[At-Large] Definition of registration abuse

Derek Smythe derek at aa419.org
Wed Apr 29 12:21:36 EDT 2009 

My reply inline.


Michele Neylon :: Blacknight wrote:
> 
> On 29 Apr 2009, at 11:36, Derek Smythe wrote:
>>
>>
>> And maybe real banks do use shared hosting along with 560 other
>> websites and the regulators allow it.
> 
> Do financial regulators take into account hosting in their checks and 
> balances? I somehow doubt it
> 
> We host a number of banks and financial institutions on shared hosting 
> for the simple reason that they are not transacting online

Agreed. The example I chose deliberately showed the online transacting 
portion as well. These also do not reside on free shared accounts. I 
have been instrumental in many bank audits.

>>
>>
>> It does not take a brain surgeon to recognize a scam, just some
>> experience in the understanding of the scam.
> 
> Well maybe if the people reporting the scams were to send abuse reports 
> in English instead of techno-babble it might help
> 
>>
>>
>> May I challenge you and give you five domains to process by your
>> methods? You decide if they are legitimate, how to process them etc?
>>
>> Talk is cheap, but the victims to these are real.
> 
> And I think you are conveniently missing the point entirely
> 
> If takedown notices etc., are not done properly innocent bystanders can 
> be impacted. If company X's CMS is on a machine with 500 websites and
> the cms is cracked / attacked / defaced which allows a phisher to put up 
> a paypal / Bank of whatever scam site, how would you like to see it 
> handled?

That would depend on the potential harm. Sadly most people do not 
understand the difference between a 419 scam bank and a phishing site. 
Key is careful investigation.

If we talk phishing, most of these are hacks with a few exceptions. 
The immediate step is disabling access to the phish while preserving 
evidence. Most web servers allow that. That definitely does not mean 
the the whole website or server has to go. You may have to disable a 
feature or two to secure the server and prtect your other clients, 
also their potentially private data. I am sure you would agree.

> 
> I suspect you'd want the site offline as quickly as possible...

The compromised site normally not, the phish yes - see above. Of 
course a follow up of how the breach occurred is important to avoid a 
repeat.

> 
> Reality check - the hosting provider can't just pull the plug
> 
No, however if the provider is happy he has sufficient evidence of the 
scam, he has his ToS/AUP to disable the scam site or contents. If he 
fails to enforce that, we can expect the one scam to become two, four 
eight ...

>>
> 
> Mr Michele Neylon
> Blacknight Solutions
> Hosting & Colocation, Brand Protection
> http://www.blacknight.com/
> http://blog.blacknight.com/
> http://mneylon.tel
> Intl. +353 (0) 59  9183072
> US: 213-233-1612
> UK: 0844 484 9361
> Locall: 1850 929 929
> Direct Dial: +353 (0)59 9183090
> Fax. +353 (0) 1 4811 763
> -------------------------------
> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
> Road,Graiguecullen,Carlow,Ireland  Company No.: 370845
> 
> 
> _______________________________________________
> At-Large mailing list
> At-Large at atlarge-lists.icann.org
> http://atlarge-lists.icann.org/mailman/listinfo/at-large_atlarge-lists.icann.org 
> 
> 
> At-Large Official Site: http://atlarge.icann.org
>

More information about the At-Large mailing list