If something really wants the info online they can set up a personal webserver in their house and lead the FBI to their own door, rather than hiding behind an ISP.
IMO, you can't make this kind of business decision without talking to both parties or receiving a court order.
http://domainnamewire.com/2007/01/26/godaddy-faces-pr-nightmare-over-domain-suspension/
I mean, what else are you gonna do? Continue compromising the Internet's security so your client doesn't start whining and stomping his feet? Let's grow up here folks.
That said though, I would only validate this argument on things that are obviously accepted to be mass security threats. ISPs/Registrars should never be allowed to demote content because of conflicting social opinion, political opinion, etc. THAT would be just plain censorship then.
really good.
Now I need to find a registrar that won't shut me down at the
request of some large corporation that I might happen to offend.
Don't any companies worry about Customer Service any more?
--
chort
but those of use that manage anywhere from 10 to hundreds of
domains know how hard it is to get this done. So lets not try to
steer the issue because of those that think that GoDaddy was in
the wrong.
Think of it this way, do to our very Congress the WWW is a
freeway that is out of control. Although Congress would like to
think that the States could bear the burden of regulating
technology; that fact is that they [the States] can't effectively do
this and it has been proven time and time again.
Through a lack of Congressional involvement on the internet
Child Porn flourish's and identity theft increases from 1 in 8
adults affected last year to 1 in 6 this year.
I don't know about any of you but I do know that human nature
tells us that Federal Laws are serious and BIG FINES hit us in the
pockets were it counts the most. So until Congress decides to
get off there A*S*S's and decide to take the plunge and tackle
the serious issues of the net that they have been avoiding for
years now.
It's not GoDaddy's fault in this issue. GoDaddy was only
ensureing our safety and if you think that you need to go to
another Domain Name provider because of this then maybe you
too have something to hide that only a Federal Law will take care
of?
Think of this, a DeadLock for a year over the AT&T / Cingular
deal (Technology Based) and 2 weeks before the Cingular backed
iPhone debuts Congress gets off there ass's and does
something! Is that what it's going to take to ensure that my little
boy and little girl stay safe on the net. Am I going to have to go
to the HILL and offer all of you Congress People money to keep
my kids safe and people like my brother from stealing my
identity (He just go out and is still doing the same ****).
So don't blame GoDaddy for protected US digitally. Blame
Congress for NOT Protecting US digitally.
J Gund
Tech01
justingund@gmail.com
Just YESTERDAY, my gf noticed that her best friends little sister had images on her myspace page... This little sister is 16 years old.. and the pictures consisted of nudity of herself.
I am wondering if GoDaddy would have pulled the likes of myspace after only 52 seconds of no response to a voicemail over this?
Instead, my girlfriend IMMEDIATELY contacted her best friend (the girls older sister) and told her what she saw on her profile, which in turn the friend contacted the mother and the whole profile was forced to be deleted by the mom.
BUT, had she contacted myspace, it would have been days to just get a reply from their support... as it usually is... in fact, some things I have never received reply about from myspace... Had she contacted their registrar, she probably would have been referred back to contacting myspace..
But GoDaddy... I'd like to see what would have happened...
Also, I noticed i didn't see whether or not they stated the usernames and passwords were valid. Anyone can make a list all they want and call it what they want... Verification prolly would not have hurt as something to stand behind.
In the case I speak of with the images.. The content was removed very timely... and no one lost their domain name...
On a personal opinion, I have never liked godaddy... I work in IT and have dealt with them several times and it seems their information has 'preyed' upon customers who just don't know any better and listen to what godaddy tells them.
And as for MySpace... I hear Tom died... (that's a joke.. only a billion false bulletins on myspace going around about things like that)
will spin. I personally like GoDaddy and am very happy with their
quality of service, but hey, I'm not doing anything illegal...
- Overkill
-
by Kelson
January 26, 2007 9:57 AM PST
- Let's see... one page out of 250,000 on a site turns out to have content that could compromise security at another site. So MySpace contacts the registrar, and gets the *entire site* shut down?
-
Reply to this comment
-
-
See all 110 Comments >>That's like using a hand grenade to swat a fly.
The logical way to go about this is as follows:
1. Contact the site maintainer and convince them them to take the page down.
2. If that fails, contact the hosting provider, and convince them to take the page down.
Myspace should not have even contacted GoDaddy until they took the first two steps. And once GoDaddy was contacted, they should have done more investigation. Even if they still decided to suspend the registration, they should have warned him, or at the very least told him *why* it was being suspended (beyond the vague reference to TOS abuse) and how he could resolve it.
Disabling the entire site with (apparently) minimal investigation is overreaction, plain and simple. I think the quote at the end, where they refused to rule out taking down an entire news site to block access to one story -- or even one comment -- is telling.