HostExploit Exploits Demand Media’s IPO Filing
Wednesday, August 11th, 2010
HostExploit report generates more questions than answers.
I just finished reading HostExploit’s report about Demand Media and its domain name registration business (eNom). Whenever I read a report like this, I try to think about the motives of the report’s authors. In this case, it’s clear that HostExploit wanted to rush something out to piggyback on the buzz of Demand Media’s S-1 filing to go public. When I see punctuation errors in a research report, I pay closer attention.
The report basically says eNom is a bad registrar and web host, hosting a number sites with badware, malware, and illegal pharmacies. That may be true (more on that later in this post). But the report then lists some other allegations, such as saying “We received reports suggesting Demand Media / eNom utilize these techniques”, referring to cybersquatting, click fraud, splogs, and link farms. But then the report basically says it hasn’t even analyzed whether or not this is true.
And since when are link farms illegal? Show me a registrar who will shut down someone for hosting link farm sites. I don’t condone such things, but it’s not a registrar’s business to regulate. In fact, they’d probably get sued for shutting down a link farm. It’s the search engines’ business to effectively filter out link farms.
Then section 8 of the report says that eNom might be in non-compliance with its Registrar Accreditation Agreement. It then reprints and explains sections of the agreement, but fails to say why it believes eNom is out of compliance. I assume this section has to do with information in KnujOn’s report earlier this year.
Now, back to the issue at hand. Let’s assume eNom does have a lot of bad actors that use its services. What can eNom do? It’s a tough question. On the one hand, a registrar doesn’t want this stuff on its network. On the other hand, it doesn’t want any ‘false positives’ where it shuts down a legitimate web site.
The challenge is striking a fine balance. It appears eNom is getting a reputation as being a registrar of choice for bad actors, and that means more bad actors will use its services in the future. (Ironically, HostExploit’s report basically tells criminals which registrar to use.) eNom needs to quash that reputation. The last thing it wants is underground criminal forums to start promoting “hey, use eNom!” Perhaps it should work with law enforcement to (legally) shut down some of these bad sites, and then publicize its work.
And one more thing. I really hope HostExploit got permission before republishing a copyrighted article about its report from ComputerWorld.com.* That would be ironic, wouldn’t it?
*I haven’t “analyzed whether or not this is true”.