homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / Domain Names
Forum Library, Charter, Moderators: buckworks & webwork

Domain Names Forum

Whoa! DirectI Suspends 175,000 Domains for Alleged Abuse

 5:38 pm on Oct 24, 2008 (gmt 0)

Interesting report from registrar DirectI blog.

DirectI suspects 175,000 domains [blog.directi.com].

From the DirectI corporate blog:

. . Directi <has recently taken action> to track down and stop abusive domain names and registrants from abusing Directi’s services.
  • Over 50,000 domain names have been suspended that were either involved in abusive activity or registered by customers/registrants exhibiting persistent patterns of abuse.
  • These domain names (and/or their registrants) were involved in various types of abuse, such as spamming, phishing/spoofing, malware perpetration, suspected pedo#*$!ography, financial frauds and falsified ‘Whois’ information.
  • All other services utilized by any of these domain names have also been revoked.
  • Over the past three months, certain resellers have been identified who have been the destination of choice for bad actors;

I wonder if DirectI was specifically targeted by bad actors or if DirectI is just the first registrar to perform serious housecleaning?

Hat tip to Directi or run for the exits?

More to come from other registrars?

Anyone unjustly burned without appeal?

[edited by: Webwork at 6:02 pm (utc) on Oct. 24, 2008]



 6:22 pm on Oct 24, 2008 (gmt 0)

I agree that registrars should do their part against spam and other sleazy activities and should ban users with persistant antisocial behaviors.


 6:58 pm on Oct 24, 2008 (gmt 0)

A lot of collateral damage must have happened because of this. Dealing with bad guys is OK but taking sledgehammer to all customers of that bad reseller is another thing. I have a large number of domains registered with Directi (resellerclub) and I'll think twice before using their services in future.


 7:54 pm on Oct 24, 2008 (gmt 0)

This coming from the same company that reverse-hijacked those .in domains?



 9:23 pm on Oct 24, 2008 (gmt 0)

Or was this an underhanded attempt to seize valuable domain names by claiming some form of abuse or Whois error? I would love to know if their is some type of appeals process for those who were innocently swept up in the seizing of these domains.


 10:09 pm on Oct 24, 2008 (gmt 0)

That is awesome. I think this should be setup and implemented on a consistent basis. By all registrars. Keep up the good work there... bout time someone started


 3:04 am on Oct 25, 2008 (gmt 0)

I disagree with everyone here apparently. It's not the registrar's job to be the police, it's the hosting providers and the law officials.

It's like punishing gun sellers for a gun murder.

Sounds more like shady practices by a two bit domain registrar.


 9:23 am on Oct 25, 2008 (gmt 0)

Who provides the criteria? Glad I am the overt bad actors are snuffed, but WHO makes that determination?

Sounds like a PR thing to me...


 9:29 am on Oct 25, 2008 (gmt 0)

Half of me is cheering and the other half is saying "what the **** are these guys up to".

I'll reserve judgment until the dust settles.


 10:25 am on Oct 25, 2008 (gmt 0)

It's not the registrar's job to be the police

It's not their job to knowingly aid and abet criminal behaviour either.
The way I see it, they've stopped doing business with people who they think are behaving unethically or illegally.
That's the right of any business. In fact you might argue that they are legally exposed if they don't do this.


 11:26 am on Oct 25, 2008 (gmt 0)

It's not their job to knowingly aid and abet criminal behaviour either.

And therein lies the problem for Directi.

The way I see it, they've stopped doing business with people who they think are behaving unethically or illegally.
If the whole issue had not been covered by the press and the Washington Post, I doubt that very much would have been done about this kind of activity. The way that Directi was linked to these operations was a PR disaster and it sometimes takes a disaster of this type to motivate change.



 11:12 pm on Oct 25, 2008 (gmt 0)

This is a kind of situation where unjustly accused people would have easy access to the press also--and motivate quick restoration of the domains, where justified. But the kind of people who'd been doing what most of these were doing, wouldn't dare lift their tentacles out of the muck to draw ANY kind of attention to themselves.

I can see how innocent bystanders COULD get hurt in attempts to enforce ordinary business contract law -- for a current real example, see the problems with the Gentoo site over the last few days, apparently caused by financial disagreements between their host and their ISP, where Gentoo's data is being held hostage by other parties. But Directi may not have had much choice here. Apparently they were about to be fingered as co-conspirators or worse, for not enforcing the legal requirements for domain registration (such as, accurate information about the registrar). Presented with proof that their practices were enabling (at least) or abetting serial illegal domain registration, they could lose their position as registrar.


 6:03 pm on Oct 26, 2008 (gmt 0)

At first it's tempting to think of this as a blow against online $%*holes but if you give it any thought it's clear how wrong it is for everyone.

Who provides the criteria?

That was my first question too. I don't have domains involved in anything shady but I would absolutely never use a registrar who made a call like this. 1000's of the domains they suspended were undoubtedly owned by innocent parties and I would not appreciate being forced to waste time proving my case to the registrar.

falsified ‘Whois’ information.

Now there's a serious crime :-) It's not as if nearly 100% of whois information is crawled by spam bots or anything.

they've stopped doing business with people who they think are behaving unethically or illegally.

My bold.

As domain names are often compared to real estate, and most definitely appreciate in value quickly, it's not the same as stopping business, they are actually stealing something.


 12:22 pm on Oct 27, 2008 (gmt 0)

It's not the registrar's job to be the police

Yea, your right. They shouldn't have to. Just like the FEDS shouldn't have to go to cities and bust criminals when its the city police that should be doing it. Oh, wait, it is.

Well its not like the guys that give you the license to drive can take it away because they feel you are driving incorrectly. Oh wait, it is.

well I could keep doing this, but it would make me sound like an @$$, I think that is enough to prove a point.


