Commenters have speculated that the domain was seized by law enforcement due to participation in a malware campaign. The domain in question may have been used by malware that was phoning home, perhaps because the Linode server hosting it was compromised. This stems from the fact that the domain's new nameservers are Shadowserver's sinkholes:
Name Server: sc-c.sinkhole.shadowserver.org
Name Server: sc-d.sinkhole.shadowserver.org
Name Server: sc-a.sinkhole.shadowserver.org
Name Server: sc-b.sinkhole.shadowserver.org
Edit: When querying the domain in RiskIQ, one of the Linode IP addresses formerly associated is tagged with `emerging_threats` and `kaspersky`. Other domains/subdomains associated with the same IP address have similar tags.
One such domain is MathB.in, which is a public pastebin. It's conceivable that malware was phoning home by creating pastes on that site.
Susam, I don't have much experience recovering domains in this state, but it's conceivable that Namecheap will be able to put you in contact with someone who can help resolve the matter. However, if there's something like a sealed court order involved, you may find that you're stonewalled at first. I don't know if there's any available recourse for this, especially since this appears to be an international effort.
At least as of a couple of years ago, Shadowserver could accuse you of botnet participation on such flimsy evidence that it was way too easy to frame someone else as being a botnet participant. I don't want to give ideas how, but it happened to me. Since then, I've configured my firewalls to block traffic to Shadowserver IPv4 space. I'm more worried about getting framed again than actually getting a botnet infection and not getting notified.
Yeah, unfortunately, domain squatters have poisoned the well for .com domains. There are many, many domains which should be available for use, but are being squatted indefinitely for speculative purposes. This has caused pretty much every new company to migrate to TLDs like .co, .ly, .me, .ai, .in, and .io. Since these are almost all ccTLDs run by countries, governance is not great. .io has been particularly bad;
The problem of allocating scarce resources is hardly unique to domain names. Here are some ways of doing it:
- Let the market set the price.
- Recurring fee for holding it to discourage unproductive speculation.
- An authority decides who deserves it and gives and takes according to their rules.
The 3rd option is particularly nasty. Usually, it's very hard and is what communists hope to do on a broader scale. It would certainly result in seizures whenever the authority decided somebody isn't fully utilizing their domain name. Maybe you spent too long setting up your business and right before launch, you get branded a squatter and your domain is taken after you've already used it in all your marketing material, registered a corresponding trademark, and everything. You might imagine the authority would be fair and not kick out a genuine owner like that, but it's unlikely to have the resources or incentive to investigate every case properly.
People who lawfully own a domain -- even if in a speculative fashion -- are not domain squatters.
If you had a hot new product called CyberTrk and someone ran and registered cybertrk.com, that is arguably squatting and can be legally enforced as such.
If you have what you think is a great new online notepad and notes.com is sitting registered but dormant, the inelegant but reasonable way to respond to your situation is "tough shit". Keep looking.
99% of the time that people rant about "squatting" they're talking about the latter case. Yet they are not entitled to a domain because of some imagined better use for it.
Sorry for the rant, but misclaims about "Squatting" lead to an iffy area where people have a profound misunderstanding about property rights. I have zero "parked" domains, but contemplating the issue long ago made me less outraged when I lazily searched for the most blatantly obvious domains.
Thanks for the reply, but this is quite a tangent to my point. I am not arguing that it is not legal to hold a domain indefinitely for investment purposes; I'm saying that since so many domains are being held this way, startups are being forced to sketchier ccTLDs.
It also paradoxically means that .com domains are not quite what they used to be: as more cool new companies have a .ai or .co, the public has stopped thinking that "only .com matters". Like I said, the holders of the .coms are just poisoning the well for the TLD.
To address your point directly, I do personally disagree with you that "squatting for speculation" or "parking" as you prefer is harmless. Since ICANN (or Verisign, I guess) controls the TLD, I do think they should disincentivize this holding behavior with some kind of property tax. It's as if vast tracts of Manhattan were just empty fields - not really in anyone's best interest, in the long run, not even the property investors, who are at risk of property developers going to more-hospitable jurisdictions.
I referred purely to the incorrect use of the term squatting. They aren't squatting.
