Jump to content

Search the Community

Showing results for tags 'godaddy'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Categories

  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions

Categories

  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 5 results

  1. A federal court in Seattle has clarified that all third party intermediaries must cut their ties to a group of Nintendo 'piracy hack' stores. The order was prompted by GoDaddy's refusal to transfer the Stxwitch.com domain to Nintendo. While the new order applies to any “variant or successor” of the stores, it's not clearly defined what this actually means. Nintendo is doing all it can to stop the distribution of piracy enabling hacks and modchips, including SX Core and SX Lite. Earlier this year, the company sued a group of known ‘offenders’ that sell these tools. After the stores failed to show up in court, Nintendo requested a default judgment and permanent injunction, which was granted soon after. Injunction ‘Shuts Down’ Modchip Stores The injunction was a clear victory as it allowed the Japanese gaming giant to shut down several sites, including TXswitch.com, SXflashcard.com and Axiogame.com. These domain names were later transferred to the company as well. That success wasn’t permanent though. While some stores may have vanished permanently, others have continued under new names. In the case of Txswitch.com that was pretty obvious. A day after Txswitch.com was pulled offline, the store made a comeback on Stxwitch.com. This site looks nearly identical to the old one and even uses the same logo and code. GoDaddy Refuses to Take Down New Domain This type of ‘domain hopping’ is common in pirate circles and Nintendo was somewhat prepared for it. The injunction includes a section which states that “any variant or successor” of the stores is also covered, so Nintendo swiftly asked domain registrar GoDaddy to suspend the new domain as well. However, GoDaddy refused. Despite the mention that successors are covered, the domain registrar requested a new court order which specifically mentions Stxwitch.com. To resolve this standoff Nintendo went to court again, requesting clarification, which came this week in the form of a new order, issued by US District Court Judge Thomas Zilly. STXWITCH.COM Has to Go Offline “STXWITCH.COM is a ‘variant or successor’ domain name as that term is used in the Judgment,” Judge Zilly writes, stressing that all intermediaries have to cut their ties with the site. “Defendants and all third parties acting in active concert and participation with Defendants, including registrars, are ENJOINED from supporting or facilitating access to STXWITCH.COM, and are ORDERED to cease to use the domain name STXWITCH.COM and immediately transfer STXWITCH.COM to Nintendo’s control.” At the time of writing the store is still online, but with this order in hand, that likely won’t be the case for long. However, that doesn’t mean that it can’t reappear under yet another new domain. All ‘Variants and Successors’ are Covered If that happens, Nintendo doesn’t have to go to court again, Judge Zilly clarifies. GoDaddy and all other domain registrars, registries, and other intermediaries will have to take action against sites operated by the defendants, no matter what domain they use. “For avoidance of doubt, the Court’s Judgment applies to all domain names controlled by Defendants through which Defendants engage in the conduct found to be unlawful in this lawsuit, whether or not the exact domain name is explicitly listed in the Judgment,” the order reads. While this sounds very clear and obvious, it does raise some questions. When is a new domain a ‘variant or successor’? Questions Remain In the case of Txswitch the similarities were rather striking, as the same code and design were used. But what if Nintendo ‘suspects’ that the defendants are making a comeback from a different domain with a different look? What evidence does Nintendo need to show that a new domain is a ‘variant or successor’ and is it then up to a company such as GoDaddy to ‘judge’ whether this is enough? These are all hypothetical situations but it is likely that GoDaddy refused Nintendo’s initial request because they don’t want to be the arbiter. Future refusals will come at a price, however, as Judge Zilly ruled that failing to comply opens the door to punitive and monetary sanctions. Legal uncertainty aside, this order doesn’t necessarily end the ‘whack-a-mole.’ There are plenty of foreign registrars and registries that don’t fall under the jurisdiction of US courts. Some of these will demand a local court order from Nintendo, which will start the process all over again. TorrentFreak reached out to Stxwitch to ask what their plans are for the future. We have yet to hear back, but at the time of writing, they are still accepting new orders. — A copy of the order from US District Court Judge Thomas Zilly is available here (pdf) Source: TorrentFreak
  2. Nintendo has asked a US federal court to clarify that domain registrars have to take action against new domains of online stores that sell Team-Xecuter modchips. The request comes after GoDaddy refused to transfer the domain name TXSWITCH.COM to Nintendo, as that name wasn't specifically mentioned in the existing injunction. Nintendo is doing everything in its power to stop the public from playing pirated games on the Switch console. Their major adversary is the infamous ‘hacking’ group Team-Xecuter, which released ‘jailbreak’ hacks and modchips for the popular game console. Criminal and Civil Lawsuits Last month, the US Department of Justice indicted three alleged members of the hacking group. This was a big move, but one that failed to take the group, or even its website, out of business. The same can be said for several online stores that sell modchips and hacks for the Switch and other consoles. As part of a civil lawsuit, filed by Nintendo earlier this year, a federal court in Seattle granted an injunction that required several foreign stores to shut down. Again, this was easier said than done. Since the store operators ignored all communication, Nintendo asked their domain registrars to transfer the domain names, as permitted by the court. This is precisely what happened. A few days after granting the injunction, Txswitch.com and other domains were signed over to the videogame company. ‘Hack’ Store Hops to New Domain However, a day later Txswitch already appeared to have made a comeback, operating from Stxwitch.com. This site looks nearly identical to the old one and even uses the same logo and code. This type of ‘domain hopping’ is common in pirate circles and Nintendo hoped that the registrar GoDaddy would take the new domain down as well. This would be in line with the injunction, which states that “any variant or successor” was also covered by the order. Godaddy Demands Detailed Order In the event, GoDaddy refused to take action without a court order that specifically spells out the new domain name, a new filing by Nintendo explains. “Nintendo requested that the STXWITCH.COM domain be immediately transferred as a successor or variant of TXSWITCH.COM pursuant to the Judgment. GoDaddy responded to outside counsel for Nintendo stating that they required the domain name to be listed in an order to take action,” Nintendo writes. The game company requests the court to clarify that, if new copycat sites appear, these are covered by the existing injunction. As such, registrars would be required to take action without a separate order that specifically mentions the new domain. Putting an End to the Whac-A-Mole Without such an order, pirate sites will continue to move to new domains, which means that the court has to keep issuing new orders, creating a whack-a-mole situation. “Nintendo is concerned that absent such further clarifications of the scope of the Judgment, the Doe Defendants will again domain hop, changing a letter of a domain name, and the cycle will continue to repeat with the registrar contending that the new domain is not specifically covered by the injunction and with Nintendo having to return to this Court,” Nintendo adds. By clarifying that domains of copycat sites and new variants or successors should be transferred to Nintendo, registrars such as GoDaddy will have to take action more swiftly. This doesn’t mean that registrars have to “police the Internet” and proactively scan for new copycats, the company notes, as Nintendo will track down the new domains and report these accordingly. Nintendo hopes that with sufficient clarification from the court it can prevent the piracy hack stores from “thumbing their nose at the court” while frustrating Nintendo’s enforcement efforts. Dynamic Order Isn’t Perfect Either The requested order is similar to the dynamic pirate site-blocking orders we have seen in other countries. While those deal with ISP blocking, they also allow copyright holders to add new domains names that pop up. Given the order that’s already in place, it is likely that the court will grant the requested clarification. However, this doesn’t mean that Nintendo’s troubles are over. There are plenty of registrars and registries that don’t fall under US jurisdiction, after all. So the store may move to one of these next. — A copy of Nintendo’s request for clarification and to enforce the permanent injunction is available here (pdf) Source: TorrentFreak
  3. RUM was opt-in by default but GoDaddy has now promised to turn off the feature -- at least, for now. GoDaddy is injecting JavaScript into customer websites for the purposes of tracking which may slow down websites or break them entirely. According to programmer Igor Kromin, issues with his own website's admin interface, hosted by the popular web hosting service, prompted him to examine the code to detect any problems. Upon investigation, Kromin uncovered the failed loading effort of a JavaScript file, which implied an unknown JavaScript file had been loaded on his website. (Ironically, the issue at fault originally was a Safari bug rather than anything to do with GoDaddy.) While there was little evidence of this file in source code or templates, all of his website's pages were being served with JavaScript. The file in question is from GoDaddy's Real User Metrics (RUM) system, which the company describes as a means to "identify internal bottlenecks and optimization opportunities by inserting a small snippet of javascript code into customer websites." "The snippet of JavaScript code allows us to measure and track the performance of your website, and collects information such as connection time and page load time," GoDaddy added. "We don't collect any user information with RUM. The data we collect allows us to improve our systems, optimize DNS resolution, improve network routing and server configurations." Customers in the United States and those using cPanel Shared Hosting or cPanel Business were automatically opted-in to the service. The collection of metrics and performance data is a common practice for