NSI Registers Every Domain Checked

← Back to Stories (view on slashdot.org)

NSI Registers Every Domain Checked

Posted by ryuzaki0 on Tuesday January 8, 2008 @07:31AM from the that's-why-they-are-the-front-runner dept.

An anonymous reader writes "In a developing story, registrar Network Solutions has been caught front-running domain names. Any domain names searched via NSI's whois are being immediately purchased by the registrar, thereby preventing a registrant from purchasing the domain at any other registrar. There are multiple reports of this practice over at DomainState.com." Update: 01/09 01:58 GMT by KD : shashib writes to let us know that NSI has issued a response to the accusations of front running.

25 of 668 comments (clear)

Min score:

Reason:

Sort:

Any way to... by Jaysyn · 2008-01-08 07:33 · Score: 5, Interesting

...automate requests with a dictionary? Make them bankrupt themselves purchasing bogus domains?

--
There is a war going on for your mind.
1. Re:Any way to... by Anonymous Coward · 2008-01-08 07:46 · Score: 1, Interesting
  
  That's exactly what I thought when I read the summary.
  A daemon running 24/7 would be too suspicious and almost certainly would be tagged as DoS, so probably something like a Firefox extension that makes random searches at random intervals sending words from a dictionary and/or made of random chars would be better. The Trackmenot extension does a similar task fooling search engines that tag users according to the words they search; it could be modified to do a similar thing with NSI.
2. Re:Any way to... by mr_walrus · 2008-01-08 08:01 · Score: 3, Interesting
  
  which "you"? it would require thousands of people hitting the db at the same time.
  individually no-one would be capable of doing it.
  
  unless you are orchestrating/controlling a Botnet to do a DoS attack. ...but those who have control over botnets wouldnt be so mean as to direct
  their efforts at NSI would they? :)
  after all, they are already considered terrorists and have nothing to gain :)
  
  a plain DoS would cost them money in lost business.
3. Re:Any way to... by Anonymous Coward · 2008-01-08 09:13 · Score: 2, Interesting
  
  So... if they've registered a /. load of addresses today, and then a DDOS hits them, say.. on the 13th, so they cannot remove them, then they'd have to pay, right? That'd be bad. I hope nobody thinks of that.
4. Re:Any way to... by dpilot · 2008-01-08 09:13 · Score: 3, Interesting
  
  So if you're domain-shopping, the obvious method is to build a loop like this, and tack your real request somewhere at the back end.
  
  Then when they get wise to that, and start queuing requests, checking the first N and the last N, you need a back-end loop, as well.
  
  --
  The living have better things to do than to continue hating the dead.
5. Re:Any way to... by termix · 2008-01-08 09:20 · Score: 2, Interesting
  
  Not long... Domain Name: NETWORKSOLUTIONSWHORE.COM Registrar: NETWORK SOLUTIONS, LLC. Whois Server: whois.networksolutions.com Referral URL: http://www.networksolutions.com Name Server: NS1.RESERVEDDOMAINNAME.COM Name Server: NS2.RESERVEDDOMAINNAME.COM Status: ok Updated Date: 08-jan-2008 Creation Date: 08-jan-2008 Expiration Date: 08-jan-2009
6. Re:Any way to... by kvezach · 2008-01-08 09:29 · Score: 4, Interesting
  
  How about doing a whois on one of the AACS keys? DMCA-tastic!
7. Re:Any way to... by HappyHead · 2008-01-08 10:00 · Score: 2, Interesting
  
  In perl, you could do it in one line with a haiku poem.
  
  True, but it'd be more fun to do it as a limerick. Or as ascii art of the NSI logo.
8. Re:Any way to... by rk · 2008-01-08 12:15 · Score: 2, Interesting
  
  Yeah, you guys are thinking about this the wrong way. Instead of just costing them money, figure out how you can profit from it:
  
  whois CHAMP-MITCHELL-OWES-RK-FROM-SLASHDOT-TEN-BILLION-USD.COM
  
  Champ Mitchell is the CEO of Network Solutions, and according to this domain name which they registered, fair and square, apparently he owes me some money. I'll try to be magnanimous and settle for just one percent.
9. Re:Any way to... by ChadAmberg · 2008-01-08 12:21 · Score: 2, Interesting
  
  Hehheh... Actually, they own a few less domains as of today. I finished moving the remaining ones I own to another registrar.
  That is how you punish this sort of activity. Do they actually lose money by scooping up those checked for domain names? Maybe, I'm not so sure that's the case.
  But I do know that by moving domains from them they do lose hard $$.
10. Re:Any way to... by fatphil · 2008-01-08 23:10 · Score: 2, Interesting
  