 1:37 pm on Oct 27, 2008 (gmt 0)

You have not proved anything.

The police (and FEDS) are specifically created to enforce rules. The registrar is NOT meant to enforce rules.

Directi has a history of using shady tactics to get domains that they did not deserve to have. I would not be surprised if under the guise of 'abuse' they picked up a nice sum of domains (with PPC dropping as it is).


 2:12 pm on Oct 27, 2008 (gmt 0)

Your right, the registrar was ment to hand out domains to anyone that wants them. maybe i'll go and get me a .gov or .pro... oh wait.. those are governed by registrars.. shucks


 2:12 pm on Oct 27, 2008 (gmt 0)

AlienDev, it's problematic when an entity acts - as DirectI has - as police, prosecutor, judge, jury and executioner. For example, "notice and an opportunity to be heard" is a basic tenet of due process. I'm not sure DirectI gave any form of notice before acting. DirectI might have locked the domains, to hamstring transfers, and give notice of an imminent deletion. Also, decision making by a fair and impartial "judge" is another basic tenet of civil justice. Typically a fair and impartial decisionmaker is not directly involved like DirectI. Before taking such sweeping action DirectI could have established some manner of swift and inexpensive "optional" appeal process. Did they? Not sure. Maybe they did when they gave notice of the imminent suspension? The law allows for emergent actions - temporary restraints or injunctions - but emergent relief is usually conditioned on having a prompt hearing to determine if the emergency is real and the projected harm is immediate and otherwise unavoidable.

But,what the heck, it's just domain names, so who expects fully fair treatment by anyone involved in the domain name system, right? :P

We can say that DirectI's actions are based upon their contracts and TOS but, absent notice and a prompt and fair opportunity to be heard by an impartial decision maker, things get sticky.

IF DirectI wasn't judicious this could backfire in a very expensive way for DirectI - resulting in all manner of lawsuits. I suspect DirectI was justified in the vast majority of cases, but it's hard to believe that they applied an individualized approach to passing judgment on all 175,000 domains.

Yet, if things were that bad that judgment on 175,000 domains was "easy" one has to wonder how long DirectI knew the details of what was going on and, despite that, allowed the situation to proceed and for DirectI to profit therefrom. What did it take for DirectI to finally take action? 100,000 "bad domains"? 125,000 bad domains? 150,000?

Apparently the tack action threshold was 175,000 domains.

[edited by: Webwork at 3:32 pm (utc) on Oct. 27, 2008]


 2:40 pm on Oct 27, 2008 (gmt 0)

ok.. webwork.. thats the best argument I have seen... I do agree with that. My argument was that the registrar had no place in governing the domains it held.... I am actually the main design/developer for an ecomm company that has bad reps from the past. So if this idea spread it would be bad for me. but, the argument of the way they did it had never came up.

In agreement to webwork, I would like to see how this pans out, and would like to see more documentation on how they did it, etc. And what they thought was malicious and what reports they used. I know they didn't investigate all 175k domains. they had to of gotten a list(s) from somewhere.


 3:16 pm on Oct 27, 2008 (gmt 0)

AlienDev211 - registry vs registrar superstar.

Directi has a HISTORY of abuse. Last time I checked, if a previous abuser does something suspicious, you don't end up lauding them for their 'great' move.


 12:02 am on Oct 28, 2008 (gmt 0)

What did it take for DirectI to finally take action?
Coverage in one of the top US newspapers and a lot of online news sites of Directi's involvement with these operations? Being portrayed as a beneficiary and facilitator of these operations? The kill or be killed option?



 12:29 am on Oct 28, 2008 (gmt 0)

Still not going to stop the temporary file servers/other dodgy companies that just want to make money and do not care what is on their servers. Disk space is now so cheap that I now have 100Gb space on my personal site for the same cost as I used to have 5Gb.


 1:24 pm on Oct 29, 2008 (gmt 0)

DirectI took this action because they were fingered by HostExploit [hostexploit.com] as being one of the top-25 Hosts worldwide responsible for hosting 80% of the malware, financial crime, ... and so it goes on, sites that attack other sites and computers users.

I do not know about your site, of course, but mine is under attack 24/7. After thoroughly researching & digesting HostExploit's reports, and finding their download of the IP addresses of all the Hosts involved, I constructed IPTable-additions and added it to my site Firewall (documented on my site Forums under "Site Info & Diary"). Some of the results of that action are very interesting.

After 2 full days of operation, the number of visitors is reduced by about 10%, yet income is either steady or even up. There is one other result which should give every website operator pause for thought...

My site is concerned entirely with support for modems & contains a Downloads subdomain (drivers, firmware & info), responsible for a very large chunk of site bandwidth. Whilst traffic has reduced by 6% & 16% (Monday/Tuesday), bandwidth has reduced by 45% & 30%. This suggests to my mind that internet folks located within bad neighbourhoods have a far higher problem with their connections than is generally so.

The above makes good sense. Consider:

  • Burglars tend to break into their neighbour's houses more often than homes placed further away (personal experience) (as a victim, not a burglar!).
  • A host network usually has far faster connectivity than the internet generally.

My very first action after genning up on this issue was to make sure that my host was not listed. I would suggest that the most sensible action for every webmaster would be to get out of an internet bad neighbourhood as quick as their fingers could carry them.


 5:21 pm on Oct 31, 2008 (gmt 0)

Internet things are messy.

Investigation is essential to protect both parties involving in business.. the way we get a phone number, a driving license, a credit card..

WWW: wild wild Web; anyone anywhere can get domain or Web site and anyone anywhere delete it, without reason.

Complete process is faulty.

Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / Domain Names
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved