[HN Gopher] Phishing domains tanked after Meta sued Freenom ___________________________________________________________________ Phishing domains tanked after Meta sued Freenom Author : todsacerdoti Score : 106 points Date : 2023-05-26 16:42 UTC (6 hours ago) (HTM) web link (krebsonsecurity.com) (TXT) w3m dump (krebsonsecurity.com) | thayne wrote: | The title is a little deceptive. From near the end: | | > Unfortunately, the lawsuits have had little effect on the | overall number of phishing attacks and phishing-related domains, | which have steadily increased in volume over the years. | | > Piscitello said despite the steep drop in phishing domains | coming out of Freenom, the alternatives available to phishers are | many. | talhah wrote: | While freenom did genuinely have issues with spam and the like. | | I must say it played a pivotal role in my life, it allowed me to | do my passion and have a domain name in my early teens when I | couldn't pay for anything. Being able to toy with a domain name | led me down many rabbit holes and led to me trying out self- | hosting and system administration. | | Sad we can't have free things. | nine_k wrote: | > _the free domain name provider has a long history of ignoring | abuse complaints about phishing websites while monetizing | traffic to those abusive domains_ | | If the way to have there things is defrauding others, then they | are not as free as they seem. | | I'd say that a third-level domain is fine for teenage projects; | was fine for me even past teens. | Beached wrote: | can you link me some free third level domain services that | allow full control over all records? while I don't need it | now, in the past I have wanted such a service and was unable | to find them. | VWWHFSfQ wrote: | for $8 a year you can get a regular domain and then have as | many free 3rd level domains with full DNS control as you | want. or do you really just mean free free | TremendousJudge wrote: | based on the top level comment, I guess free free; | something a child without a credit card can use on his | own while playing around | p1necone wrote: | Yeah, the refrain is usually "anyone should be able to | afford $8 a year", but I remember being teenager and even | when I was making an income I still couldn't get a credit | card. It's less about the money and more about the | ability to pay. | 5e92cb50239222b wrote: | You don't really _need_ credit cards, we found ways to | pay for domains and hosting back in the day when we weren | 't legally able to get one (due to being minors). Some | smaller companies accept other ways to pay that can be | used anonymously. I definitely couldn't afford $8 a year | thought, so others were covering that. | ajosh wrote: | Sitelutions.com still offers this. Without a paid account, | the only limitation is the TTL. | nine_k wrote: | "All records" makes an important difference indeed. I | mostly thought about web projects where you need A / AAAA | and CNAME. I do remember that I had access to MX and TXT at | some free provider around 1995; GeoCities? Can't remember. | TheFreim wrote: | Same here, running little websites using a free hosting | provider and a tk domain was a great experience. | davchana wrote: | I recently recovered password for my 2002 era davinder.8m.net | free website. It is still hsoted all these 20 years for free. | lathiat wrote: | Yes! My freeservers site from the same era (2000, when I | was 15 ) is also somehow still alive. I don't have the | password though. So I cannot fix the error haunting me for | all time that I listed Generations as a TV series of Star | Trek rather than a movie. | | http://stvoyager.iwarp.com/ | | I'd love to know how/why they've managed to keep all of | those alive so long. I am very appreciative but equally | surprised. | 5e92cb50239222b wrote: | I am still using a couple of .cf and .tk domains for semi- | serious mail, haven't had any issues with delivery. | throwawayadvsec wrote: | that's actually really weird | jeroenhd wrote: | These domains apply a serious bonus to spam scores, but if | you do everything else right (send a normal but not too | large amount of email, get your mail server from a domain | with high reliability, set up SPF/DKIM/DMARC/etc.) you | shouldn't fall below the spam line in most spam filters. | seszett wrote: | I have mixed feelings as well, for the same reason, but I find | it absolutely terrible that the citizens of Mali, RCA, Gabon, | and Equatorial Guinea have basically been robbed of their TLD | by their (mostly failed) governments. | nubinetwork wrote: | I wish they would do .cc next. I see a lot of spam from them on | my personal mailboxes. Followed by all those google gtlds. | throwawayadvsec wrote: | Note: they "stopped phishing" by basically forbidding almost | anyone from registering a domain, I've been trying to get a new | domain there for months without success | GordonS wrote: | Existing domains stopped working too, I lost the one I've been | using for 10+ years :( | | The most annoying part is there has been zero communication | from Freenom - not a single email. They also never replied when | I asked what was going on. | obituary_latte wrote: | Now I just wish Google would get googleusercontent.com and | googleapis.com under control... | caretoelaborate wrote: | What's going on here? | IMSAI8080 wrote: | Any phishing domain in my spam folder is NameCheap 9 times out of | 10. | eli wrote: | Isn't it the biggest after godaddy? | IMSAI8080 wrote: | No idea. It might just be they are lower priced than other | places that attracts miscreants wanting domains in bulk. | paulpauper wrote: | It's funny how meta actually takes spam somewhat seriously, | unlike google. | amerkhalid wrote: | I was about to order something from a website[1] that showed as | first page result on Google Search. | | Spending couple of minutes on the site, it became obvious that | it is a scam website. Confirmed further by another search on | domain[2]. I wanted to report it but there is no easy way to | report this. So I gave up and hope no one falls for it. | | [1]: https:// littletikes . savemoney . store [2]: | https://forums.dansdeals.com/index.php?topic=119138.0 | eli wrote: | You can report phishing sites really easily here https://safe | browsing.google.com/safebrowsing/report_phish/?h... | | Or alternatively report an abusive google ad here | https://support.google.com/ads/troubleshooter/4578507 | jeroenhd wrote: | Every third of fourth technical Google search I try lists | about 10 to 20 fake sites. Many of them using .it for some | reason, but there are plenty of other TLDs with this | problem as well. At this point I'll click a .biz before I | click a .it. | | I'm not going to report hundreds of domains every month. | Google needs to get their crap together. | | The same is very much true for other parts of Google as | well. Youtube comments are hilariously full of spam. | There's a pretty good tool out there to get rid of the | spam, which just runs the comments through a basic spam | filter, but for big channels you can't let the tool run for | too long because of API call limits. | paulpauper wrote: | And likely nothing will happen. | BenjiWiebe wrote: | Ymmv but I've got very good results reporting websites to | Google safe browsing and them getting blocked. | Thoreandan wrote: | Google's ignoring spam is especially egregious through side | channels, e.g. spammers adding you to Photos message shares. | herbst wrote: | This is super annoying. I get mentioned in random documents | all the time... No idea why | rayval wrote: | Yes, Google launching .ZIP and .MOV domains is yet another sign | of the moral rot at a once ethical company. | 100721 wrote: | ~~Do no evil.~~ | acheron wrote: | "Once ethical"? How far back do you have to go for that? | 1999? | yjftsjthsd-h wrote: | I dunno, I feel like you could make that case right up | until they merged with doubleclick. | stonogo wrote: | You could, but you cold make it the other way too. | | https://qz.com/1145669/googles-true-origin-partly-lies- | in-ci... | kevin_thibedeau wrote: | I've had people open up Facebook and Instagram accounts using | my email address. They don't bother with requiring verification | to use their services. Before I took over the accounts I'd get | periodic notices about "friend" activity but never a nag to | verify the e-mail. ___________________________________________________________________ (page generated 2023-05-26 23:00 UTC)