We all complain about malware and phishing sites and wonder why it takes so long to take them down / remove the content. Many independent researchers have extreme problems reporting abuse to many registrars and hosting companies.
In the same way as there are good and bad people in the real world, there are good, bad and indifferent domain registrars and hosting companies working in the virtual world.
Lets take ONE example of a “problem” I came up against very recently. If you look at this post. You see a website has been set up with the sole intention of being a fraud site and to distribute malware. The site in question is http://fedexship.us/ and the actual part of the site spreading the malware is http://www.fedexship.us/order-US10293709820.pdf…….jar which is registered and hosted by a US based registrar / hosting company called Namecheap. This registrar / hosting company comes up frequently in searches for cheap and good deals on domain registration and cheap web hosting.
Normally the quickest way to report a website that is obviously performing illegal acts ( like this one) and / or infringing the web hosts terms and conditions of services is to tweet to their support / Social Media team who in an efficient web hosting company immediately press the red alarm button and alert the correct department, who will take speedy action and remove or suspend the domain / website while investigating. Anybody with a modicum of knowledge would see the site fedexship.us/ as a malware spreading site and protect their network by removing it as quickly as possible. About 50% of hosting companies who have a 24/7 social media team work in this way and are to be congratulated on their efficiency in protecting both themselves and the public at large.
In the connected world today, Twitter, Facebook and other social media sites are the easiest and quickest way to contact a company. It is more guaranteed that they see the tweet. Email often gets blocked or lost on the way. Emailing abuse reports is fraught with difficulties, especially when you include the site name in the email. Loads of well set up email servers will block & reject emails that have links to known malware sites in the body of the email. The major antivirus / anti-spam companies are normally much quicker in adding malware spreading sites to their databases, especially using the cloud.
Now you get cases where the site is obviously hacked or compromised. That can be a bit harder to deal with, but again a responsible hosting company will quickly suspend the site to prevent the spread of malware ( or phishing scam ) . They then work with the affected customer to clean up the site and hopefully prevent further intrusion and compromise.
Now lets get to the other 50% which tends to include several of the major hosting companies, including Namecheap and Godaddy being just 2 examples. If you tweet, you sometimes get a reply saying go to our support site and open a ticket. We cannot deal with abuse or support issues via social media. I really don’t know why they have a social media presence except to tick the right boxes.
In this case I tweeted and was advised to submit a ticket at https://support.namecheap.com/index.php?/Tickets/Submit which I did albeit 2 days later, because I have not been in front of a computer for the last 2 days.
To my absolute shock and horror I received this email in reply to the submission. They have created an account for me to check on progress of the report and emailed me a password in plain text. Do they not know the risks of sending passwords via email. Anybody could get hold of that password. I might have been using a throwaway email address on one of the sites where all emails are displayed in full details for anybody to see. ( Many researchers frequently monitor these throwaway email address sites to get new samples of malware & phishing)
Several researchers are having a conversation with Namecheap about the way they store passwords in their system ( and send via email ). I would have thought that any responsible company would have learned from recent compromises and passwords leaked and immediately stopped storing any user name & passwords in plain text
This twitter conversation makes for very interesting reading
I have previously posted about the inefficiencies of Namecheap HERE I am not saying they are a bad registrar or any worse than any other registrar / hosting company out there, just that they have some practices and glaring security vulnerabilities that are quite easy to exploit in their set up. It is all too easy to register a domain with fake or incorrect details with this registrar and with many others. Until we tighten up on domain registration and check / validate all the registrants details fully and carefully before issuing a domain, we will continue to get problems like this one, with spoof, phishing, fake sites spreading malware.