Slashdot Mirror

← Back to Stories (view on slashdot.org)

SEO Via DNS "Piggybacking"

Posted by samzenpus on from the slip-in-there dept.

An anonymous reader writes "There is an interesting story over at the SANS Internet Storm Center that shows details on about 50 organizations that have had new machine names added to their DNS zone information. These were then pointed to sites used to boost the search engine cred of pharma, personals, and porn sites. If you outsource your DNS, how would you ever catch something like this?"

74 comments

  1. My hobby by Hentes · · Score: 2

    is signing up the contact emails of SEO companies to v1agr4 mailing lists. Fight spam with spam.

    1. Re:My hobby by Anonymous Coward · · Score: 1

      Excuse me, but might I point out that SEO is not spam. Some spam tactics are used by the less scrupulous SEO firms out there, but the two are very different beasts.

      I, for one, direct my clients in proper selection and placement of keywords on their sites and assist them in optimizing their content so that it can be more easily browsed by their users. The end result of this process is typically a site that is accessible to search engines and end users alike, with reasonable rankings in relevant searches. No spam, no bullshit, no need for you to be an asshole. I'll be sure to forward all my v1agr4 spam to you from now on, now that I know where it's coming from.

    2. Re:My hobby by TechLA · · Score: 2

      Exactly this, there are many reputable SEO companies and individuals. Just like with everything else, some people misuse things for their own gain. SEO is not about spamming search engines, it's improving the site in question, both to search engines and users. This results in better experience to everyone.

    3. Re:My hobby by Hentes · · Score: 1

      So are you saying that your kind has nothing to do with the automated posts on blogs/forums/comment walls all linking back to the home site for page rank? Or the top 100 keywords in hidden style on pages?

      Also, I don't spend that much time in front of the computer drunk, so if you are getting tons of spam it might be a follower of mine, or most likely just one of your "collegues".

    4. Re:My hobby by citizenr · · Score: 5, Funny

      Excuse me, but might I point out that SEO is not spam.

      Thats what SEO salesperson would say.

      --
      Who logs in to gdm? Not I, said the duck.
    5. Re:My hobby by Anonymous Coward · · Score: 1

      The results of most SEO tactics are spam. Instead of filling up your mailbox you search for some term and instead you have to weed through the crap to get get the results you were really looking for. For Google they offer a way to move you to the top, you pay for an ad based on keywords. If the person searching is looking to buy something it's right there, easy to get to.
      SEO "experts" charge customers to attempt to game the system, theoretically charging less than an ad would cost. Since the search providers don't want pissed off users they play the continuous game of whack-a-mole with the SEOs to negate the crap they just pulled. This has the result of keeping the SEO guys employed longer as their clients popped up in the search for a time, but it slips back down once the scam as been filtered out of the search criteria.

      I choose a search engine based on a match between their criteria for ranking and my own. I don't need assholes selling service to sucker companies to screw with the results I get so I have to keep fiddling with a search to get what I was looking for. Google I'm sure would rather employ people doing something more rewarding than tweaking the algorithms to weed out SEO spam.

    6. Re:My hobby by Anonymous Coward · · Score: 0, Insightful

      No, SEO is about one thing: boosting your ranking through gaming the system to line your own pocket. If it happens to make the user experience temporarily better, that's just a happy accident for the user. But it's not a long-term improvement (which would be helping the search company with their algorithm, for instance).

    7. Re:My hobby by AliasMarlowe · · Score: 0

      Some spam tactics are used by the less scrupulous SEO firms out there

      And these guys are giving the other 0.0001% a bad reputation.
      Go jerk off somewhere else; preferably using powdered glass as a lube.

      --
      Those who can make you believe absurdities can make you commit atrocities. - Voltaire
    8. Re:My hobby by xerxesVII · · Score: 0

      Excuse me, but might I point out that SEO is not spam. Some spam tactics are used by the less scrupulous SEO firms out there, but the two are very different beasts.

      I, for one, direct my clients in proper selection and placement of keywords on their sites and assist them in optimizing their content so that it can be more easily browsed by their users. The end result of this process is typically a site that is accessible to search engines and end users alike, with reasonable rankings in relevant searches. No spam, no bullshit, no need for you to be an asshole. I'll be sure to forward all my v1agr4 spam to you from now on, now that I know where it's coming from.

      mimimimimi
      lalalalalala
      *ahem* FUCK YOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOUUUUUUUUUUUUUUUUUUUUUUU!!!