Further, nowhere did I say that it was "harmless", or pass any value judgment at all on it. I just said that it's not squatting (cyber, domain, or any other prefix). Those people pay the same domain fees as anyone else.
"I do think they should disincentivize this holding behavior with some kind of property tax"
They are paying the same domain fees as everyone else. However let's imagine that they change it to charging some sort of "how lucrative is the domain name" property tax, like Google hilariously tried to do with some of their failed TLDs: We're currently talking about parked domains that cost an absolutely negligible amount...I imagine a lucrative fee would be a bit more disliked by these imaginary startups ready to fill all the good domains.
Sidenote - there was a rush to .io, .ly and other TLDs -- against all reasonable caution -- because people thought they were cool and new, not because they were their last resort
Why does the sketchiness of some ccTLDs pass without comment? Shouldn't that be dealt with before casting the solution on other TLD/registrars/etc. like so much splash damage?
I think a few people, including myself somehow read too much into your comment. Actually, it sounds kind of positive now. If shortage of .com domains has pushed the "cool" websites to others, that naturally increases the supply of the preferred TLDs. Except of course your point about governance. There have been problems with some weird trendy TLD like .io, haven't there?
Internet domains are not property, and to the extent they are, they are all the property of ICANN. The delegation system is somewhere between leasing and feudalism.
You can tell it's not property because the one thing that's guaranteed to result in losing a domain is failing to pay the fees.
The idea that first registration entitles someone to (a) waste a finite resource forever and (b) sell it at arbitrary prices later was fought out in the early 00s, and the real WIPO trademark system won. A number of people who had squatted the names of famous companies in hope of extorting a payout were disappointed.
"You can tell it's not property because the one thing that's guaranteed to result in losing a domain is failing to pay the fees."
Don't pay your property taxes and you lose your property. Courts have argued that domains are property countless times, and they are treated absolutely as such. They are in the sense of contract law, with rights and grants, but obviously are a virtual good, of sorts.
"The idea that first registration entitles someone to (a) waste a finite resource forever and (b) sell it at arbitrary prices later was fought out in the early 00s, and the real WIPO trademark system won."
I specifically excluded trademark infringement, so why are you arguing that case? But yes, someone can "waste a finite resource forever" (by paying the same fee that a "useful" use of it would). Those are the rules of the game.
That may be true according to the current authorities running the show, but clearly those rules are far beyond their useful lifetime now. For practical purposes, domains often function as a primary form of identification, for websites, email and other functions. Both the domain registrant and anyone trying to reach them have a reasonable expectation that the identity in question will not silently and suddenly be changed, a huge amount of everyday activity now depends on that expectation, and the consequences of violating it can be severe. We are well past the point where such critical infrastructure should not be in the hands of private businesses or individuals without sufficient regulation to safeguard the common good.
I don't think anyone disagrees that those are the rules we have. I think everyone who actually creates websites thinks those rules are not working as intended and should be changed.
I refuse to believe that having speculators pay for thousands and thousands of empty domains is "working as intended".
well, yeah, I get that. I spent 3 months trying to come up with something decent for the last one, and it did drive a lot of imaginative thinking about the brand, which was actually useful.
I'm more thinking of the waste and expense. Clogging up infrastructure with utterly useless "holding pages". People spending vast amounts in registration fees in the hope of getting that big win. And that big win being at the expense of a company that genuinely needs the name but is forced to spend massively more than it needs to in order to get it.
If this was what was intended, then whoever designed it was evil.
Also a corporation is a person because judges have ruled that too.
I certainly agree that opinions can differ whether various things (e.g. intellectual property) should be called property or not. But personally I don't like the dilution of the concept. "Ownership" of a URL is more like a contractual right.
As for your home/land, if you don't pay property taxes the govt may begin a legal proceeding to seize it which must satisfy the usual checks and balances when the govt wants to violate your rights. Then they probably auction it off and the balance minus your back taxes goes to you. The point is you have real rights. Meanwhile your domain may be worth a million bucks at auction but you aren't getting squat because you forgot to pay the $12 fee, or violated some other detail in the contract.
> You can tell it's not property because the one thing that's guaranteed to result in losing a domain is failing to pay the fees.
There's a sibling comment that points out that courts recognize it as property, and certainly trademarks are a similar "property" that requires active enforcement.