  How about scripting such things? The following is all one line. Replace 'networksolutionssuckass' with whatever you want.
  
  wget --post-data='TLDs=.com&domainNames=networksolutionssuckass&method-submit=method-submit&Search=/domain-name-registration/domain-name-search-results.jsp&currentPage=/home.jsp;jsessionid=5e337df9d98b6ffffffffc065d3ac7937db7:+cjA?layoutIdIndex=1&formTargetPage=/domain-name-registration/index.jsp' http://www.networksolutions.com/domainSearch.do;jsessionid=5e337df9d98b6ffffffffc065d3ac7937db7:+cjA
  
  Let's hope for a class action lawsuit with punitive damages for every domain that they've squatted. That script could be a millionaire...
  
  --
  Also FatPhil on SoylentNews, id 863
11. Re:Any way to... by Z00L00K · 2008-01-09 06:07 · Score: 2, Interesting
  
  I would advocate for scripting in client-side javascript on your homepages. The script shall only do a few calls (at most 10) using some random names.
  This will cause a random distributed load and make it very hard to track if the requests are valid or not. Especially if a JavaScript timer is used to allow for a delay between each request, which will cause the request to look like it's an ordinary user doing it.
  
  --
  If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
DNS and Certificate services by Deadplant · 2008-01-08 07:43 · Score: 3, Interesting

The domain name registrars and the ssl certificate services are all run by crooks.
It is appalling that so much of our security infrastructure relies on this pack of thieves.

What should be we do to correct this problem?

Perhaps a consortium of the major Internet providers could start up a new DNS system.
I'm not talking about Comcast/verizon/aol, I'm talking about Level3, Cogent, Teleglobe etc..

thoughts?
Re:Use the /. effect to make them screw themselves by RobertB-DC · 2008-01-08 07:43 · Score: 5, Interesting

So, we can create a link that has a simple php script to have the user check a random domain through them. That way it isn't all coming from one IP Address...

Who needs a script when you have the power of Slashdot? /me goes off to join the crowd at the whois watering hole...

--
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
Don't use WHOIS by Antibozo · 2008-01-08 07:44 · Score: 5, Interesting

Whether it's NSI or some other registrar doing it, this has been a known issue for a long time. The solution is not to use WHOIS. Instead follow DNS from the root and see if it goes anywhere. E.g.:
dig the-domain-you-want.com. +trace
1. Re:Don't use WHOIS by Antibozo · 2008-01-08 08:04 · Score: 2, Interesting
  
  Except that you might get a lack of response when a domain is registered because someone has registered it but not put any DNS records behind it.
  
  Yes, there are rare cases where you might not see a response, at which point you can go ahead and try to register the domain and perhaps fail. But most registrars throw in their own parking nameservers at registration time automatically, so it's pretty unusual to find a name that is in a registry but has no DNS records. The more likely scenario is when a domain is in HOLD status after expiring.
  
  That plus your ISP can still sniff that request anyway (which apparently some of them do).
  
  If you know of cases where ISPs are speculatively squatting on domains based on sniffed DNS lookups, please enlighten us. Certainly there are scenarios where even a DNS lookup could trigger squatting or tasting; after all, a GTLD server operator might be colluding. The noise level in DNS is so high, though, that they would be thrashing the TLD registries pretty heavily if they were doing this.
Re:I always assumed they did this by MightyMartian · 2008-01-08 07:52 · Score: 3, Interesting

Eleven years ago when I first started working for an ISP, they were called Network Hell, and they had richly earned the moniker then, but their deeds over the last five years makes me think they want to earn some sort of record as the most unethical company in history.

ICANN didn't have the balls to kill the contract a few years ago, maybe they will finally do the right thing and rid the Internet of this vile vile monster.

--
The world's burning. Moped Jesus spotted on I50. Details at 11.
Re:Make it cost them ... by ajs · 2008-01-08 08:00 · Score: 2, Interesting

Probably the best way to do this search so that it actually consumes the most interesting space first, is to build random domain names, weighted based on existing names. For example, you could build names by taking the most common 2 and 3 letter sub-strings:

foo.com
bar.com
foobar.com

foo: frequency 2
bar: frequency 2
oob: frequency 1
oba: frequency 1
fo: frequency 2
oo: frequency 2
ba: frequency 2
ar: frequency 2
ob: frequency 1