      --
      "We shall grapple with the ineffable, and see if we may not eff it after all." - Douglas Adams
    9. Re:My hobby by Gordonjcp · · Score: 1

      Yes, in exactly the same way that winning a race is "gaming the system". I mean, only an out-and-out cheat would do something like observe what the conditions for winning are, and try to improve their own performance to match those conditions.

    10. Re:My hobby by Dishevel · · Score: 0

      I have to agree.
      SEO has a purpose. It is to screw with my search results.
      I will say it just one time.
      If you want to be a popular site Have content. Have style, Have community and Have some fun.
      You will end up popular and highly thought of and used.
      SEO companies are only there to screw results to get evil to the top then they go after the non evil and point out how evil has bumped them down.
      SEO then makes money putting non evil rich to the top and so on. SEO has nothing to offer. If SEO companies were all told to "FUCK RIGHT OFF" and their CEOs killed and their heads raised upon sticks the internet would work better for All.

      --
      Why is it so hard to only have politicians for a few years, then have them go away?
    11. Re:My hobby by TheNextCorner · · Score: 1, Offtopic

      Only 1% of websites get all search engine traffic. The rest of us, 99%, has to deal with scraps..

    12. Re:My hobby by Anonymous Coward · · Score: 0, Insightful

      SEO, if you do it under that name, is always black hat, and spamming search engines with fake or otherwise useless information is the primary way it's done. White hat SEO is what people who make web sites do when they do a good job. They never call it SEO because they don't want to be associated with the slimebags who clog search engines with their disinformation.

      If someone tells you that you need to SEO your web site, run fast, run far.

    13. Re:My hobby by sexconker · · Score: 1

      Excuse me, but might I point out that SEO is not spam. Some spam tactics are used by the less scrupulous SEO firms out there, but the two are very different beasts.

      I, for one, direct my clients in proper selection and placement of keywords on their sites and assist them in optimizing their content so that it can be more easily browsed by their users. The end result of this process is typically a site that is accessible to search engines and end users alike, with reasonable rankings in relevant searches. No spam, no bullshit, no need for you to be an asshole. I'll be sure to forward all my v1agr4 spam to you from now on, now that I know where it's coming from.

      What a joke. You want to optimize your search results?

      1: Spend 5 minutes reading Google's page on the subject, and include the proper meta tags in your pages.
      2: Make sure your robots.txt (if you have one) isn't blocking Google.
      3: Have content worth searching for.

      Absolutely any other tactic is a misrepresentation of content, and thus a form of spam.

    14. Re:My hobby by Anonymous Coward · · Score: 0

      sexconker your response reeks of ego, small mindedness and immaturity (although that last one may not be your fault entirely). Do you really believe a small business owner is going to read Google's page on the subject and within five minutes understand what to do with the Whiz Bang Flash site the web design company sold them the year before for $3500? Good for you if you can read it, and help yourself, but the small business owner probably won't. To tell you truth the Medium Size business owner won't either. Now who is ripping him off the SEO who comes in to solve the problems about why his business isn't appearing in search rankings (maybe help rebuild the site with a CMS | add a blog/news section for easily up datable content. Insert proper meta tags/ keywords and link structures with a relevant strategy to help drive traffic via social networking or the girl who ripped them off with a site that doesn't do a thing for them or help them drive traffic, and cannot be updated by the end user?
      Most web designers don't understand SEO best practices and are ripping their customers off (possibly unknowingly but ignorance shouldn't be an excuse for them). How in this scenario is the SEO guy the bad guy? Short answer he isn't. Now are you going to sit there and tell me that the same business owner should open up notepad look at the php/javascript/html/css standards and build themselves a properly functioning website. You are the same guy who when someone tries Linux for the first time and they ask a question you say RTFM. Your response and the RTFM response both add exactly zero benefit to anyone. In case you are wondering: I work in IT as a Director not as an SEO or web developer or anywhere near the field.

    15. Re:My hobby by Anonymous Coward · · Score: 0

      If you want to be a popular site Have content. Have style, Have community and Have some fun.
      You will end up popular and highly thought of and used.

      Sure works for us. Our simple hand-coded, informative site has been on the first page of Google results for years now, currently second after the requisite Wikipedia page (which I guess is always first--if there is a page for that search string?) This Google result is from using the simple two-word search for our branch of automotive engineering. We have many competitors and most of them are larger companies...and I'll bet our ranking pisses them off!!

      What's our trick? There is no trick. We have a short list of relevant keywords (and no irrelevant keywords) and a bunch of static pages that reference each other as appropriate.