But while the law is a good authority because they've gone through many disputes and have had to work out good arguments, I don't think it's the final authority; laws can change after all.
That a domain requires upkeep doesn't make it not property. Even in the absence of taxes, your house or any of your stuff requires some degree of upkeep.
But a domain is certainly not chattel, and intangible property always does seem like... not property. (Though, even with tangible property, it feels fuzzy, and that's part of why fences are used to reify borders.)
To my mind, a bigger issue with calling it property is that there's not necessarily a single registry system.
My thought experiment is to ask what we'd do without registrars. We'd all simply advertise our domains to the DNS servers, with all the obvious conflicts that registration is meant to avoid. And we'd have to resolve those conflicts by having the DNS providers agree that a particular advertisment was correct. I think that gets a bit closer to the heart of what "owning a domain name" means.
Owning an agreement with these entities to manage those disputes looks very similar to any other kind of security or bond. It also has qualities of an asset: you can trade it, it's not very liquid, you can derive an income from it by developing things on it, etc. That's why I lean on the side of the "domains are property" camp.
I don't think you have the same understanding of what domain squatting means as most people. Speculative ownership of unused or parked domains is basically exactly what I would consider domain squatting.
I'm not trying to be spicy -- the literal definition of domain squatting is intentional trademark infringement or confusion. Someone else sitting on your grand plan doesn't make it domain squatting because someone else has their own grand plan they want to sit on.
Squatting by definition is illegally occupying property that you don't own, which would be a trademarked term.
e.g. If someone builds a hut at the back of your property, they're squatting. If someone else looks at your property and decides they want to make it a lucrative Taco Bell location, it'd be pretty rich for them to call you a squatter and claim right to it, yet that's exactly what's happening in that incorrect usage.
This is hardly a hill I want to die on, but on HN -- of all places -- I'd expect we'd have a somewhat proper use of terminology.
You're talking about law and legal terms of art, but the conversation is about English. There is often specific legal meaning to terms of art that does not align with the lay definition. I think you are making the case that this is another example of that. I'm not even sure that it is — the US legal term defined by ACPA is "cybersquatting," not "domain squatting. The latter appears nowhere in the text of the bill, whereas the former appears something like 66 times.
No, I'm talking about the literal definition everywhere. Not in some abstract textbook.
"the US legal term defined by ACPA is "cybersquatting," not "domain squatting."
Okay? What is the point of this? The key is the term squatting -- illegally occupying property that is not your own. Calling completely legal, completely compliant ownership of something squatting because you personally don't like it is...well...it's nonsense. It's the dumbing down of terminology.
Why does it matter how far in advance or how speculatively someone took the domain?
If they are indeed different, I would argue that learning of an emerging product and preemptively buying the domain is not cybersquatting but more like IP theft.
Regardless, the point remains that the .com TLD is saturated with parked domains, meaning folks must go to more poorly managed TLDs for reasonably priced domains. Personally, that’s not the way the world should work. A parked domain does not offer value to the world the same way that undeveloped/underdeveloped land does. Indeed, a small store holding its own against gentrified land often provides more value to the community that if it were consumed by public domain. And even with physical property, it is possible to seize underutilized land in the name of public good.
TL;DR: I get that you #define cybersquatting in a way that excludes speculative parking. Not only do I disagree with your definition, but I don’t see how speculative parking or whatever you call it is reasonable.
I'd argue that a "buy this domain! offers start at $1500" parking page and no e-mail or other DNS records set up, over years, is a pretty good indicator you're not actually using a domain.
Also the fact that you exceed some personal limit (or limit per legally registered company), let's say 25. For example, the general case we're all talking about, a company with 10,000 domains on sale for minimum bid of $2,500 would exceed 25 and would have to pay the penalty on all but the first 25.
This is such a self-defeating effort, but I don't define it that way, most everyone does. Because the root -- squatting -- refers to occupying someone else's property. This isn't a point in debate -- a quick search verifies that every single authoritative source seemingly in existence is in agreement with me.
"And even with physical property, it is possible to seize underutilized land in the name of public good."
That is an extraordinary action that happens incredibly rarely and is extremely contentious. It does happen, but it's certainly not comparable with "I got an idea and I want that domain".
