Slashdot Mirror

← Back to Stories (view on slashdot.org)

Domains May Disappear After Search

Posted by ryuzaki0 on from the risky-business-out-here dept.

Ponca City, We Love You writes "Daily Domainer has a story alleging that there may be a leak that allows domain tasters to intercept, analyze and register your domain ideas in minutes. 'Every time you do a whois search with any service, you run a risk of losing your domain,' says one industry insider. ICANN's Security and Stability Advisory Committee (SSAC ) has not been able to find hard evidence of Domain Name Front Running but they have issued an advisory (pdf) for people to come forward with hard evidence it is happening. Here is how domain name research theft crimes can occur and some tips to avoiding being a victim."

4 of 379 comments (clear)

  1. This has been happening a long time by jafiwam · · Score: 5, Interesting

    Though, not on the "in minutes" time scale.

    My buddy and I even made up names with random letters in a string of 15 or 20, then some porn words stuck on the end ".com".

    Sure enough, two days later some squatter had them.

    I think the leak is in the registrars themselves. Imagine the money someone could get from the squatters by simply setting up a script to automatically email these queries somewhere.

    "Never a more wretched den of scum and villany" describes the whole domain registration process pretty well I think.

  2. MD5 lookup as defence by zakeria · · Score: 5, Interesting

    perhaps whois should provide Md5 lookup for a domain instead so people cant snoop at the domain being queried.. so instead of for example whois: somedomain.tld its whois: a79f888f1c2dc50c6b354c0d816f5bf5 simple and effective.

  3. Re:never use the web for such queries by Anonymous Coward · · Score: 5, Interesting

    I am positive this happened to me, and I only used the whois command from the OpenBSD command line to look the domain up. It was not a domain name that I can imagine anyone else wanting, but it was fairly short. Two days later (after checking with my client) I went to register it and it had been taken. I became immediately suspicious. Three days after that, I see this story...

    Would it help anyone to know who took the domain? I can't seem to get to the article yet.

  4. Re:never use the web for such queries by ardent99 · · Score: 5, Interesting

    According to one of the articles linked, the command line is actually a worse alternative. NSLookup requests go through your ISP's domain name server, which logs the NXD (Non-eXistent Domain) responses. Many ISPs augment their revenue by selling this information.

    Doing a whois request at a reliable registrar's web-site doesn't go through your ISP's DNS. The larger registrars are probably more trustworthy than your run-of-the-mill ISP. For example, I believe GoDaddy and Network Solutions have stated that they would never provide such information to third parties.