    16. Re:My hobby by Anonymous Coward · · Score: 0

      How about just making your site better for users, and then the algorithms that measure that will notice?

    17. Re:My hobby by NevarMore · · Score: 1

      Go jerk off somewhere else; preferably using powdered glass as a lube.

      I would like to subscribe to your newsletter.

    18. Re:My hobby by TechLA · · Score: 1

      What's our trick? There is no trick. We have a short list of relevant keywords (and no irrelevant keywords) and a bunch of static pages that reference each other as appropriate.

      SEO mostly isn't about tricks either, and you having those keywords and they referencing each other is SEO already.

      And no, Wikipedia isn't always first. With many competitive keywords it can actually get quite far from first result. If you concentrated more on SEO, you would outrank it.

      And contrary to popular belief here, SEO isn't about spammy hidden links (those actually get you ranking LOWER pretty fast), it's also putting your site out there. On social networks, on bookmarking sites (and sites like reddit) and so on, in growing manner now. It helps both users and search engines find and rank your site. It also includes common good practices like having a good stucture on your site, using friendly urls (like slashdot has titles in url), and having an site that people actually like (Google measures the bounce rate - too many users come back to search results quickly and the site will drop in ranks). However, most businesses have no idea about this, and it's fine - they have a business to run and not everyone can know or have time to learn about everything. Generally, then, you ask other people to do those things while you concentrate on your main business.

      This goes well with the improving general user experience, and Google itself promotes using these SEO methods. Of course, Slashdot is now a days filled with people who seem to hate everything (apart from piracy and Apple/Linux) and who seem necessary to comment and hate on everything they know absolutely nothing about.

    19. Re:My hobby by Anonymous Coward · · Score: 0

      So are you saying that your kind has nothing to do with the automated posts on blogs/forums/comment walls all linking back to the home site for page rank? Or the top 100 keywords in hidden style on pages?

      Also, I don't spend that much time in front of the computer drunk, so if you are getting tons of spam it might be a follower of mine, or most likely just one of your "collegues".

      And it's widely known that many so-called "Computer Consultants" use shady, underhanded, deceptive practices. That does not make every Consulting group evil, or imply they are engaged in such practices.

      Maybe you should find some kind of actual proof of someone using spam or astroturf before you round up the posse and have yourself a hanging. Otherwise, you're every bit as much of a fuckwad as the ones doing the spamming. Because what you're saying is "Some companies who callthemselves X do Y, so by extension ALL companies who call themselves X must also do Y". And that's idiot logic, to put it in nicely.

    20. Re:My hobby by Anonymous Coward · · Score: 0

      > I will say it just one time.
      > If you want to be a popular site Have content. Have style, Have community and Have some fun.
      > You will end up popular and highly thought of and used.

      Which is exactly what professional SEOs are suggesting. You are screwing with my search results. You are evil.

    21. Re:My hobby by Gordonjcp · · Score: 1

      Making your site better for users, by following the guidelines provided by the search engine providers, perhaps?

      I mean, what would a search engine company like Google know about making information easy to find and sites easy to navigate?

    22. Re:My hobby by squiggleslash · · Score: 2

      Let's turn down the heat a notch. I work in a publishing company maintaining a collection of newsletter style websites, my colleagues use the term SEO rather a lot, we've employed at least one SEO consultant. This is my experience of what SEO is:

      My company publishes free content that it also syndicates, for free. Anyone who wants to can republish our content, as long as they link back to us. This isn't particularly unusual, especially as my employer sells premium products on the back of the free stuff (one in every few articles is, in fact, an ad, ultimately.)

      What it found were a number of issues with this, not the least of which is that many times if you searched for our content on Google, one of the syndicated copies would be first on the list, and our sites would be way further down in the list.

      A quick look at Google Webmasters also showed that we were getting a lot of hits for stuff that had nothing to do with us, while not getting hits for things that we did have.

      What went wrong and what did we do to fix it? Well, once you have a site that's gotten over a particular size and which has rather a lot of complexity (and we have multiple such sites), inevitably the site starts to gather rather a lot of crud. SEO, in this context, means taking a step back and figuring out where the problems are in the site. Sometimes they're obvious - bad uses of tags, a lack of meta data - and sometimes they're not - a lack of semantic HTML is a common problem and extremely easy to do by accident.

      And that's what we've been doing. No-one's ever recommended link farms to us (and we'd fire any consultant who does - link farms are a great way to get permanently banned from Google.)