And let's be real here -- those domain resellers usually sell the domains they are "squatting" [sic] on for an absolute _pittance_. If a couple hundred dollars is what ruins some great startup plan, I'm going to go on a limb and say it wasn't such a great startup plan.
Indeed, what most people want is to say "Hey that's unfair that he's parked on that! Let ME park on that and sit on it indefinitely because I've got a Great Idea that I'm going to get around eventually". That's what 99% of the parked domains already are.
> I would argue that learning of an emerging product and preemptively buying the domain is not cybersquatting but more like IP theft.
Or how about investment? If you can see the future, pay for the valuable domain before it's valuable, then get your return by selling it to the company that wants it. Isn't that quite a lot like giving money to the company in exchange for a share of the profits? The risk is that you might misjudge and waste money on worthless domains, just like traditional investing.
In investing you control real resources that you offer to the company to further their goals in exchange for future gains. When you squated on a good name you seized an opportunity from them by registering a name you had no use for for a legally defined minimum fee and demanding payment for something you had no use for ensuring they must pay someone hundreds or thousands instead of the legally defined minimum fee.
It would make more sense to let registrars charge what they please instead.
It's the opposite of investing. Squatters aren't providing value they are pure parasites. People are most apt to learn of the parties smartly chosen name not through their marketing but via being the second person to come up with it and learning they must pay the squatter.
It matters because the startup hasn't chosen their name yet (and presumably will check available domains before choosing a name because they're not fools). It's pretty much the same as land speculation. Don't found a business and claim your address is an empty lot you saw downtown under the assumption that this is freely available land.
Fascinating. The NameCheap CEO is in the replies, and seems to be saying that the registration was pulled at the registry level for some "perceived violation or legal request" -- I'm kind of curious regarding what protocol is for these kinds of situations, and how much they vary from TLD to TLD. I think about the once-popular .ly TLD becoming less popular after instability hit Libya, but I'm curious about what the other case history is here.
I work at a registrar and as far I know there are no protocols. We are an intermediary between the registry and registrant (in those TLDs which have a registry/registrar/registrant model), but the business relations involved are a bit more complex. The registrar's job is mostly set to only handle the technical and billing aspect, while the legal relationship is between the registry and registrant. Who owns a domain and which registrar handled the billing and technical aspects is a legal decision which is outside the control of the registrar.
The variation between TLD and TLD is massive. Practically all ccTLDs have their own home made rules and more often than not their own technical solutions to match. A big reason why the more exotic ccTLD's can cost a lot of money is the hoops that registrars need to jump through, both legal and technical, and the "workarounds" for both.
There are even ccTLDs like .af (afghanistan) where the root zonefile is edited by hand for every new domain, in this case by some persons at the "ministry of communications" in kabul.
For the curious, NIXI is the "National Internet Exchange of India", a government non-profit in India. INRegistry, the organization responsible for the .in TLD, was created by NIXI and operates under them.
I had this happen to a .com domain I own, also at Namecheap.
In my case it was actually a trademark infringement legal action. My domain got listed as hosting a site that sold knock-off sunglasses[1] . The plaintiff in the case got a court order to transfer all the suspected domains to them, a list of about 1,000 domains. I got no notice, my domain just suddenly disappeared.
I had my lawyer contact the plaintiff, in which we apologized, told them we had no idea this had happened, and promised to up the security (in reality I just nuked the WP site.) About a week or so later they transferred the domain back. For me this was annoying and cost a few hundred bucks in legal fees, but not that big a deal. Obviously not the case for Susam.
[1] My (largely abandoned) self-promotion Wordpress site got hacked, and was used to host an e-commerce site. Weirdly the domain was ${my_real_name}.com, hardly an obvious choice for selling knock off sunglasses.
I actually think wordpress has contributed significantly to the decline of the web. It's not secure. It proliferates so it's easy to hack. It's easy to embed untested plugins in it that are also vectors. It's plagued by all the same problems as microsoft windows.
If someone steals your domain registration, they can then change the MX records and start receiving your email. In some scenarios, I think that could be a more serious consequence than the website being down or replaced.
Same reason that deliberately letting domain registration lapse for a domain that was used widely for email is a scary prospect.
This is a malware takedown. And must definitely have happened at international law enforcement level.
