In case you didn't see the news on Slashdot (I didn't--someone had to tell me), it seems that Verisign has decided to demonstrate their evil in a way that I thought only Microsoft would:
As of a little while ago (it is around 7:45 PM US Eastern on Mon 15 Sep 2003 as I write this), VeriSign added a wildcard A record to the .COM and .NET TLD DNS zones. The IP address returned is 64.94.110.11, which reverses to sitefinder.verisign.com. What that means in plain English is that most mis-typed domain names that would formerly have resulted in a helpful error message now results in a VeriSign advertising opportunity. For example, if my domain name was 'somecompany.com,' and somebody typed 'soemcompany.com' by mistake, they would get VeriSign's advertising.
Okay, everyone. Let's all say it together: Fuck Verisign!
In case you haven't already done so, now would be an excellent time to move your domains to a more sensible registrar. I moved all mine to OpenSRS a while ago and have never looked back.
Consider making an appropriate entry for 64.94.110.11 in your routing table and/or firewall.
Some are reporting that not all the root severs have the wildcard yet. I found that it worked sometimes but not others.
See Also: I feel so dirty...
Posted by jzawodn at September 15, 2003 11:27 PM
I missed that on slashdot, but caught it from the O'Reilly RSS feed. This is horrid, especially if they wind up being not too choosy with the advertisers and let some poor kid see porn when he mistypes www.disney.com. I already thought it was bad enough when some evil types register common misspellings loke www.googlee.com!
Consider making an appropriate entry for 64.94.110.11 in your routing table and/or firewall.
Could you be more explicit about what to do here for us less knowledgable types?
I've sent email to friends and family explaining the situation and asking them to email comments@icann.org to ask them to stop VeriSign. Now I just need to figure out how to get my DSL router to block 64.94.110.11 (that number will now live in infamy).
The thing that pisses me off the most about this is that they've got that mail server running on the host... All it does is listen to the HELO, MAIL FROM and RCPT TO commands (enough to snatch your email address(es)) and then drops the connection. The only possible reason for that existing is to harvest email for spamming.
Fuck VeriSign!
If you're using Win NT/XP you can edit the hosts file. Find c:\windows\system32\drivers\etc\hosts and add a line at the bottom:
0.0.0.0 sitefinder.verisign.com
If you feel like it you could change the ip to a local webserver or something.
On Linux:
route add -host 64.94.110.11 gw 127.0.0.1
should do the trick.
The syntax is similar on other Unixes.
Off topic, but did you know you can read jeremy's blog in shizzle, Thanks Snoop! ;)
The thing that pisses me off the most about this is that they've got that mail server running on the host... All it does is listen to the HELO, MAIL FROM and RCPT TO commands (enough to snatch your email address(es)) and then drops the connection. The only possible reason for that existing is to harvest email for spamming.
Incorrect.
If they didn't have a mail bouncer running, and you typoed a domain in your email, it would take days before you found out about it. Remember the standard behavior for mail transport agents when a mail server appears to be down: they wait a while, then try again.
So, if I emailed to bob@mispelled.com, my mailer would try and deliver to the VeriSign site and fail. A few hours later, it would try again. A few hours after that, it would try again, and so on. A few days later I'd get the bounce message.
So, annoyingly, VeriSign has to run the bounce agent on that server. The fact that their actions force them to run something which could be used to collect spam targets is another good reason why they shouldn't be doing this at all.
From a business perspective, this move by Verisign seems to be a desperate action.
My thought is that we probably won't have to worry about Verisign a few years from now; just like we won't have to worry about Microsoft. :)
The problem with Verisign running a bouncing mail server is that mail that is temporarily undeliverable because of DNS issues (someone typo'd a MX record, or a domain's servers are down) that would have retried and ultimately succeeded now bounces immediately fatally.
Yeah, it means that if you make a whoops you don't get immediately notified, but... sheesh--this is mail. Store-and-forward with best effort delivery's the whole point. This new move by verisign gets in the way of that.
Yup, seems to be working here, though the server at 64.94.110.11 seems to be rather slow. Probably because it's being flooded with millions of requests per minute...
Bwa ha ha
You can vote on whether Verisign's CEO is doing a good job here
There is a collection of patches for various dns servers and resolver libraries at Imperial Violet. I've been running the djbdns one for 12 hours or so and it's working fine, I can't speak for the others.