      When you hire an SEO consultant, you might hire a kooky black-hat person (and when I was building sites for clients, I had clients who'd come to me saying they'd been in touch with a "consultant" who promised to make their site #1 in 24 hours...) but that doesn't mean all SEO consultants are going to be like that, not least because that's a great way for an SEO to lose business in the long run.

      Going through your site and ensuring that it uses semantic mark-up, that it has proper meta data, etc, is something that ultimately improves visibility. And it's very easy to not do by accident. It's also very easy to only half do if you think you know what you're doing but actually your skills lie in data manipulation, or cosmetic web design, or converting video formats, or whatever.

      As I said, this is my experience. And as I said, yes, I've had people come to me (outside of my employer) asking whether they should work with rather dubious SEOs. But in normal parlance, SEO is a fairly reasonable activity, and actually, all the things that legitimate SEOs recommend are stuff that helps the web rather than damages it.

      --
      You are not alone. This is not normal. None of this is normal.
    23. Re:My hobby by maxwell+demon · · Score: 1

      Making your site better for users, by following the guidelines provided by the search engine providers, perhaps?

      I mean, what would a search engine company like Google know about making information easy to find and sites easy to navigate?

      Sites easy to navigate? Given my late experience with using Google's site, very little.
      Well, I now do my searches through Startpage, there the web page still behaves like a web page should behave.

      --
      The Tao of math: The numbers you can count are not the real numbers.
    24. Re:My hobby by wwfarch · · Score: 1

      IIRC, Google does NOT use the bounce rate and has explicitly said so. Bounce rate is too noisy to get a sense of whether or not a site is legitimate. Sites like Stack Exchange should have a high bounce rate while sites like Amazon should have a low bounce rate. Both are examples of high quality websites that should rank highly.

    25. Re:My hobby by TechLA · · Score: 1

      It actually changed with the latest algorithm update, they're using it now. You're correct about stack exchange like sites actually, they have a huge bounce rate and it's causing trouble for them. It's being discussed on their webmaster forums too, this case is about similar site DaniWeb.

  2. By checking? by h4rr4r · · Score: 2

    You could just do a zone transfer and check. If they don't allow that, find someone who does.

    1. Re:By checking? by petermgreen · · Score: 3, Insightful

      How do you know if the records in the zone you transfer are the complete set of records in the live zone?

      --
      note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
    2. Re:By checking? by h4rr4r · · Score: 1

      I guess they could hide some, sure. You convinced me, always run your own BIND instances.

    3. Re:By checking? by Anonymous Coward · · Score: 0

      as if they wouldnt filter the axfr's

    4. Re:By checking? by h4rr4r · · Score: 2

      Well, djbdns is dead, so what else is left of any worth?

    5. Re:By checking? by Anonymous Coward · · Score: 0

      I would hope that's a feature you had to enable. If they let you do a blind zone transfer, then find someone else.

    6. Re:By checking? by causality · · Score: 3, Informative

      Well, djbdns is dead, so what else is left of any worth?

      I've been really happy with Unbound. Prior to that, I used MaraDNS until I found that Unbound was snappier from the perspective of my Web browser not having to wait as long for hostname resolution.

      My own needs are rather modest. It is possible there is some killer feature you absolutely must have that neither of those supports. If not, I think you'd like them.

      --
      It is a miracle that curiosity survives formal education. - Einstein
    7. Re:By checking? by XanC · · Score: 1

      PowerDNS. It is awesome.

  3. Facebook? Really? by OverTheGeicoE · · Score: 1

    Most of the questionable machines listed in the article had the kind of names you would expect for this kind of activity, like "viagra" and "cialis". Several machine names contained "facebook". Is Facebook involved in this somehow? When you're a giant of the industry, do you really need to resort to this kind of thing?

    1. Re:Facebook? Really? by Sarten-X · · Score: 2

      Facebook's another victim here, more or less. From TFA, it appears one approach is promoting malicious Facebook apps. Personal opinions of Facebook aside, it seems reasonable. If I trust Initech.com, I'd be me likely to approve a Facebook app from facebook.initech.com.

      --
      You do not have a moral or legal right to do absolutely anything you want.
    2. Re:Facebook? Really? by Anonymous Coward · · Score: 0

      More likely that they are trying to get "facebook" + "personals" together. I'm sure this isn't facebook's doing. Consider first that the prefixes with "facebook" are also pointing to the same IP as the "viagra" and "personals" prefixes.

    3. Re:Facebook? Really? by Rosco+P.+Coltrane · · Score: 2

      Facebook's entire history is one of shady behind-the-user's-back shit.