NIXI is regulated by Indian law and is the cctld registrar of .in . The domain records show a registry lock and the new owner being "The Verden Public Prosecutor's Office".
More or less in a lot of countries with fishy legal system you have zero protections with their .cctlds. Even then the courts might rule that the name is not property or whatever.
In a lot of countries you will lose the name if the well connected person there wants. They'll find a justification that doesn't pass any smell test but you're out of luck. Nothing, absolutely nothing can be done. So use them, but be prepared to lose your names. Everything is fine, until it isn't.
The same thing happened to my .cm domain with Namecheap a few weeks ago. They were eventually able to recover it. But there was no communication from them for quite a few days.
In order to reduce risk I really wouldn't recommend running any service that hosts any user content on the same domain and TLD you host your personal stuff.
I've sometimes wondered if it would be worth getting something like 4e4eee247a69fab841ec36eabc95eee9.com [1] and only using it for email hosting to host my contact emails and for my other services.
The idea is:
1. By having no other services on it that minimizes the chances that it could get hacked and used for nefarious purposes that might get it seized by law enforcement.
2. By using a meaningless name like 4e4eee247a69fab841ec36eabc95eee9 there is no chance someone will come along with a trademark claim or an accusation that I'm squatting on a name that they have a better claim to.
I just bought a .in domain for a side project and was a little worried about this sort of thing being possible based on my experiences with registration.
> I've always wondered why so many people are using .io domains (and now .ai domains).
Most people do not know the difference between gTLD and ccTLDs. They think .io and .ai are just like .com. Registrars like Namecheap ought to do a much better job informing their customers about the risks of using ccTLDs.
It's about more than just legal jurisdiction. gTLDs are required by ICANN to adhere to certain standards whereas ccTLDs are not. As a result, the majority of ccTLDs are incompetently and/or capriciously operated.
.de has quite amazing protections for a TLD, and if you forget to renew, it won't automatically lapse, but will be "in transit" for 2 weeks until you decide what to do with it.
Registrars also can't just change owner data, or move a domain between registrars easily, that requires a two-factor authentication.
That's a bit of a different situation though. They were illegally running a gambling operation in the United States at a time when that wasn't legal, and they lost a lengthy court case to that effect. The domain seizure was incidental.
Contrast with the situation in the linked post, in which a .in domain was randomly seized without warning, and crucially, without due process. Bodog had the benefit of due process.
If I could magically put this at the top, I would.
There are other options, but they require hosting on overlay networks, and running your own name servers. But then people must install suitable gateway routers to reach your sites. Those can be VMs, but it's nontrivial for most people.
malware is my guess. New registrant is The Verden Public Prosecutor's Office which shows up on:
"Over the following years, the Luneberg police and the Verden Public Prosecutor’s Office, in combination with the BSI, FKIE, BFK, and numerous other law enforcement and industry partners, continued investigating the Avalanche network, discovering a massive operation responsible for controlling a large number of compromised computers across the world.
The OP here is also the author of MathB.in, a popular math pastebin. He has decided to shut down MathB.in now as a result of this incident. Quoting from http://mathb.in/6 below:
> I have considered shutting down this website several times in the past. But when another of my domain, susam.in, where I used to host my personal blog (archive) was seized and transferred to a law enforcement organization without any notification or authorization, it was the last straw. I do not wish to spend my weekends worrying about spam and unlawful content. I do not wish to maintain constant vigilance on my online servers to maintain ownership. It consumes time, more time than I can afford.
This is sad for WWW. We need more independently run websites, not less. The web of early 2000 is rapidly disappearing.
It's time for a new search engine -- and no, ddg is not it. We need a search engine that doesn't search the new internet. The instagrams, the pinterests, the wikihows, the seemingly every single blog on the internet that is designed to take your time away from you by hydrating you in droplets between sweat lodges.
We need create a new internet on the internet that does not search the new internet. DDG brings back content from the same sites google and bing does.
I want a new search engine focused on the passionate creatives who produce for the web. The early adopters of the web who have been overshadowed by the adwords and the interstitials and lightboxes.
I want content. I want a recipe site with the ingredients at the top and a list of instructions below it. Not 6 paragraphs of why you want to eat this food because of your grandma making it and then people come NO, just tell me what to put in it and how to do it and that's it and load in .1 seconds instead of 100 seconds and then stall every time I try to scroll because you need to tell your advertisers which part of your page is looked at the most.