Now, just pick random length, say 5, and generate random strings with the weights to the random selection being the frequency. Better yet, just generate EVERY possible permutation, ordered by frequency like so:

foofo.com
foooo.com
fooba.com
fooar.com
barfo.com
baroo.com
barba.com
barar.com
fofoo.com
oofoo.com
bafoo.com
arfoo.com
fobar.com ... and so on

This should generate all of the most likely-to-be-registered domains of the given length. You could do this based on, say, a few google searches, some Wikipedia articles, and some subset of DMoz. That should get you a nice collection of domain names to seed with.
Call for more info by Dan+East · 2008-01-08 09:07 · Score: 4, Interesting

I checked an obscure domain name through them in the last several days and it was available. Lo and behold, it is now registered. I will be calling their support line at 1.888.642.9675, and / or their technical support line at 1.866.391.HELP to figure out what is going on.

I sure hope I don't take up too much of their time, because 1-800 minutes aren't cheap for them, neither is tying up their support personnel. However, if you're curious about these practices, you might want to speak with them yourself - it's your right after all.

--
Better known as 318230.
Worse than that... by raehl · 2008-01-08 10:06 · Score: 2, Interesting

You can now buy uselessdomain00001.com for $34.99.

So they are DEFINITELY monetizing it, by charging more now that it has some traffic.

--
paintball
Well... by Weaselmancer · 2008-01-08 10:23 · Score: 2, Interesting

...would you mind posting it?

--
Weaselmancer
rediculous.
Lessor of two evils? by rs79 · 2008-01-08 10:42 · Score: 2, Interesting

" IMHO, bullshit."

Well... hang on and think about it for a second. In a perfect world if you look up a domain it remains available. But this is not a perfect world, we have ICANN instead.

My first reaction when reading TFA was "no way. they can't be".

But I see their point. With over a hundred registrars, many of them just squatters who want to get domains for the wholesale price of $6, it does appear ot be true that if you look up a domain at NSI you are still able to purchase it.

Compare this to some other registrar where if you look it up suddenly it's sold and now you have to buy it on the secondary market which will cost you way more that a regular domain. Lessor of two evils perhaps?

How long does it take to happen? I just looked up a long silly name at NSI and fifteen mninutes later it's still availalable. Anybody else notice this?

--
Need Mercedes parts ?
Re:Can't be ALL of them. by rdewalt · 2008-01-08 12:36 · Score: 2, Interesting

Not only that, they also put it on one of their parking "Domain Available!" pages too.

www.hitler-had-only-one-ball.com,

Tried on godaddy, showed up as open.
Same on NS, showed up as blank.
Went back to Godaddy, clicked it again, "DOMAIN TAKEN"

Whois shows it up as;
Domain Name: HITLER-HAD-ONLY-ONE-BALL.COM
Registrar: NETWORK SOLUTIONS, LLC.
Whois Server: whois.networksolutions.com
Referral URL: http://www.networksolutions.com/
Name Server: NS1.RESERVEDDOMAINNAME.COM
Name Server: NS2.RESERVEDDOMAINNAME.COM
Status: ok
Updated Date: 08-jan-2008
Creation Date: 08-jan-2008
Expiration Date: 08-jan-2009

Within seconds of having it hit.

As for the "domain tasting" drop after $n days, why not just 're-search' for it, after 3 days, so it stays registered until it costs them money?
Re:PR response from NSI by dgatwood · 2008-01-08 14:38 · Score: 2, Interesting

Awesome. So the Slashdotting the system got today should cause all manner of pain for sleazebags who watch for whois deletions and snap up the domains. That rocks. Now we can annoy dozens of horrible, evil companies with the ethics of a turnip just by making a single query! Couldn't happen to a nicer bunch of dirtbags.

The only question that remains, then, is how can the slashdot community convince the link farmers to purchase as many of these worthless domains as possible so that when nobody ever visits any of them again, they lose lots of money?

Suggestions?

--
Check out my sci-fi/humor trilogy at PatriotsBooks.
NSI doing Creative Commons Abuse, too! by schmiddy · 2008-01-08 16:06 · Score: 3, Interesting

I Just followed the link to uselessdomain0001.com. Check out the blue globe logo at the top.. now check out this CC licensed SVG image on Wikipedia: Applications-internet.svg. Looks like someone "accidentally" forgot to include the Creative Commons Share Alike license on that page.. hmmmm.

I think it's pretty obvious that NSI is just a scummy company, through and through.

P.S. If uselessdomain0001.com has changed by the time you read this, just check out uselessdomain0002.com or any other similarly tasted domain.

--
http://cltracker.net -- powerful craigslist multi-city search