      --
      "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  4. Hey look, a StartCom Class 1 cert. by janeuner · · Score: 1

    Your secure connection has been certified by someone who gives away free certificates! Security!

    1. Re:Hey look, a StartCom Class 1 cert. by h4rr4r · · Score: 1

      The folks who sell them, don't do anymore checking.
      For evidence look at the recent news articles about it.

    2. Re:Hey look, a StartCom Class 1 cert. by Anonymous Coward · · Score: 0, Insightful

      You meant to use the word "any" and "more".

      We'll let it slide this one time.

    3. Re:Hey look, a StartCom Class 1 cert. by bill_mcgonigle · · Score: 1

      Just stop. It's a Slashdot comment, not a term paper, and edited accordingly.

      You waste my time.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    4. Re:Hey look, a StartCom Class 1 cert. by causality · · Score: 1

      Just stop. It's a Slashdot comment, not a term paper, and edited accordingly.

      You waste my time.

      The message? "You should value your own independent, individual, personal thoughts and opinions that you share voluntarily much, much less than the things you are forced by authority to write in order to jump through some hoops to earn some credential."

      Yeah, that's sane and you'd be a fool to question it. Nothing is worth any effort, it is never worthwhile to take an extra second to get it right, you should never show anything this kind of respect (particularly not yourself and your own works), and everything should be as sloppy as permissible. Some authority figure like a professor holding some kind of gun to your head like denial of a degree is the only good reason to ever go the extra mile for anything. Oh, and it's normal to feel empty and unfulfilled because nothing has any intrinsic value; everything is just a means to an end including the ends themselves.

      If anyone disagrees with this, you should advocate sloppiness instead of simply telling him that his message would be more effective if he were less of a jerk. It's all-or-nothing, baby, and you're either with us or against us.

      --
      It is a miracle that curiosity survives formal education. - Einstein
    5. Re:Hey look, a StartCom Class 1 cert. by Anonymous Coward · · Score: 0

      Thank you for putting my thoughts into words.

    6. Re:Hey look, a StartCom Class 1 cert. by causality · · Score: 1

      Thank you for putting my thoughts into words.

      They were worthy of expression. It seemed right for someone to articulate the difference between nit-picking and a genuine love of excellence.

      --
      It is a miracle that curiosity survives formal education. - Einstein
    7. Re:Hey look, a StartCom Class 1 cert. by fast+turtle · · Score: 1

      which is why I've changed the trust model in FF to Untrusted for ALL Certs until I provide an exception and it seems to work fine for me as I don't have that many secure websites I deal with that it's a problem.

      --
      Mod me up/Mod me down: I wont frown as I've no crown
    8. Re:Hey look, a StartCom Class 1 cert. by heypete · · Score: 1

      What does it matter if it's free or not? They do the same "domain validation" that is common amongst paid CAs, and basically used for most everything except EV certs. At least StartCom puts their Class 1 certs under a specific intermediate root that you can choose to not trust if you wish, as opposed to how a lot of other CAs do it.

      Should CAs do more thorough validation? No doubt. I'd like to see them do away with DV certs (or at least have browsers display different trust indicators). That said, validation isn't always a function of the purchase price.

      Disclaimer: I'm a StartCom customer, went through StartCom's Class 2 verification, and use their Class 1 and 2 certs for a few minor services.

    9. Re:Hey look, a StartCom Class 1 cert. by bill_mcgonigle · · Score: 1

      The message? "You should value your own independent, individual, personal thoughts and opinions that you share voluntarily much, much less than the things you are forced by authority to write in order to jump through some hoops to earn some credential."

      You miss the point. I understood the GP comment just fine despite the grammatical error. His nitpicking had me load a new page to see his (expectedly) topical response, but it was just nitpicking and added nothing to the conversation.

      We'd be better off on Slashdot if people just let these things go without getting OCD on them. One will never see a perfectly edited Slashdot and complaining about that fact won't do any good, but it will waste the time of everyone else involved. Of course people should quickly proof their comments, but even so, errors will be missed.

      If I really tried I could find something to correct in probably 70% of Slashdot comments. Refraining from doing so is the better option.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  5. where's the rock and roll? by s1d3track3D · · Score: 1

    Plenty or sex and drug additions but no rock and roll?

    1. Re:where's the rock and roll? by WrongSizeGlass · · Score: 1

      The tcsys.com site has links to two bands: dorothyrocks.com & crunchmonkey.com

      warning: tcsys.com is a late 90's website and may bring back feelings of nostalgia and/or confusion.