Your advertisers are more important than your readers and it's not cool.
> I want a new search engine focused on the passionate creatives who produce for the web
Serious question: Do you think the 'old Internet' still exists to such a degree? I'm not just talking about link rot (although most of my links from a decade ago sadly no longer work), but also things like outdated content, like a car review of a 2010 Toyota.
I don't know if the old internet exists anymore, as much as I want it. Sure, we are at an old internet site right now (Hacker News), but what more?
I think it does, the signal is just overwhelmed by the commercial internet. I imagine the number of creative, interesting people who publish their content is approximately linear growth, while the number of ways the commercial internet tries to "reach out" and expand is geometric.
I would. I know that because I spent a lot of time on the internet in 1992 and 1993, when the vast majority of internet content was produced by people not expecting any monetary reward.
Today we have the concept of "user-contributed content", which means content produced without expectation of monetary reward, then uploaded to a site operated by an organization with an expectation of monetary reward. In 1992 these for-profit organizations did not exist: the services through which people accessed the content were created and operated without expectation of monetary reward, too.
It was glorious. There are some valuable content and valuable services that weren't produced in 1992 and would not be produced in the future if it became impossible to profit from producing it, so I don't want to remove the profit motive from the internet. But search results from Google (and its competitors) are now almost completely dominated by for-profit actors, and I agree with grandparent that we need a new search engine that essentially specializes in content produced without expectation of monetary reward.
> 1992 and 1993, when the vast majority of internet content was produced by people not expecting any monetary reward.
I don't have any figures - that would be interesting - but I guess even today the 'vast majority of internet content' is produced not expecting any monetary reward. It depends how you count the stuff what exact figure you'd arrive at. 99.9% seems closer to what it might be than 50%. Maybe I'm super-wrong about that.
Good point. The big difference between 1992 and today is the profit-seeking middlemen between the reader and most of the user-contributed content. These middlemen show ads, track people, require people to sign in and force people to shift their attention to the task of getting rid of modal dialogs (e.g., "sign up for our newsletter") before they will display the user-contributed content. They make it hard for the reader to concentrate on the current web page by showing many links to other web pages on the site or on the sites of the middleman's commercial partners. (Even Stack Exchange, named by another comment in this thread as one of the good middlemen, does that.) In contrast, navigating Usenet and the web of the 1990s was a lot more streamlined; to a greater extent than is possible today, a reader could stay focused on the user-contributed content or on his or her reading goal.
Of course there are middlemen today like Hacker News and Wikipedia that pretty much stay out of the reader's way, but they are the middlemen for closer to 0.1% of the user-generated content than 50% of it.
Very graceful disagreeing, thank you! I appreciate it. I have a book called Talking Philosophy that says that when a philosopher at Oxford wishes to express disagreement they say "Quite. But at the same time...", and that one in Sydney says "Bullshit!" p.s. I'm in Sydney :-)
Yeah this is an important question. A big reason why the internet is the way it is today is because creating and updating quality content takes time and a certain amount of skill, which most people want to be compensated for.
Stack Exchange is a private, profitable business. Wikimedia Foundation collects a hundred million dollars in donations each year and spends 40% of it to keep functioning. The contributors are effectively volunteers supporting these companies, which is a lot different than running your own site or channel and pumping content into it regularly.
It's not just sad or inconvenient for independent websites, it could lead to identity theft. I've got my own domain name specifically to not be dependent on the whims of Google or my ISP. I control my own email domain, or so I thought. If someone can take my email domain like this, they can also it access all sorts of sensitive information.
The internet really, really needs to be more reliable than this. Losing a domain name for an unknown reason should be impossible. Also, losing a domain name by accident should be a lot harder.
> This is sad for WWW. We need more independently run websites, not less. The web of early 2000 is rapidly disappearing.
Its still there, but there is a lot less of it.
Recently I've decided to go back to ownership of my music and rebuild my old (~20 000 track) collection. Some of the stuff is rather obscure so I end up on niche blogs with pixelated-animated favicons, no weird whitespace and sometimes almost bare HTML. Definitely makes for nostalgic feelings..
