[HN Gopher] Phishing domains tanked after Meta sued Freenom
___________________________________________________________________
Phishing domains tanked after Meta sued Freenom
Author : todsacerdoti
Score : 106 points
Date : 2023-05-26 16:42 UTC (6 hours ago)
(HTM) web link (krebsonsecurity.com)
(TXT) w3m dump (krebsonsecurity.com)
| thayne wrote:
| The title is a little deceptive. From near the end:
|
| > Unfortunately, the lawsuits have had little effect on the
| overall number of phishing attacks and phishing-related domains,
| which have steadily increased in volume over the years.
|
| > Piscitello said despite the steep drop in phishing domains
| coming out of Freenom, the alternatives available to phishers are
| many.
| talhah wrote:
| While freenom did genuinely have issues with spam and the like.
|
| I must say it played a pivotal role in my life, it allowed me to
| do my passion and have a domain name in my early teens when I
| couldn't pay for anything. Being able to toy with a domain name
| led me down many rabbit holes and led to me trying out self-
| hosting and system administration.
|
| Sad we can't have free things.
| nine_k wrote:
| > _the free domain name provider has a long history of ignoring
| abuse complaints about phishing websites while monetizing
| traffic to those abusive domains_
|
| If the way to have there things is defrauding others, then they
| are not as free as they seem.
|
| I'd say that a third-level domain is fine for teenage projects;
| was fine for me even past teens.
| Beached wrote:
| can you link me some free third level domain services that
| allow full control over all records? while I don't need it
| now, in the past I have wanted such a service and was unable
| to find them.
| VWWHFSfQ wrote:
| for $8 a year you can get a regular domain and then have as
| many free 3rd level domains with full DNS control as you
| want. or do you really just mean free free
| TremendousJudge wrote:
| based on the top level comment, I guess free free;
| something a child without a credit card can use on his
| own while playing around
| p1necone wrote:
| Yeah, the refrain is usually "anyone should be able to
| afford $8 a year", but I remember being teenager and even
| when I was making an income I still couldn't get a credit
| card. It's less about the money and more about the
| ability to pay.
| 5e92cb50239222b wrote:
| You don't really _need_ credit cards, we found ways to
| pay for domains and hosting back in the day when we weren
| 't legally able to get one (due to being minors). Some
| smaller companies accept other ways to pay that can be
| used anonymously. I definitely couldn't afford $8 a year
| thought, so others were covering that.
| ajosh wrote:
| Sitelutions.com still offers this. Without a paid account,
| the only limitation is the TTL.
| nine_k wrote:
| "All records" makes an important difference indeed. I
| mostly thought about web projects where you need A / AAAA
| and CNAME. I do remember that I had access to MX and TXT at
| some free provider around 1995; GeoCities? Can't remember.
| TheFreim wrote:
| Same here, running little websites using a free hosting
| provider and a tk domain was a great experience.
| davchana wrote:
| I recently recovered password for my 2002 era davinder.8m.net
| free website. It is still hsoted all these 20 years for free.
| lathiat wrote:
| Yes! My freeservers site from the same era (2000, when I
| was 15 ) is also somehow still alive. I don't have the
| password though. So I cannot fix the error haunting me for
| all time that I listed Generations as a TV series of Star
| Trek rather than a movie.
|
| http://stvoyager.iwarp.com/
|
| I'd love to know how/why they've managed to keep all of
| those alive so long. I am very appreciative but equally
| surprised.
| 5e92cb50239222b wrote:
| I am still using a couple of .cf and .tk domains for semi-
| serious mail, haven't had any issues with delivery.
| throwawayadvsec wrote:
| that's actually really weird
| jeroenhd wrote:
| These domains apply a serious bonus to spam scores, but if
| you do everything else right (send a normal but not too
| large amount of email, get your mail server from a domain
| with high reliability, set up SPF/DKIM/DMARC/etc.) you
| shouldn't fall below the spam line in most spam filters.