    2. Re:where's the rock and roll? by uncqual · · Score: 1

      Follow the money.

      --
      Why is there an "insightful" mod and why isn't it "-1"? If I wanted insight, I wouldn't be reading /.
  6. Really? by Anonymous Coward · · Score: 0

    I won't even use my ISP's nameservers. I run my own.

  7. Maybe you should not outsource your DNS... by Czech+Blue+Bear · · Score: 4, Insightful

    I believe that DNS, along with other IT infrastructure (and accounting) is so crucial that it should never be outsourced. By outsourcing, you are in fact giving away your keys to your webs/infrastructure/money. Of course that all kinds of bad stuff can happen then.

    1. Re:Maybe you should not outsource your DNS... by Anonymous Coward · · Score: 1

      I believe that DNS, along with other IT infrastructure (and accounting) is so crucial that it should never be outsourced.

      Well, maybe. More importantly, many of us don't have sufficient bandwidth, power & reliable internet connections to host our own DNS servers.

      By outsourcing, you are in fact giving away your keys to your webs/infrastructure/money. Of course that all kinds of bad stuff can happen then.

      Maybe, but you also might hire professionals to do something that you aren't very good at so that you can spend your time working on things that you are good at.

      Further, a decent outsourcing plan will force you to analyze & describe the services you are expecting in detail, and (hopefully) a service level agreement. This analysis is very useful, and rarely done for services provided internally.

    2. Re:Maybe you should not outsource your DNS... by msobkow · · Score: 2

      I don't understand why you'd want to outsource DNS. It's trivial to set up a DNS server, and I'd want to be able to remap servers on a whim in case any issues arose.

      I set up a one-machine DNS on this box just so the VMWare image can be properly resolved by the host image. It took longer to download the latest bind software than it did to configure it.

      --
      I do not fail; I succeed at finding out what does not work.
    3. Re:Maybe you should not outsource your DNS... by subreality · · Score: 2

      Setting up BIND is easy.

      Setting up several high-reliability, geographically-distributed, no-common-failure-modes sites is hard, and it's a prerequisite for DNS. If you mess up, pushing out new NS and glue records is slow. It takes a long time to recover, and your web site is down and your mail is bouncing the whole time.

      Some large companies have multiple reliable sites and it's not a burden to host their own. Most mid-to-small guys are better off using at least an outsourced secondary DNS service. Tiny companies have better things to do than trying to host their own public infrastructure, and should outsource anything that's available as a cheap, convenient service like DNS.

    4. Re:Maybe you should not outsource your DNS... by Anonymous Coward · · Score: 0

      I believe that DNS, along with other IT infrastructure (and accounting) is so crucial that it should never be outsourced.

      Well, maybe. More importantly, many of us don't have sufficient bandwidth, power & reliable internet connections to host our own DNS servers.

      Er, if your servers are so starved for bandwidth or computational power then your website/mail is going to be unreliable anyway, I fail to see the problem. If the DNS goes down with the site then it changes nothing, even if the DNS did still resolve then there would still be no site to land on anyway.

      (I don't know how recursive DNS handles failure to connect, I'd like to think that the zone root would just falls back to the cached value of the last lookup instead of just spitting NXDOMAINs but I don't know for sure)

    5. Re:Maybe you should not outsource your DNS... by Monoman · · Score: 1

      I don't understand why you'd want to outsource DNS. ...

      I work for a small sized school in Hurricane alley. We are considering outsourcing our DNS to keep basic services (DNS and a static web page) up in the event of a localized disaster. Example, a hurricane comes through causing an extended power outage on our main site (which includes our small datacenter). Someone could remotely update the DNS to point www to a remotely managed static web page that includes updates to the status of various locations. We may do this ourselves through an agreement with another school.

      For those worried about unauthorized records being added to the DNS zone I say; read the TOS and ammend the TOS to your liking. Insist on a backup/zonefile periodically.

      --
      Keep the Classic Slashdot.
  8. Should be much higher than 50 orgs. by sl4shd0rk · · Score: 1

    There are two issues here (cracked corporate DNS box, or hacked login creds) and it seems like #1 should be way higher than 50 organizations.

    At any rate, registering a business name under a crap domain has always been going on. It gives spammers something to put in an email that looks legit enough for people to click.