Because you'll try to put something up and you get flooded with spam/hacking attempts and whatnot
Because registering a domain, deploying wp, etc if not so trivial
Gmail and other "big email providers" are needed since there's no litigation against email abusers, and there's a constant flood of crap to the spam folder
Walled gardens are surely problematic but they're less trouble than going independent.
It's easier than ever to built the web of 20+ years ago. Running a VPS with PHP where you had to patch the server and worry about hackers and malware has always been a concern, this is nothing new. But on today's web you can get around all of that with PaaS solutions like Heroku. $7/mo and you can host your custom site all you want without worrying about security or infrastructure.
A domain being seized by law enforcement for hosting illegal content (even if it was put there by hackers) is nothing new and has nothing to do with the state of the modern web.
It is not easier. If you don't host your website behind cloudflare it can be easily ddosed.
The only way to get good ddos protection is to centralize because it requires you to have close personal relationships across the world in order to get good bandwidth at every location.
You could be. But you won't be. Getting denial of serviced on the web running a personal site is like getting attacked by terrorism. Sure, it happens, but it only ever directly effects the lives of less than half of a percent of people even with the most generous definitions of "terrorism". It's the reactions to it that cause damage.
And it's the same reactions to it on the internet that hurt and not the DoSes. Just run your website. If it gets DoS'd no big deal. It's not like you even need a single nine of uptime consistency.
I've run my for 20 years from my home connection, I've been a jerk on IRC, I've used it for gaming clans, I've hosted and continue to host tor onion services. I have never been DoS'd.
At all my past jobs we've been hit with DDOS (either directly or indirectly via our customers). If the odds are like terrorism I must work at firms with the world's unluckiest businesses.
There are a lot of people in this thread who have very valid complaints about the web, but don't make any sense at all in context. This one is a great example. Sure DDoS sucks but what at all does that have to do with the difference between today's web and the web of the 2000s? Today's web offers DDoS protection (optionally) and the web of the 2000s did not.
The first DDoS happened in 1996. Absolutely nothing to do with the current topic at hand, completely off topic.
It is way easier to ddos a website today than back in the 2000s. Back in 2000, you could block almost every ddos simply by having gigabit. Now there are millions of more exploitable devices.
I always take those speeds with a grain of salt as it is likely that they dont actually provide those speeds. What is someone gonna do if the speeds are wrong? Sue them in court for not commited the crime they are paying to commit enough?
Was the Web of the 2000s really based on completely decentralized ISPs, registries, and hosting providers? I was there and I seem to remember there being a small number of ISPs, a small number of registrars, and a small number of hosting providers. A site like this would be registered at GoDaddy and hosted at DreamHost.
Of course many people could fill out the ICANN paperwork themselves and run a server from their own home, but many people can do that now too. And if you do that, you still run into the issue of hackers being able to install malware on your systems. But instead of the police seizing your domain, they kick in your door in the middle of the night with guns pointed at your family.
Maybe it would clear things up if you could lay out for me the exact scenario that combines "the web of the 2000s is rapidly disappearing" with "registrar, ISP, and hosting provider centralization is the issue" and ends with "if that wasn't the case, this website would never have had to shut down". I feel like you're remembering the web of the 2000s very VERY differently than I am.
In the early 2000s there were probably 10-20 national dialup services, plus tons of local services (it was an easy business to get into, either get a t1 for upstream internet and a t1 for your modem pool, or run a radius server and contract out through megapath), dsl had competition with clecs running in the central office and mandatory line sharing, and these were also in competition with cable (which had some minimal line sharing in areas).
There were a ton of hosts back then, but there still are. I don't remember exactly when registrars became a concept, i'd guess that might have been 1999 though; I don't think there's that many more or less now. A lot more registries with .ninja and .bike and whatever.
I agree though, if law enforcement wanted your domain back then, it would be about the same as now. Although, maybe someone would have called/emailed you about it with whois contacts back then.
Sorry, one of my pet peeves is when people say "the Web of [insert time here] is dead!" when the Web has never been more accessible both from a consumer standpoint and from a developer standpoint. The existence of Facebook and Google can be completely ignored if you actually want to. Emphasis on if you actually want to.
