Security Bullet In
Communiques from the security front, sir
Tuesday 15 July 2008, 5:34 PM
GoDaddy suspends travel-getaways.com domain
I'm very pleased to say that GoDaddy has suspended the travel-getaways.com domain.
I blogged in June that to my surprise I had found I was the site administrator for travel-getaways.com, which was pulling content from a legitimate travel site. I was surprised because I'd never heard of this domain.
After much to-ing and fro-ing I managed to convince GoDaddy that parties unknown had used my name and altered work details to register the domain.
On the WHOIS records, rather than my work address, a fake address had been given. You wouldn't believe the amount of time it takes to prove that an address doesn't exist -- you need to contact your local authority, and explain why you need them to send you a letter to prove an address doesn't exist. Then get them to send the thing.
However, rather than go through this rigmarole I thought I hit upon a simpler method.
For reasons that I don't want to go into here, the fake telephone number that was given actually came through to me anyway. Simple, you would have thought, to get GoDaddy to ring me on the number, so I could tell them that the details were fake. Believe me, this took a couple of days to sort out. Firstly I had to convince them that this was a good idea. Then I had to get them to ring me back -- no easy task. They are based in Arizona, I am in London. There's only a couple of hours a day when me and the GoDaddy employee I was dealing with are both at work. I tried to just go through the 24/7 Domain Services at GoDaddy, but they insisted I had to go through this other employee.
Eventually the employee I was dealing with, courteous to the last, managed to convince Domain Services that there was a valid reason to investigate the domain. The investigation took 15 days. They have now suspended the domain. Phew.
Aside from wasting hours of my life, this whole experience has shown me just how difficult it is to prove that false details are fake.
Interestingly, GoDaddy has now put a disclaimer on its WHOIS entries.
"The data contained in GoDaddy.com, Inc.'s WhoIs database,
while believed by the company to be reliable, is provided "as is"
with no guarantee or warranties regarding its accuracy. This
information is provided for the sole purpose of assisting you
in obtaining information about domain name registration records," reads the disclaimer.
I blogged in June that to my surprise I had found I was the site administrator for travel-getaways.com, which was pulling content from a legitimate travel site. I was surprised because I'd never heard of this domain.
After much to-ing and fro-ing I managed to convince GoDaddy that parties unknown had used my name and altered work details to register the domain.
On the WHOIS records, rather than my work address, a fake address had been given. You wouldn't believe the amount of time it takes to prove that an address doesn't exist -- you need to contact your local authority, and explain why you need them to send you a letter to prove an address doesn't exist. Then get them to send the thing.
However, rather than go through this rigmarole I thought I hit upon a simpler method.
For reasons that I don't want to go into here, the fake telephone number that was given actually came through to me anyway. Simple, you would have thought, to get GoDaddy to ring me on the number, so I could tell them that the details were fake. Believe me, this took a couple of days to sort out. Firstly I had to convince them that this was a good idea. Then I had to get them to ring me back -- no easy task. They are based in Arizona, I am in London. There's only a couple of hours a day when me and the GoDaddy employee I was dealing with are both at work. I tried to just go through the 24/7 Domain Services at GoDaddy, but they insisted I had to go through this other employee.
Eventually the employee I was dealing with, courteous to the last, managed to convince Domain Services that there was a valid reason to investigate the domain. The investigation took 15 days. They have now suspended the domain. Phew.
Aside from wasting hours of my life, this whole experience has shown me just how difficult it is to prove that false details are fake.
Interestingly, GoDaddy has now put a disclaimer on its WHOIS entries.
"The data contained in GoDaddy.com, Inc.'s WhoIs database,
while believed by the company to be reliable, is provided "as is"
with no guarantee or warranties regarding its accuracy. This
information is provided for the sole purpose of assisting you
in obtaining information about domain name registration records," reads the disclaimer.
PreviousComments on this post
Kudos to you for carrying on with this lengthy fight!
It seems to me that GoDaddy could implement a very simple solution; their customers most likely pay with either a debit or credit card, why not just match the provided details with the registered details of the credit card? Online retailers have been doing this for years and it's reduced fraud a great deal.
