Slashdot Mirror

← Back to Stories (view on slashdot.org)

Domains May Disappear After Search

Posted by ryuzaki0 on from the risky-business-out-here dept.

Ponca City, We Love You writes "Daily Domainer has a story alleging that there may be a leak that allows domain tasters to intercept, analyze and register your domain ideas in minutes. 'Every time you do a whois search with any service, you run a risk of losing your domain,' says one industry insider. ICANN's Security and Stability Advisory Committee (SSAC ) has not been able to find hard evidence of Domain Name Front Running but they have issued an advisory (pdf) for people to come forward with hard evidence it is happening. Here is how domain name research theft crimes can occur and some tips to avoiding being a victim."

14 of 379 comments (clear)

  1. This has been happening a long time by jafiwam · · Score: 5, Interesting

    Though, not on the "in minutes" time scale.

    My buddy and I even made up names with random letters in a string of 15 or 20, then some porn words stuck on the end ".com".

    Sure enough, two days later some squatter had them.

    I think the leak is in the registrars themselves. Imagine the money someone could get from the squatters by simply setting up a script to automatically email these queries somewhere.

    "Never a more wretched den of scum and villany" describes the whole domain registration process pretty well I think.

    1. Re:This has been happening a long time by TheCarp · · Score: 5, Funny

      Oh yah...alternately....

      if one of these guys was found in his home, dead, his lifeless body hanging by a rope attached to his testicles, blood completely drained, and the word "SQUATTER" carved into his flesh (with forensics reporting it was carved in before he died).... well that would make the news.

      If it then happened to one more of these guys every week... we might see a decrease in this buisness model.

      Not encouraging anyone...just... planting seeds.... maybe some will take root....

      --
      "I opened my eyes, and everything went dark again"
  2. Theft? Crimes? by mi · · Score: 5, Insightful

    Here is how domain name research theft crimes [emphasis mine -mi] can occur

    Theft? Crimes? Does Slashdot now think, an idea can be "property" and/or "stolen"?

    --
    In Soviet Washington the swamp drains you.
  3. Re:never use the web for such queries by Pyrion · · Score: 5, Informative
    SysInternals (now Microsoft) has a whois CLI tool for Windows as well.

    http://technet.microsoft.com/en-us/sysinternals/bb897435.aspx

    --
    "There is much pleasure to be gained from useless knowledge." - Bertrand Russell.
  4. MD5 lookup as defence by zakeria · · Score: 5, Interesting

    perhaps whois should provide Md5 lookup for a domain instead so people cant snoop at the domain being queried.. so instead of for example whois: somedomain.tld its whois: a79f888f1c2dc50c6b354c0d816f5bf5 simple and effective.

  5. Re:nope, they dont pay by gmack · · Score: 5, Insightful

    Actually most of bigger squatting operations don't pay a dime on a per name basis. They hold the name for 30 days, then release it at no cost.

    They don't need to release it. They just get another shell company to snap it up.

    Domain tasting is causing nothing but headaches for the internet at large and they need to abolish it.

  6. Re:never use the web for such queries by Anonymous Coward · · Score: 5, Interesting

    I am positive this happened to me, and I only used the whois command from the OpenBSD command line to look the domain up. It was not a domain name that I can imagine anyone else wanting, but it was fairly short. Two days later (after checking with my client) I went to register it and it had been taken. I became immediately suspicious. Three days after that, I see this story...

    Would it help anyone to know who took the domain? I can't seem to get to the article yet.

  7. Re:"domain tasting" by B3ryllium · · Score: 5, Funny

    "Don't register me, Bro!"

  8. Google it first..? by garatheus · · Score: 5, Insightful

    When thinking of potential domain names, I usually use the inurl: function in Google. I generally only use part of the name too - that way you're able to see all the potential variations of the domain name you're thinking of working with (and possibly giving you some inspiration too)...

  9. Domains come up too fast by Animats · · Score: 5, Insightful

    There's been some concern about this over at the Anti-Phishing Working Group. Much phishing seems to come from domains held for very short periods. But it turns out that's not "domain tasting". It's phishers buying domains with stolen credit card numbers, using retail domain registrars. After a few days, the credit card number is detected as stolen, the transaction is reversed by the bank, and the registrar deletes the domain.

    This seems to be a separate problem from "domain tasting". But the "grace period" loophole that makes "domain tasting" possible also enables this scam. If registrars couldn't return domains to the TLD registry without paying, they'd have to raise their standards of customer validation.

  10. Re:nope, they dont pay by Some_Llama · · Score: 5, Funny

    actually it's not a dupe, i went to submit this article but then checked two days later this was posted by someone else. I think i got article tasted :(

  11. Why is This So Hard to Verify? by Nom+du+Keyboard · · Score: 5, Insightful

    Why is this so hard to verify. Use each registrar to test availability of domain xyzzyplugh99.com, changing the index number "99" for each test. Try back the next day and see which ones are sudden unavailable, then complain LOUDLY!

    --
    "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
  12. Re:never use the web for such queries by ardent99 · · Score: 5, Interesting

    According to one of the articles linked, the command line is actually a worse alternative. NSLookup requests go through your ISP's domain name server, which logs the NXD (Non-eXistent Domain) responses. Many ISPs augment their revenue by selling this information.

    Doing a whois request at a reliable registrar's web-site doesn't go through your ISP's DNS. The larger registrars are probably more trustworthy than your run-of-the-mill ISP. For example, I believe GoDaddy and Network Solutions have stated that they would never provide such information to third parties.

  13. Re:"domain tasting" by kalirion · · Score: 5, Funny

    Come on, it should at least be "Don't taste me, Bro!"