85% of Americans live in urban areas where they would have at least the choice of one cable provider (Comcast, Charter), one DSL provider (AT&T), all of the satellite providers (HugesNet), and at least the big four cell phone providers. Not to mention local dial-up providers which do still exist.
Again, it all comes back to the idea of some people "wish" the web of the 2000s still existed, but aren't willing to sacrifice the comforts of the 2010's web to make it happen. You can host your own lightweight website but Wordpress and Facebook is easier. You can search the web without tracking and Javascript but the modern websites don't work without it. You can pick from a huge variety of ISPs but they won't all be at 100 Mbps. Basically, you can have the web of the 2000s, but it comes at the cost of some of the conveniences of the 2010s web. A lot of people aren't willing to make that trade.
Nostalgia is hard. It seemed amazing back then but not many people would choose to go back to dial-up and phpMyAdmin. For those who say they would... what's stopping you? It all still exists today.
The domain susam.in has been transferred back to me. I've updated the original Gist post with recent updates on why this issue occurred and how it was resolved: https://gist.github.com/susam/3cb42e571c4ab12987b286791bdfe9... (see the "Updates" section).
Summary: The Shadowserver Foundation contacted me by email and informed me that my domain name was sinkholed accidentally as part of an operation they were performing. They have now examined my domain name and found that my domain name should be excluded from their operation. They worked with NIXI to transfer the domain name back to me.
Thank you, everyone, for your support as well as for the great quality of discussion on this thread.
Capitalist interests prefer less competition, the end goal is monopoly. People are trying to raise the prices of .org domains too, so I feel like a hammer is about to fall as far as the practical level of involvement and presence on the internet goes for individuals the world over. Keep an eye on the canary in the coal mine, or even deploy several of them.
Sad, but also promising.
Our WWW was only V1 of the people’s internet. There will surely be another, more radical in its decentralization.
I love the WWW, but I don’t mind if Capital will take it. They’ve already ruined much of it... the ads, the surveillance, SquareSpace’s cookie cutter stores, ES6, Webpack, etc. Erasing everything that was good about the old days.
I think the original (down-voted) poster meant that DNS should be decentralized to something more than 13 servers, from which any government can decide to seize a domain. A decentralized DNS system would improve free speech, and it would help with due process when it comes to the involvement of law enforcement.
There are 13 well known logical servers (~1000 physical) but they all synchronize the root zone from ICANN just as anybody can https://www.internic.net/zones/root.zone
you are exactly right and this is the reason that DNS will eventually move to the blockchain. As with money and bitcoin, the internet isn't truly free until this happens
It amazes me that anyone with any awareness of how much Bitcoin has been lost or stolen (to name just one issue) can demonstrate this kind of magical thinking.
It's all been lost by third parties, though. Any idiot can make a pretty webpage advertising BitCoinBank and all the best thieves in the world can try to break in.
Sadly, no. In addition to the hive of scum and villainy that are Bitcoin exchanges and other ecosystem players, there are a thousand stories of first-party losses. https://www.wired.com/story/wired-lost-bitcoin/
I didn't consider user error because if we apply that objectively we'd have to say that standard fiat currencies don't work because people routinely lose cash to loss, theft, fire, flood, etc.
My point with bitcoin is that bitcoin itself works as advertised. But like gold, directly working with bitcoin requires a good deal of specialist knowledge.
That's why, as with any medium of exchange, you need an infrastructure to manage funds and enable transactions, and the crypto-monkeys are trying to replicate systems that developed over centuries.
Commenters have speculated that the domain was seized by law enforcement due to participation in a malware campaign. The domain in question may have been used by malware that was phoning home, perhaps because the Linode server hosting it was compromised. This stems from the fact that the domain's new nameservers are Shadowserver's sinkholes:
Edit: When querying the domain in RiskIQ, one of the Linode IP addresses formerly associated is tagged with `emerging_threats` and `kaspersky`. Other domains/subdomains associated with the same IP address have similar tags.One such domain is MathB.in, which is a public pastebin. It's conceivable that malware was phoning home by creating pastes on that site.
Susam, I don't have much experience recovering domains in this state, but it's conceivable that Namecheap will be able to put you in contact with someone who can help resolve the matter. However, if there's something like a sealed court order involved, you may find that you're stonewalled at first. I don't know if there's any available recourse for this, especially since this appears to be an international effort.