GoDaddy BendBackwards ForMe
Fyodor is a big name. He gave the world nmap and seclists.org and GoDaddy pulled his domain from under him. It’s not the first domain to be transferred or unlisted. GoDaddy has also previously suspended domains for spam. This is the first time GoDaddy has taken down a big site without a court order and for something besides spamming.
Seclist.org archives a number of security mailing lists. They also happened to archive a post that contained myspace usernames and passwords. Wired mentions that approximately a quarter million pages are archived and none are moderated by seclists.org. It would have been more reasonable for MySpace to contact the abuse email address at seclists.org, that’s what it’s there for. Instead they contacted GoDaddy.
From the seclists site news page …
“Instead of simply writing me (or abuse_at_seclists.org) asking to have the password list removed, MySpace decided to contact (only) GoDaddy and try to have the whole site of 250,000 pages removed because they don’t like one of them. And GoDaddy cowardly and lazily decided to simply shut down the site rather than actually investigating or giving me a chance to contest or comply with the complaint. Needless to say, I’m in the market for a new registrar.”
Giving the customer more than 52 seconds to respond to a voicemail would be a good call too.
Restricting my googling to seclists.org and searching for a few known compromised usernames this morning I was unable to find anything, even cached pages. I can’t find any details on whether or not anything was deleted as a direct result of this takedown.
“Jones pointed out that GoDaddy’s terms of service say the company “reserves the right to terminate your access to the services at any time, without notice, for any reason whatsoever.”
I thought that this was a bad paraphrase by Jones so I checked the GoDaddy Terms of Service. It’s accurate.
“If You have purchased Services, Go Daddy has no obligation to monitor Your use of the Services. Go Daddy reserves the right to review Your use of the Services and to cancel the Services in its sole discretion. Go Daddy reserves the right to terminate Your access to the Services at any time, without notice, for any reason whatsoever.”
It doesn’t mention that GoDaddy has the right to unlist your domain with the root servers.* I hope that EFF will take the case if Fyodor is up to it.
* Edit: GoDaddy didn’t unlist seclists.org, they changed the nameservers.
