Blog for hpHosts, and whatever else I feel like writing about ....

Monday, 13 December 2010

Take downs and cleanups: The good, and the rest

I've been involved in take down and cleanups and whatnot for longer than I care to remember now, and along the way, there's always been one constant - the refusal of some hosts/ASNs/registrars, to do their job (i.e. enforce their AUP/ToS) and take action against abuse (and in most cases, to bother replying at all). eNom for example, who for years blatantly ignored abuse and were found to be involved in a bit of it themselves, only taking action when HostExploit publicized it, now seem to have retreated back to silence, as abuse reports are once again, going unanswered and unactioned.

The most recent refusal came from NameCheap, who when informed of abuse via their customers, decided once again not to take action, but instead simply point the finger to everyone else.

There are however, some that do take these issues seriously, and it is these that I am going to focus on here.

You'll remember some time ago, I gave mention to one specific hosting company that decided they wanted the record for the quickest not only to respond, but to take action aswell. That company is FreeHostia, and as of this morning, not only still hold the record for the quickest, but beat their previous record of ~10 mins, by replying to and actioning and abuse report, in ~5 mins or so - fantastic!.

AS29873, "Endurance International Group, Inc." (aka Bizland Inc), recently suspended/cleaned over 50 sites in a single sweep, that had been compromised for use by the Blackhat SEO chaps. Has there been bigger take downs/cleanups? Absolutely - but when you consider the time frame involved, this was much much faster (approx ~11.5 hours between my sending them the report, and their response informing action had been taken). Contrast that with Surftown, who have now been sent e-mails many times both by myself, and others, and have still failed miserably to both cleanup existing compromised sites, and prevent further compromises occuring (tally as of December 3rd was 373 sites compromised in SurfTown IP space, many of which are cases reported to them months ago, such as

GoDaddy also deserve a mention, after previously being amongst one of the most annoying registrars/hosts, due to their major lack of focus on dealing with and preventing, abuse. Over the past 12 months, this has changed dramatically, with the takedown of literally thousands of domains, including a couple hundred of so, owned by a single customer. One man over there, William MacArthur* (GoDaddy abuse dept), since heading the battle against the bad guys from GoDaddys side, is responsible for the complete re-write of their reputation (personally, I hope the board give him a huge raise for that - he's earned it, but I'll settle for their giving him ALOT more staff and resources, as they're quickly crawling up the Top 50 Bad Hosts list (#46 in the 3rd quarter of 2010, #34 now)).

BlueHost also deserves special mention here. Standing at #39 in the Top 50 Bad Hosts in the 3rd quarter of 2010, now dropped to #64 - a major improvement. They've consistently been improving their response times, when it comes to abuse reports. Though their recent AS description name change has me a little curious (previously the AS description was quite obviously, BlueHost Inc - now however, it's Ace Datacenters Inc (still the same company)).

DirectI, once one of the most despised registrars in the world, has over the past few years, gone in completely the opposite direction, drastically improving their reputation by severing ties (remember the RBN/EstDomains?), and putting a major focus on taking down malicious domains (and doing such very quickly), and is now amongst my list of the best registrars to deal with.

Not a complete list by any means, but a list of the best and most improved so far. Hopefully we'll see more improvements from other companies.

Edit 21-12-2010 21:23

I've edited the article to include Williams name, and it turns out he's not actually in charge of the abuse dept (though in my opinion, he certainly should be), so I've removed reference to that

No comments: