Blog for hpHosts, and whatever else I feel like writing about ....

Friday, 24 December 2010

Happy Christmas!

It's now 00:00 so officially Christmas day. Whether like me, you're working today, or are taking the day off, I hope you all have a great Christmas!

Saturday, 18 December 2010

hpHOSTS - UPDATED December 18th, 2010

hpHOSTS - UPDATED December 18th, 2010

The hpHOSTS Hosts file has been updated. There is now a total of 123,150 listed hostsnames.

If you are NOT using the installer, please read the included Readme.txt file for installation instructions. Enjoy! :)
  1. Latest Updated: 18/12/2010 14:00
  2. Last Verified: 17/12/2010 16:00
Download hpHosts now!

Thursday, 16 December 2010

hpHosts: Impersonation = flattery?

They say impersonation is the sincerest form of flattery, wonder if ID theft victims believe that?

I happened across a few domains a few days ago, that piqued my interest. They piqued my interest because their Google entry appeared to be a direct copy of parts of the hpHosts site. Looking further showed that actually, they'd not copied the site - they were pointing to it in their A records. Certainly different.

The purpose of their doing this is still a mystery. SEO purposes perhaps? Maybe, but unlikely. Regardless, a small change has been made to the site to at least make it a little more difficult for them to get away with it, and further work is being planned to prevent it in future.

I've already had one of the domains, taken down by the registrar, and have come across a new one today that's not using the A records to point to it this time, The domains identified thus far are;

Date    Domain    IP    Reverse    Description    Registrant    Registrar    ASN    Country
2010/12/17_03:48    -    HICHINA ZHICHENG TECHNOLOGY LTD.    45816    HK
2010/12/17_03:48    -    HICHINA ZHICHENG TECHNOLOGY LTD.    45816    HK
2010/12/17_03:48    -    Wang Guanjie /    XIN NET TECHNOLOGY CORPORATION    46475    US
2010/12/17_03:48    -    lin bamin /    Hichina Zhicheng Technology Limited (R1373-LROR)    46475    US
2010/12/17_03:48    -    HICHINA ZHICHENG TECHNOLOGY LTD.    46475    US
2010/12/17_03:48    -    HICHINA ZHICHENG TECHNOLOGY LTD.    46475    US
2010/12/17_03:48    -    HICHINA ZHICHENG TECHNOLOGY LTD.    46475    US
2010/12/17_03:48    -    shang fu lin /    XIN NET TECHNOLOGY CORPORATION    46475    US
2010/12/17_03:48    -    Qi Kang /    MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE    46475    US
2010/12/17_03:48    -    HICHINA ZHICHENG TECHNOLOGY LTD.    46475    US
2010/12/17_03:48    -    HICHINA ZHICHENG TECHNOLOGY LTD.    46475    US;

As an aside, the next release of hpHosts is in its final prep stage, and should be released within 24-48 hours.

Monday, 13 December 2010

Take downs and cleanups: The good, and the rest

I've been involved in take down and cleanups and whatnot for longer than I care to remember now, and along the way, there's always been one constant - the refusal of some hosts/ASNs/registrars, to do their job (i.e. enforce their AUP/ToS) and take action against abuse (and in most cases, to bother replying at all). eNom for example, who for years blatantly ignored abuse and were found to be involved in a bit of it themselves, only taking action when HostExploit publicized it, now seem to have retreated back to silence, as abuse reports are once again, going unanswered and unactioned.

The most recent refusal came from NameCheap, who when informed of abuse via their customers, decided once again not to take action, but instead simply point the finger to everyone else.

There are however, some that do take these issues seriously, and it is these that I am going to focus on here.

You'll remember some time ago, I gave mention to one specific hosting company that decided they wanted the record for the quickest not only to respond, but to take action aswell. That company is FreeHostia, and as of this morning, not only still hold the record for the quickest, but beat their previous record of ~10 mins, by replying to and actioning and abuse report, in ~5 mins or so - fantastic!.

AS29873, "Endurance International Group, Inc." (aka Bizland Inc), recently suspended/cleaned over 50 sites in a single sweep, that had been compromised for use by the Blackhat SEO chaps. Has there been bigger take downs/cleanups? Absolutely - but when you consider the time frame involved, this was much much faster (approx ~11.5 hours between my sending them the report, and their response informing action had been taken). Contrast that with Surftown, who have now been sent e-mails many times both by myself, and others, and have still failed miserably to both cleanup existing compromised sites, and prevent further compromises occuring (tally as of December 3rd was 373 sites compromised in SurfTown IP space, many of which are cases reported to them months ago, such as

GoDaddy also deserve a mention, after previously being amongst one of the most annoying registrars/hosts, due to their major lack of focus on dealing with and preventing, abuse. Over the past 12 months, this has changed dramatically, with the takedown of literally thousands of domains, including a couple hundred of so, owned by a single customer. One man over there, William MacArthur* (GoDaddy abuse dept), since heading the battle against the bad guys from GoDaddys side, is responsible for the complete re-write of their reputation (personally, I hope the board give him a huge raise for that - he's earned it, but I'll settle for their giving him ALOT more staff and resources, as they're quickly crawling up the Top 50 Bad Hosts list (#46 in the 3rd quarter of 2010, #34 now)).

BlueHost also deserves special mention here. Standing at #39 in the Top 50 Bad Hosts in the 3rd quarter of 2010, now dropped to #64 - a major improvement. They've consistently been improving their response times, when it comes to abuse reports. Though their recent AS description name change has me a little curious (previously the AS description was quite obviously, BlueHost Inc - now however, it's Ace Datacenters Inc (still the same company)).

DirectI, once one of the most despised registrars in the world, has over the past few years, gone in completely the opposite direction, drastically improving their reputation by severing ties (remember the RBN/EstDomains?), and putting a major focus on taking down malicious domains (and doing such very quickly), and is now amongst my list of the best registrars to deal with.

Not a complete list by any means, but a list of the best and most improved so far. Hopefully we'll see more improvements from other companies.

Edit 21-12-2010 21:23

I've edited the article to include Williams name, and it turns out he's not actually in charge of the abuse dept (though in my opinion, he certainly should be), so I've removed reference to that

Rising AntiVirus: We create the viruses we kill!

A well-placed Chinese security official has been given a suspended death sentence for taking bribes in exchange for his role in an antivirus software fraud scheme.

Yu Bing, former director of the Internet monitoring department of Beijing’s Public Security Bureau, had his agency send out a “virus warning” telling the public to download software from the company Rising Antivirus, to combat a particular computer virus.

But that virus was itself devised by Rising Antivirus, who bribed Yu to send out an email to drum up business, according to a Dec. 2 First Financial Daily report.

The case is an example of how corrupt Communist Party officials work hand in glove with private companies to help the latter gain an unfair market advantage, then receive kickbacks for the trouble.

The fact that Chinese software companies create the viruses they fight is an open secret in the industry, and something attested to by Yu. It’s also a sound moneymaking strategy and makes good business sense, according to industry insiders interviewed by Chinese media.

Read more