| seszett wrote:
| I have mixed feelings as well, for the same reason, but I find
| it absolutely terrible that the citizens of Mali, RCA, Gabon,
| and Equatorial Guinea have basically been robbed of their TLD
| by their (mostly failed) governments.
| nubinetwork wrote:
| I wish they would do .cc next. I see a lot of spam from them on
| my personal mailboxes. Followed by all those google gtlds.
| throwawayadvsec wrote:
| Note: they "stopped phishing" by basically forbidding almost
| anyone from registering a domain, I've been trying to get a new
| domain there for months without success
| GordonS wrote:
| Existing domains stopped working too, I lost the one I've been
| using for 10+ years :(
|
| The most annoying part is there has been zero communication
| from Freenom - not a single email. They also never replied when
| I asked what was going on.
| obituary_latte wrote:
| Now I just wish Google would get googleusercontent.com and
| googleapis.com under control...
| caretoelaborate wrote:
| What's going on here?
| IMSAI8080 wrote:
| Any phishing domain in my spam folder is NameCheap 9 times out of
| 10.
| eli wrote:
| Isn't it the biggest after godaddy?
| IMSAI8080 wrote:
| No idea. It might just be they are lower priced than other
| places that attracts miscreants wanting domains in bulk.
| paulpauper wrote:
| It's funny how meta actually takes spam somewhat seriously,
| unlike google.
| amerkhalid wrote:
| I was about to order something from a website[1] that showed as
| first page result on Google Search.
|
| Spending couple of minutes on the site, it became obvious that
| it is a scam website. Confirmed further by another search on
| domain[2]. I wanted to report it but there is no easy way to
| report this. So I gave up and hope no one falls for it.
|
| [1]: https:// littletikes . savemoney . store [2]:
| https://forums.dansdeals.com/index.php?topic=119138.0
| eli wrote:
| You can report phishing sites really easily here https://safe
| browsing.google.com/safebrowsing/report_phish/?h...
|
| Or alternatively report an abusive google ad here
| https://support.google.com/ads/troubleshooter/4578507
| jeroenhd wrote:
| Every third of fourth technical Google search I try lists
| about 10 to 20 fake sites. Many of them using .it for some
| reason, but there are plenty of other TLDs with this
| problem as well. At this point I'll click a .biz before I
| click a .it.
|
| I'm not going to report hundreds of domains every month.
| Google needs to get their crap together.
|
| The same is very much true for other parts of Google as
| well. Youtube comments are hilariously full of spam.
| There's a pretty good tool out there to get rid of the
| spam, which just runs the comments through a basic spam
| filter, but for big channels you can't let the tool run for
| too long because of API call limits.
| paulpauper wrote:
| And likely nothing will happen.
| BenjiWiebe wrote:
| Ymmv but I've got very good results reporting websites to
| Google safe browsing and them getting blocked.
| Thoreandan wrote:
| Google's ignoring spam is especially egregious through side
| channels, e.g. spammers adding you to Photos message shares.
| herbst wrote:
| This is super annoying. I get mentioned in random documents
| all the time... No idea why
| rayval wrote:
| Yes, Google launching .ZIP and .MOV domains is yet another sign
| of the moral rot at a once ethical company.
| 100721 wrote:
| ~~Do no evil.~~
| acheron wrote:
| "Once ethical"? How far back do you have to go for that?
| 1999?
| yjftsjthsd-h wrote:
| I dunno, I feel like you could make that case right up
| until they merged with doubleclick.
| stonogo wrote:
| You could, but you cold make it the other way too.
|
| https://qz.com/1145669/googles-true-origin-partly-lies-
| in-ci...
| kevin_thibedeau wrote:
| I've had people open up Facebook and Instagram accounts using
| my email address. They don't bother with requiring verification
| to use their services. Before I took over the accounts I'd get
| periodic notices about "friend" activity but never a nag to
| verify the e-mail.
___________________________________________________________________
(page generated 2023-05-26 23:00 UTC)