You go verisign! Show these four eyed little twitts what big business is all about. The whole time they're crying and boo hooing the top dogs will be raking in the cash..... And that, you little idealistic brain-dead blogging twerps is what it's all about!
hahahahahahahahahahahah.......
The problem with Verisign running a bouncing mail server is that mail that is temporarily undeliverable because of DNS issues (someone typo'd a MX record, or a domain's servers are down) that would have retried and ultimately succeeded now bounces immediately fatally.
Agreed. It causes other problems, but I think running a bouncing mail server is the least bad alternative given the original decision. Much as I hate to say it.
A domain's servers being down won't cause problems, btw, because the .com/.net nameservers will still return an NS record for that domain, and as long as there's a valid NS record the wildcard won't kick in. I'm sorry to be pedantic about this but I think it's important not to give VeriSign any wiggle room; we need to be very accurate about what they've done wrong.
I've create an online petition to help stop this abuse of the DNS by Verisign. If you could help spread the word, that would be great.
ok I am not the smartest of this group and Tom of Vpop actually told me about this link but all I gotta say is MONOPOLY!!! i have seen it before but that was on URL's that were already previously hosted on that server OR paid for and lawfully theirs! therefore lets all say FUCK VERISIGN!(i have been pleasently happy with vpop.net though :-D)
Is this just me or ... ?
I have IE with the Google toolbar. When I tried some nonsense URLs just now, instead of getting a Verisign page, I got a Google page!
"Sorry, no information is available for the URL www.netcsape.com" (as one example, wrapped in the Google interface).
Give em a call at their toll-free numbers:
888-642-9675
888-655-4636
800-361-8319
866-720-2304
I
just
want
to
FUCK verisign.
I cannot believe this happen. With special thanks to US gov't and IANA. God may bless you!
I made and was using an advanced script for domain monitoring and availability. As a responsible and inteligent programmer the script was not querying verisign database for those domains who already have a ns record. Since it was stupid and saving internet resources. But now my script gives wrong information, not becase it is a fucking script but because it is a smart and thinkful script.
My script also wishes to fuck verisign. Maybe we enjoy group sex where as a ceo, I fuck ceo of verisign and my script fucks the company itself.
Sorry for being so fucking...
"Give em a call at their toll-free numbers:"
And make sure you use your Fax machine to make those calls.
Bind9 already has the code in place to solve the problem as of this morning believe, you can do
zone "com" { delegation-only; };
and only SOA and NS records from within that zone will be accepted. Thus, if you query the root for "foo.com" and get an A record, it's as though you never got a return result at all, and we're back to status quo.
The net interprets stupidity as an outage and routes around it.
Whoever said "The fact that their actions force them to run something which could be used to collect spam targets is another good reason why they shouldn't be doing this at all" hasn't tested the bouncer. It gives "250 OK" no matter what you enter unless it's "FROM:some@addy.tld". It should return 550 immediately but that wouldn't be what Verisigns partners want...
64.94.110.11 - The new number for the BEAST... The End is Near! Repent your Internet transgressions!! Versign "SiteBlinder" is the anti-christ!!!
Well my co-located server at rackspace cannot even ping the address, so i guess they've null routed the IP for everyone :)
Or somthings wrong with my server, hmmmmm
This is abuse and spam and they have to be stopped!!
Hmm. Their server seems to have foiled my attempts to send it a comment on their sitefinder service....
[jason@tetsuo jason]$ telnet 64.94.110.11 80
Trying 64.94.110.11...
Connected to 64.94.110.11.
Escape character is '^]'.
FUCK OFF
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>405 Method Not Allowed</TITLE>
</HEAD><BODY>
<H1>Method Not Allowed</H1>
The requested method FUCK is not allowed for the URL OFF.<P>
</BODY></HTML>
Connection closed by foreign host.
Why doesn't someone write a app that runs on your pc that requests domains that don't exist. Poison their data collection. Fill up their drives with useless crap.
Eg. www.verisignsucksass.com
www.verisignisshit.com
etc
My computer has some kind of malware on it. It is called "Mysoft sitefinder.verisign.com" Spybot Search and Destroy finds it but it can't delete it. Do you know what this is and how it affects my computer and how can I can get rid of it. Thank you for any help you can give. Please Email me at intercoman@hotmail.com with your reply.