many, and some webmasters will bolt-on their own collection systems in backend systems for increased visibility into how their website is performing. However, GoDaddy publicly admitted that the JavaScript code may impact website performance and so users should be aware of what might be causing slowdowns or outright breakages. "The JavaScript used may cause issues including slower site performance, or a broken/inoperable website," GoDaddy says. The system at hand is based on W3C Navigation Timing and while not a security issue, if website breakage is a possibility, a default opt-in was not necessarily fair or reasonable. Most customers are not expected to be impacted by RUM, but websites involved in Google's AMP (Accelerated Mobile Pages Project) or with pages ending with multiple ending tags might be more susceptible to breaks or slow performance issues. Kromin commented: As noted by sister site TechRepublic, customers of GoDaddy were able to choose to opt-out of the tracking system. In order to do so, they needed to go to myh.godaddy.com, click the "..." button, "Help Us," and "Opt Out." Once this has been achieved, the script is automatically removed from the webmaster's domain. However, this is no longer a requirement for customers. After GoDaddy was made aware of concerns caused by the RUM program, the company has promised to turn off the JavaScript function with immediate effect. A GoDaddy spokesperson told ZDNet: Source
  4. Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others A spear-phishing attack this week hooked a customer service employee at GoDaddy.com, the world’s largest domain name registrar, KrebsOnSecurity has learned. The incident gave the phisher the ability to view and modify key customer records, access that was used to change domain settings for a half-dozen GoDaddy customers, including transaction brokering site escrow.com. Escrow.com helps people safely broker all sorts of transactions online (ironically enough, brokering domain sales is a big part of its business). For about two hours starting around 5 p.m. PT Monday evening, Escrow.com’s website looked radically different: Its homepage was replaced with a crude message in plain text: The profanity-laced message left behind by whoever briefly hijacked the DNS records for escrow.com. Image: Escrow.com DomainInvesting.com’s Elliot Silver picked up on the change and got a statement from Matt Barrie, the CEO of freelancer.com, which owns escrow.com. “During the incident, the hackers changed the DNS records for Escrow.com to point to to a third party web server,” Barrie wrote, noting that his security team managed to talk to the hacker responsible for the hijack via telephone. Barrie said escrow.com would be sharing more details about the incident in the coming days, but he emphasized that no escrow.com systems were compromised, and no customer data, funds or domains were compromised. KrebsOnSecurity reached out to Barrie and escrow.com with some follow-up questions, and immediately after that pinged Chris Ueland, CEO of SecurityTrails, a company that helps customers keep track of their digital assets. Ueland said after hearing about the escrow.com hack Monday evening he pulled the domain name system (DNS) records for escrow.com and saw they were pointing to an Internet address in Malaysia — 111.90.149[.]49 (that address is hobbled here because it is currently flagged as hosting a phishing site). The attacker also obtained free encryption certificates for escrow.com from Let’s Encrypt. Running a reverse DNS lookup on this 111.90.149[.]49 address shows it is tied to fewer than a dozen domains, including a 12-day-old domain that invokes the name of escrow.com’s registrar — servicenow-godaddy[.]com. Sure enough, loading that domain in a browser reveals the same text that appeared Monday night on escrow.com, minus the redaction above. The message at servicenow-godaddy[.]com was identical to the one displayed by escrow.com while the site’s DNS records were hacked. It was starting to look like someone had gotten phished. Then I heard back from Matt Barrie, who said it wasn’t anyone at escrow.com that got phished. Barrie said the hacker was able to read messages and notes left on escrow.com’s account at GoDaddy that only GoDaddy employees should have been able to see. Barrie said one of those notes stated that certain key changes for escrow.com could only be made after calling a specific phone number and receiving verbal authorization. As it happened, the attacker went ahead and called that number, evidently assuming he was calling someone at GoDaddy. In fact, the name and number belonged to escrow.com’s general manager, who played along for more than an hour talking to the attacker while recording the call and coaxing information out of him. “This guy had access to the notes, and knew the number to call,” to make changes to the account, Barrie said. “He was literally reading off the tickets to the notes of the admin panel inside GoDaddy.” A DNS lookup on escrow.com Monday evening via the Windows PowerShell built into Windows 10. Image: SecurityTrails In a statement shared with KrebsOnSecurity, GoDaddy acknowledged that on March 30 the company was alerted to a security incident involving a customer’s domain name. An investigation revealed a GoDaddy employee had fallen victim to a spear-phishing attack, and that five other customer accounts were “potentially” affected — although GoDaddy wouldn’t say which or how many domains those customer accounts may have with GoDaddy. “Our team investigated and found an internal employee account triggered the change,” the statement reads. “We conducted a thorough audit on that employee account and confirmed there were five other customer accounts potentially impacted.” The statement continues: “We immediately locked down the impacted accounts involved in this incident to prevent further changes. Any actions done by the threat actor have been reverted and the impacted customers have been notified. The employee involved in this incident fell victim to a spear-phishing or social engineering attack. We have taken steps across our technology, processes and employee education, to help prevent these types of attacks in the future.” There are many things domain owners can and should do to minimize the chances that domain thieves can wrest control over a business-critical domain, but much of that matters little if and when someone at your domain name registrar gets phished or hacked. But increasingly, savvy attackers are focusing their attention on targeting people at domain registrars and their support personnel. In January, KrebsOnSecurity told the harrowing story of e-hawk.net, an online fraud prevention and scoring service that had its domain name fraudulently transferred to another provider after someone social engineered a customer service representative at e-hawk’s registrar. Nation-state level attackers also are taking a similar approach. A massive cyber espionage campaign targeting a slew of domains for government agencies across the Middle East region between 2018 and 2019 was preceded by a series of targeted attacks on domain registrars and Internet infrastructure firms that served those countries. While there is very little you can do to prevent your domain registrar from getting phished or tricked by scammers, there are several precautions that you can control. For maximum security on your domains, consider adopting some or all of the following best practices: -Use 2-factor authentication, and require it to be used by all relevant users and subcontractors. -In cases where passwords are used, pick unique passwords and consider password managers. -Review the security of existing accounts with registrars and other providers, and make sure you have multiple notifications in place when and if a domain you own is about to expire. -Use registration features like Registry Lock that can help protect domain name records from being changed. Note that this may increase the amount of time it takes going forward to make key changes to the locked domain (such as DNS changes). -Use DNSSEC (both signing zones and validating responses). -Use access control lists for applications, Internet traffic and monitoring. -Monitor the issuance of new SSL certificates for your domains by monitoring, for example, Certificate Transparency Logs. Source: Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others (KrebsOnSecurity - Brian Krebs)
  5. GoDaddy shuts down over 15000 subdomains used for affiliate marketing spam campaigns Most of the products promoted via these scams were brain supplements, weight loss pills, CBD oils, and other dietary products. These promoted products carried fake endorsements from celebrities such as Stephen Hawking, Jennifer Lopez, Gwen Stefani, Blake Shelton, Wolf Blitzer, the Shark Tank TV show, among others. What is the issue - Scammers carried out several affiliate marketing spam campaigns leveraging GoDaddy subdomains and fake celebrity endorsements. What products were promoted - Most of the products promoted via these scams were brain supplements, weight loss pills, CBD oils, and other dietary products. The big picture Jeff White, a security researcher from Palo Alto Networks, uncovered these spam campaigns two years ago. Since then, White has been collecting spam emails and investigating into the scammers' operations. These scammers will send phishing scam emails to targets promoting a product. The phishing emails will include a link, which upon clicking redirects victims to a GoDaddy subdomain hosted on legitimate sites. The promoted products carry fake endorsements from celebrities such as Stephen Hawking, Jennifer Lopez, Gwen Stefani, Blake Shelton, Wolf Blitzer, the Shark Tank TV show, among others. For instance, one of the campaigns stated ‘Stephen Hawking Predicts, ‘This Pill Will Change Humanity’, while another campaign claimed ‘Gwen Stefani Shares Blake Shelton’s Secret To Rapid Weight Loss’. How does this work? According to GoDaddy’s investigations, these scammers gain access to GoDaddy customers’ accounts via phishing attacks or credential stuffing attacks. After gaining access to customers’ GoDaddy accounts, these scammers create subdomains for the customers’ legitimate sites. They then use these subdomains to host product promo pages and carry out spam campaigns. Worth noting - These scammers have compromised almost hundreds of GoDaddy accounts to carry out their spam campaigns. The bottom line Earlier this year, security researcher Jeff White, notified GoDaddy’s Threat Intelligence Team about the subdomains. As a result, GoDaddy took down over 15000 subdomains, reset passwords for compromised accounts and notified the potentially impacted GoDaddy customers. “After writing some new scripts to automate and collect shadow domains for these campaigns and working with GoDaddy’s abuse teams, we were able to successfully identify and shut down over 15,000 subdomains being used across these campaigns,” White said in a blog. Source
×
×
  • Create New...