    --
    Join the Slashcott! Feb 10 thru Feb 17!
  9. DNSSEC can fix this, sort of by Anonymous Coward · · Score: 0

    DNSSEC also authenticates the absence of hosts, so the entity holding the signing key can make sure that no valid DNSSEC response with additional hosts will be served. If you're not self-hosting your own DNS, then chances are that your zone is sufficiently static to keep the signing key out of your hoster's hands. On the other hand, if you're not self-hosting your own DNS, you probably don't want to be bothered with the intricacies of signing a DNS zone. It won't help against a modified zone being served to plain old DNS clients, so this isn't really a cure anyway.

    Your best bet is not to do business with disreputable hosters. Find someone with sufficiently deep pockets whom you can sue for actual money if they do this to you. Still doesn't help you with finding it. Try trawling search engines for appearances of your domain name in association with unexpected sites, i.e. look for the effects, not the cause.

  10. Maybe the domain owners are involved? by suso · · Score: 1

    The article doesn't say whether this guy followed up and contacted the domain owners about it. Who is to say that these organisations aren't simply being paid for use of their domain name in this manner? I know I know. Its unlikely, but there are all things like this happening.

    What I want to know is, are the DNS hosting providers in on it? Are they modifying their software so that the customer doesn't see information. That would be where the real badness is and should be publicized. It also wouldn't be the first time that a 3rd party DNS type of service was misused. For instance, whois queries being sold, etc.

    1. Re:Maybe the domain owners are involved? by tliston · · Score: 2

      In addition to sending notifications to site owners, I did communicate with several of them and they were shocked to find out about the alteration of their domain information. I also spoke with some of the DNS providers and I found nothing to indicate that they were involved (also, from TFA, the domains are spread across multiple DNS providers). As I said in the write-up, my bet is on a combo of poorly chosen passwords and overly generous/non-existent account lockout policies on something like a cPanel interface.

  11. Zone transfers? by Anonymous Coward · · Score: 3, Informative

    The referenced site had many examples, such as buy-viagra.4kidsnus.com
    having been added as an extra host (subdomain! There is even a
    www.buy-viagra.4kidsnus.com!) to 4kidsnus.com.

    Now how did that get added to 4kidsnus.com?

    Someone suggested checking a zone transfer. That seems not to work
    here at the dnsexit.com supplied nameservers.

    I do NOT see any buy-viagra.4kidsnus.com in a zone transfer for 4kidsnus.com. I DO see a separate zone transfer to the domain buy-viagra.4kidsnus.com itself.

    Usually public zone transfers don't work, but they happen to
    be supported for 4kidsnus.com.

    4kidsnus.com. SOA ns2.dnsexit.com

    (from dns2.dnsexit.com)

    Hmmm ... slashdot claims this hits their 'lameness' filters
    due to so many 'junk; characters ... like spaces and digits?

    Well ... apparently they are not going to accept it with
    any useful data so ... try a 'dig @ns2.dnsexit.com. 4kidsnus.com.' Here is a truncated version of what I found.

    One finds the SOA (nameserver at ns2.dnsexit.com),
    NS records (dns{1,2,3,4}@dnsexit.com), a few MX records
    (at google) a wild carded CNAME (*.4kidsnus.com are all
    aliased to the CNAME 4kidsnus.com) and address for
    4kidsnus.com (50.73.38.13) and one host with its own,
    separate A record, pbx.4kidsnus.com at 74.189.21.58.

    I don't see buy-viagra.4kidsnus.com at all.
    However one can get a separate zone transfer for that
    domain (with a host at www.buy-viagra.4kidsnus.com):

    dig @ns2.dnsexit.com buy-viagra.4kidsnus.com. axfr

    buy-viagra.4kidsnus.com. SOA ns2.dnsexit.com. admin.netdorm.com.
    buy-viagra.4kidsnus.com. NS ns1.dnsexit.com.
    buy-viagra.4kidsnus.com. NS ns2.dnsexit.com.
    buy-viagra.4kidsnus.com. NS ns3.dnsexit.com.
    buy-viagra.4kidsnus.com. NS ns4.dnsexit.com.
    buy-viagra.4kidsnus.com. A 67.55.117.204
    www.buy-viagra.4kidsnus.com. CNAME buy-viagra.4kidsnus.com.
    buy-viagra.4kidsnus.com. 28800 IN SOA ns2.dnsexit.com. admin.netdorm.com. ;; SERVER: ns2.dnsexit.com

    1. Re:Zone transfers? by tliston · · Score: 1

      Interesting. I tried zone transfers on some of the first domains I found, but gave up on them because I wasn't getting anywhere. What you're seeing is very odd -- almost like DNSExit is treating buy-viagra.4kidsnus.com like a domain itself rather than as a sub-domain of 4kidsnus.com.

    2. Re:Zone transfers? by GNUALMAFUERTE · · Score: 0

      THIS.

      Came here to explain this. Thank you. WTH are the editors allowing some jerk to post "how are you supposed to ever find out about this?".

      This site looks less like /. every day.

      --
      WTF am I doing replying to an AC at 5 A.M on a Friday night?
    3. Re:Zone transfers? by tliston · · Score: 1

      The real question is "how many people actually check this sort of thing?" I would be willing to bet that few, if any, smaller organizations (i.e. ones who have essentially static zone info) ever check the contents of their DNS once it's been set up.

    4. Re:Zone transfers? by Anonymous Coward · · Score: 1

      Without reading the article, I'd guess that's EXACTLY what is happening.

      Somebody has added their OWN "sub" domain as a totally separate zone, to the same DN server that the "main" domain is on, so when somebody looks up buy-viagra.4kid... it hits up the DNS for 4kids.... but the server pulls out the buy-viagra.4kids... zone, even though there is no mention of buy-viagra in the official 4kids zone.

      Look for any shared web hosting server, find a domain that has DNS served from that server that you want to hook off, say example.com get yourself an account for myownsub.example.com on it, doesn't matter if you have anything to do with example.com, I bet it will work just fine.

  12. Maybe it is a seperate domain name. by Anonymous Coward · · Score: 1

    Maybe someone signed up to host DNS for their domain "buy-viagra.4kudsnus.com" with them, and their systems aren't smart enough to realize that that sort of thing shouldn't be allowed. For example, they'd have to allow three-part domain names for whatever.co.uk and similar, yet they shouldn't allow that for .com domains. Maybe they're mistakenly allowing it, and people are taking advantage of that. Normally you couldn't do that since the root DNS servers wouldn't point to your own DNS server, but the root servers are already configured to point to this DNS host, so that isn't a problem. The only problem is that smart DNS hosts won't allow one user to have a domain name that is a subdomain of another user's domain name.

  13. Sign your zone by Anonymous Coward · · Score: 0

    Uhm, you all do sign your zone, right? Once you do that, I don't see how anybody messes with you.

  14. SEO is whitehat - and a good thing! by Coolhand2120 · · Score: 2

    A good web author knows how the search engine works with their site. Things like overuse of a keyword, not enough content or excessive boiler plate content will cause your site to rank low. While things like canonical urls, matching meta description with page content, lots of diverse keywords in narrative format and links pointing to pages that contain the link text in prominent locations all will help your position in a search engine.

    I'm sure there are some SEO companies that sell people bullshit, but that story is as old as time, you'll find con artists in every business. This is not "hacking" or "spamming" or even gaming the search engine. It's presenting a semantically correct page that both humans and spiders can understand well. You can get a good rank without doing anything nefarious. Just from my own searching, as a non-author, I can see nefarious stuff rarely works and when it does it's fleeting.

    When I do SEO on a site I use a program like http://www.seoengine.com/ to tell me what's wrong with my page. More good info on SEO can be found at Google webmaster blog And A bunch of great videos from the Google guys (Tons about SEO):.

    1. Re:SEO is whitehat - and a good thing! by Hentes · · Score: 1

      That was informative. Sorry, I had a bit of prejudice against the whole business. Although I have to say I don't share your optimism about malicious tactics not working, as I see their signs in a lot of places.

  15. This is a provider issue. by jamie.rishaw · · Score: 1

    This is a "DNS provider answering /any/ hostname request with the A-record of your zone/domain" issue.

    ..!arpa!jamie:  ~ % dig veryImprobableHostname-becauseIJustMadeItUp.4kidsnus.com a

    ;; QUESTION SECTION:
    ;veryImprobableHostname-becauseIJustMadeItUp.4kidsnus.com. IN A

    ;; ANSWER SECTION:
    veryImprobableHostname-becauseIJustMadeItUp.4kidsnus.com. 0 IN CNAME 4kidsnus.com.
    4kidsnus.com.           82      IN      A       50.73.38.13

    ;; AUTHORITY SECTION:
    4kidsnus.com.           79      IN      NS      ns2.dnsexit.com.
    4kidsnus.com.           79      IN      NS      ns4.dnsexit.com.
    4kidsnus.com.           79      IN      NS      ns3.dnsexit.com.
    4kidsnus.com.           79      IN      NS      ns1.dnsexit.com.

    ---

    So, as you see, (and I'm sure it's intentional as a favor to you, seeing how
    the TTL is low) any queried hostname will return an answer of "CNAME
    (your domain)," which gives an A record out;