NameStarter.com :: domaining business blog // Domaining for Domainers

Archive for the ‘hostexploit’ Category

Why domain parking companies get named on “bad host” lists

August 7, 2012Domain Parking, Domaining, Domainnamewire, hostexploitComments Off on Why domain parking companies get named on “bad host” lists

Old data leads to parking companies landing on malware lists.

Last October Oversee.net was named the “#1 Bad Host” by HostExploit, a group that compiles data about malware and other nefarious things on the web.

It’s not the first time a domain parking company or registrar has been called out by HostExploit.

So why is it that domain parking companies land on these bad lists?

At a high level, it’s all about old data.

“There’s a big misunderstanding about the parking industry as a whole,” explains Aaron Kvitek, VP, Marketing & Communications at Oversee.net. “It’s not just on HostExploit’s part, but also their data providers.”

The problem is that domain parking companies frequently park recently expired domain names. These domain names may have been used for nefarious purposes before they expired, and data providers don’t update the change of ownership for around ninety days.

HostExploit and similar groups depend on these data providers for data about which domains are being used for bad purposes.

“The parking companies that have the domains parked on their platforms are going to be flagged by those data providers even though the domain has changed ownership and is in no way, shape, or form spreading malware,” said Kvitek.

Registrars also get dinged for their customers’ activities. While registrars can generally police what happens with domains on their network, it’s impossible to stamp it out.

Since Oversee.net previously owned Moniker, it was penalized with both parked domains and when Moniker registrants were up to no good.

Although Moniker was taken off Oversee.net’s network in May, it will still end up hurting Oversee.net in HostExploit’s next report because of the data lag.

So can’t groups like HostExploit just get their data providers to refresh their data more often or track changes in domain ownership? Kvitek said it’s just not a high priority for data providers. (Google is one of the largest).

Oversee.net is no longer ranked the #1 Bad Host. Kvitek says the company took steps to better filter the domain names it was buying to avoid those with known problems.

“They are always going to slip through the cracks, but we got a little better at that,” he said.

Moniker also worked to move customers off its systems if they were using their domains for bad purposes.

In another positive development, Oversee.net recently signed a deal with security research firm Team Cymru to share data about malicious attacks, badware, etc.

Domain parking companies are at a disadvantage when it comes to “bad host” lists. But Oversee.net’s experience shows that parking companies can also take steps to limit their exposure.


© DomainNameWire.com 2011.

Get Certified Parking Stats at DNW Certified Stats.

No related posts.

Why domain parking companies get named on “bad host” lists

August 7, 2012Domain Parking, Domaining, Domainnamewire, hostexploitComments Off on Why domain parking companies get named on “bad host” lists

Old data leads to parking companies landing on malware lists.

Last October Oversee.net was named the “#1 Bad Host” by HostExploit, a group that compiles data about malware and other nefarious things on the web.

It’s not the first time a domain parking company or registrar has been called out by HostExploit.

So why is it that domain parking companies land on these bad lists?

At a high level, it’s all about old data.

“There’s a big misunderstanding about the parking industry as a whole,” explains Aaron Kvitek, VP, Marketing & Communications at Oversee.net. “It’s not just on HostExploit’s part, but also their data providers.”

The problem is that domain parking companies frequently park recently expired domain names. These domain names may have been used for nefarious purposes before they expired, and data providers don’t update the change of ownership for around ninety days.

HostExploit and similar groups depend on these data providers for data about which domains are being used for bad purposes.

“The parking companies that have the domains parked on their platforms are going to be flagged by those data providers even though the domain has changed ownership and is in no way, shape, or form spreading malware,” said Kvitek.

Registrars also get dinged for their customers’ activities. While registrars can generally police what happens with domains on their network, it’s impossible to stamp it out.

Since Oversee.net previously owned Moniker, it was penalized with both parked domains and when Moniker registrants were up to no good.

Although Moniker was taken off Oversee.net’s network in May, it will still end up hurting Oversee.net in HostExploit’s next report because of the data lag.

So can’t groups like HostExploit just get their data providers to refresh their data more often or track changes in domain ownership? Kvitek said it’s just not a high priority for data providers. (Google is one of the largest).

Oversee.net is no longer ranked the #1 Bad Host. Kvitek says the company took steps to better filter the domain names it was buying to avoid those with known problems.

“They are always going to slip through the cracks, but we got a little better at that,” he said.

Moniker also worked to move customers off its systems if they were using their domains for bad purposes.

In another positive development, Oversee.net recently signed a deal with security research firm Team Cymru to share data about malicious attacks, badware, etc.

Domain parking companies are at a disadvantage when it comes to “bad host” lists. But Oversee.net’s experience shows that parking companies can also take steps to limit their exposure.


© DomainNameWire.com 2011.

Get Certified Parking Stats at DNW Certified Stats.

No related posts.

HostExploit Exploits Demand Media’s IPO Filing

August 11, 2010Domain Registrars, Domaining, Domainnamewire, eNom, hostexploitComments Off on HostExploit Exploits Demand Media’s IPO Filing

HostExploit report generates more questions than answers.

I just finished reading HostExploit’s report about Demand Media and its domain name registration business (eNom). Whenever I read a report like this, I try to think about the motives of the report’s authors. In this case, it’s clear that HostExploit wanted to rush something out to piggyback on the buzz of Demand Media’s S-1 filing to go public. When I see punctuation errors in a research report, I pay closer attention.

The report basically says eNom is a bad registrar and web host, hosting a number sites with badware, malware, and illegal pharmacies. That may be true (more on that later in this post). But the report then lists some other allegations, such as saying “We received reports suggesting Demand Media / eNom utilize these techniques”, referring to cybersquatting, click fraud, splogs, and link farms. But then the report basically says it hasn’t even analyzed whether or not this is true.

And since when are link farms illegal? Show me a registrar who will shut down someone for hosting link farm sites. I don’t condone such things, but it’s not a registrar’s business to regulate. In fact, they’d probably get sued for shutting down a link farm. It’s the search engines’ business to effectively filter out link farms.

Then section 8 of the report says that eNom might be in non-compliance with its Registrar Accreditation Agreement. It then reprints and explains sections of the agreement, but fails to say why it believes eNom is out of compliance. I assume this section has to do with information in KnujOn’s report earlier this year.

Now, back to the issue at hand. Let’s assume eNom does have a lot of bad actors that use its services. What can eNom do? It’s a tough question. On the one hand, a registrar doesn’t want this stuff on its network. On the other hand, it doesn’t want any ‘false positives’ where it shuts down a legitimate web site.

The challenge is striking a fine balance. It appears eNom is getting a reputation as being a registrar of choice for bad actors, and that means more bad actors will use its services in the future. (Ironically, HostExploit’s report basically tells criminals which registrar to use.) eNom needs to quash that reputation. The last thing it wants is underground criminal forums to start promoting “hey, use eNom!” Perhaps it should work with law enforcement to (legally) shut down some of these bad sites, and then publicize its work.

And one more thing. I really hope HostExploit got permission before republishing a copyrighted article about its report from ComputerWorld.com.* That would be ironic, wouldn’t it?

*I haven’t “analyzed whether or not this is true”.


© DomainNameWire.com 2010.

Get Certified Parking Stats at DNW Certified Stats.

Related posts:

  1. In Demand (Part 2): How the Domain Business Can Benefit from Demand Media
  2. Demand Media Buys Demand.com
  3. Demand Media Lands in Austin