Cenzic 232 Patent
Paid Advertising
web application security lab

MySpace Attempts to Shut down SecLists.org

I ran across this article today at Wired about how MySpace shut down SecLists.org by contacting Godaddy. Apparently MySpace was annoyed that someone had posted to one of the lists a bunch of MySpace passwords from one of the successful phishing attacks a while back. Instead of contacting Fyodor, who I’m sure would have reacted appropriately, they went right to the Registrar (Godaddy).

The site was down at some point, but is back online now. But it does make me scratch my head a little knowing how close his site and our sites really are. Are we at risk for ToS, because it’s objectionable materials? Even if it’s totally defensible is Godaddy simply going to nuke our sites because some company issues a cease and desist? Did Godaddy even verify the nasty content? What if someone else uploaded malicious content to the site (XSS, SQL Injection, or straight old hacking into the machine). It’s troubling to say the least.

14 Responses to “MySpace Attempts to Shut down SecLists.org”

  1. MySpace Attempts to Shut down SecLists.org of Myspace Html Codes Blog Says:

    […] Original post by RSnake for Myspace News MySpace Attempts to Shut down SecLists.org […]

  2. bria Says:

    that’s sake

  3. id Says:

    We’ve already seen it in action here, not exactly the same but very similar, and we use Godaddy as well.

    I’m disappointed that Bob Parsons would allow his company to act that way. The shoot first ask questions later approach that companies have been using lately is detrimental to freedom of expression on the Net, which he claims to want to protect.

    There should be a law passed that makes it illegal for an ISP or service provider, such as Godaddy, to shut down an account in good standing if it is not hosting illegal content or compromised. It would free up the nonsense support calls from whiners that the ISPs have to deal with.

    News papers and TV forms of media have protections from being silenced, why not a mailing list or blog?

  4. rdivilbiss Says:

    Transfering my domains in 3, 2, 1…

  5. Luny Says:

    I use to run a site that collected emails from various websites on the net and i’d display them for everyone to see. (even showed ways to output your email address so spam bots wouldnt harvest it)

    Everything was gotten legally and the emails were public info on the sites, but the hosting company i was on with, theplanet, deemed it illegal and made me take it down even tho it didn’t break any TOS of theirs or any anti spam laws.

  6. head.hacker Says:

    this smacks of the big-brother (1984) feeling. SecLists.org is a great service. thanks Fyodor for your diligence and letter - and the svn repos.

    hacking is still an ART, and not always computer related. of course, it is when so-called hackers “http://catb.org/jargon/html/H/hacker.html (LOVE #1,7 but the [deprecated] in #8 is a bad sign)” turn criminal there is a problem. A recent USSEC complaint (article = ‘http://www.sec.gov/litigation/complaints/2007/comp19981.pdf’) actually says - QUOTE was accessed by “hacking” ENDQUOTE in at least one place. i am happy to see the quotes ‘”‘ around hacking but there will come a time when hacking=criminal at all levels - and their are no quotes.

    Compared to the applause sites like these and SecLists.org deserve we are going in the wrong direction. Education is what is needed.

    keep the flame burning - hh

  7. Spider Says:

    I’m guessing if godaddy had refused, they would have gone to the isp. I do know from friends in the registrar business, that they do get many requests to take down material. Most of them are obvious phishing sites, but if its not immediately obvious that its illegal content they tell them to contact the owner according to the whois information and let it stay unless they get a court order. If it is deemed to be illegal, they take it down with giving the owner time to defend it. I think it has a lot to do with who was asking. Either Godaddy didn’t want to upset Myspace, or they considered it to be illegal. But large entities like myspace that want action taken yesterday to remove sites they don’t like will just about always contact the Registrar or isp before the actual site owner.

  8. id Says:

    The more I think about this BS the more it upsets me, I’m to the point that I’m sure it’s more of a “when it happens to us” than an “if”. Anyone know of a registar that doesn’t pull BS like this?

    Same will happen with our ISP I’m sure, next hosting we will have our own IP space so the complaints come straight to us, but of course we can’t do jack about the domain name.

  9. wannabe Says:

    You people are whining babies. Rights this and rights that. If I intentionally place things on my site that could possible hurt 50,000 minors, I deserve to get my site taken down. Just because it is available elsewhere on the net doesn’t make it right. That is such a cop out. Grow up.

  10. id Says:

    yes, won’t somebody think of the children???

    The passwords were, and are available all over the net. They shut down a very useful community tool, and it only benefited the blackhats,. that’s the point.

    This site could possibly hurt way, way more, you want to shut it down?

  11. chillervalley Says:

    “What if someone else uploaded malicious content to the site (XSS, SQL Injection, or straight old hacking into the machine). It’s troubling to say the least.”

    German and Austrian Law: The webmaster has to proof that there is now illigal content on his server/webspace.

    And: If someone breaks in (xss…) the webmaster had to show logs whatever to make it clear there was an illegal action on his webspace/server (such as hacking). BUT: The webmaster HAS to do all he can to make his website as secure as possible. Otherwhise, the law can be agains him if someone hacks in his box and stuff illegal content there.

    (sorry for the bad english, but i hope you understand what i mean ;-) )

  12. Rafa Says:

    Godaddy is well known for taking these kinds of actions without any warning.DO NOT register any sensitive domains with them.
    I`m moving a bunch of my more important domains to Moniker,which has an excellent reputation among the webmaster community for standing up for their customer`s rights.

  13. Legionnaire Says:

    What I can’t understand is the action on behalf of MySpace.com. Did they to take those passwords off the net? Can you really take anything off the net? Bring a site down and half a dozen mirrors go up! What I mean is that if once something goes public it stays there no matter what you do. MySpace.com can’t enhance its security by prosecuting those who disclose vulnerabilities and data extracted from them.

    And as far as Godaddy is concerned, the company is simply losing its reliability. Migrating from one registrar to another is so simple so it’s their loss :)

  14. RSnake Says:

    Interesting read on how the hole thing panned out: http://nodaddy.com/