HostExploit Exploits Demand Media’s IPO Filing

HostExploit report generates more questions than answers.

I just finished reading HostExploit’s report about Demand Media and its domain name registration business (eNom). Whenever I read a report like this, I try to think about the motives of the report’s authors. In this case, it’s clear that HostExploit wanted to rush something out to piggyback on the buzz of Demand Media’s S-1 filing to go public. When I see punctuation errors in a research report, I pay closer attention.

The report basically says eNom is a bad registrar and web host, hosting a number sites with badware, malware, and illegal pharmacies. That may be true (more on that later in this post). But the report then lists some other allegations, such as saying “We received reports suggesting Demand Media / eNom utilize these techniques”, referring to cybersquatting, click fraud, splogs, and link farms. But then the report basically says it hasn’t even analyzed whether or not this is true.

And since when are link farms illegal? Show me a registrar who will shut down someone for hosting link farm sites. I don’t condone such things, but it’s not a registrar’s business to regulate. In fact, they’d probably get sued for shutting down a link farm. It’s the search engines’ business to effectively filter out link farms.

Then section 8 of the report says that eNom might be in non-compliance with its Registrar Accreditation Agreement. It then reprints and explains sections of the agreement, but fails to say why it believes eNom is out of compliance. I assume this section has to do with information in KnujOn’s report earlier this year.

Now, back to the issue at hand. Let’s assume eNom does have a lot of bad actors that use its services. What can eNom do? It’s a tough question. On the one hand, a registrar doesn’t want this stuff on its network. On the other hand, it doesn’t want any ‘false positives’ where it shuts down a legitimate web site.

The challenge is striking a fine balance. It appears eNom is getting a reputation as being a registrar of choice for bad actors, and that means more bad actors will use its services in the future. (Ironically, HostExploit’s report basically tells criminals which registrar to use.) eNom needs to quash that reputation. The last thing it wants is underground criminal forums to start promoting “hey, use eNom!” Perhaps it should work with law enforcement to (legally) shut down some of these bad sites, and then publicize its work.

And one more thing. I really hope HostExploit got permission before republishing a copyrighted article about its report from* That would be ironic, wouldn’t it?

*I haven’t “analyzed whether or not this is true”.


  1. Mountain says

    I hesitate to dignify KnujOn’s report as it was full of half-truth’s and clearly focused on grabbing attention rather than truly understanding and communicating the issues. Virtually every registrar of any significance was slandered in this report. I think the only reason eNom and others haven’t sued them is because of KnujOn’s lack of credibility there clearly weren’t any damages.

  2. bob bruen says

    Hi Mountain,

    We will challenge you the same way we challenge anyone. You have stated the KnujOn report was full of “half-truth’s” (sic). Please list them and explain why they are not full-truths.

    The registrar community has had since 21Jun to show anything that is false within the report and all they have come up is that they do not like what the report said and a couple of minor points based on interpretation of rules.

    eNom will not sue KnujOn because there is nothing to sue about. You may not think that KnujOn has credibility, but a lot of other people do.

    As far as the actual article goes, the suggestion that Host Exploit rushed the report to ride on the recent S1, misses the point that the data was collected over a period of time longer than a few days.

    The motive of the author is similar to KnujOn’s motive, to clean up the Internet by exposing criminals and bad actors.

    It was a nice move when a list of bad behavior was ignored for one item (link farms) that sounds like it might be okay. Link farms in support of criminal activity should be shut down.

    This is analogous to fast-flux, a lot of criminals use it but it is not illegal in and of itself. Not unlike a automobile: okay for me to use it to drive to the grocery store, but not okay to use it as a getaway car after a bank robbery.

    We know that many registrars do a lot of work to keep bad actors off the air. eNom is one that does not. They are far worse than any other registrar, as was shown by the KnujOn report and the Host Exploit report.

    If it is too challenging for eNom to keep its house clean, then perhaps they should get new management that knows how to do it.

    Rather than assuming, why don’t you read up on things first?


    • says


      You’re right, there were four things mentioned in the section that discusses link farms:

      1. Cybersquatting – there’s a defined process for how registrars handle this

      2. Click fraud – I don’t know what this has to do with registrars/hosting companies

      3. Splogs – again, nothing illegal unless they’re copying copyrighted content (ahem)

      4. Link farms – we must have different definitions of link farm. These are used for SEO, not illegal activities.

  3. Mountain says

    Bob, enough has been said already about this, I’m not going to get into a point-by-point debate with you. That’s already been done, your analysis was found lacking, and I have far better things to do with my time. Good luck.

  4. bob bruen says


    Well then I guess everyone can see you are simply going to make nasty comments without any substantiation.

    If enough has been said already, why did you say anything in the first place, which initiated the conversation? Enough seems to mean you got to say what you wanted and we should just be quiet.

    A point by point debate would simply prove my point, you just did not like what was in either report. You have no honest criticism of what was said.

    Use your time wisely.


  5. ST says

    It’s just a matter of time till these pharmacy sellers start to mass register ccTLD’s that are dirt cheap.

    KnujOn will keep running behind the facts.

    But till then KnujOn can pound themselfs on the chest with so called victories.. But the spam won’t be less in your inbox.

  6. Meyer says

    I’m not one to run to enom’s defense.
    But, accusing Enom of condoning spam, malware,
    etc is rediculous.

    They would not expose themselves to bad press,
    lawsuits or gov’t fines.

    They have been planning to go public for a
    long time. They would not permit illegal
    activity anywhere near its operation.

  7. says

    As a contributor to the HostExploit report, I would like that to stress that this is not a report that has been rushed out to gain publicity.

    Our punctuation may not be perfect??@!, but I’d hope that doesn’t detract from the many months we have spent monitoring our own data and cross-checking with 12 third-party sources.

    Demand Media were made aware of the situation on their servers in our previous Top Bad Hosts reports throughout the year, with clear breakdowns of where the badness lies, and yet the situation has worsened.

    Let me assure you that every underground forum in existence has been aware of the benefits of hosting with eNom for some time. This is not new information to them.

    Lastly, the article on our web site that you mention was appropriately accredited to the author and source. The article contains no adverts or source of income.

    • says

      “Lastly, the article on our web site that you mention was appropriately accredited to the author and source. The article contains no adverts or source of income.”

      Will, I appreciate your response. With regards to the above statement, though, that’s still copyright infringement. You can’t just copy an article and republish it, even if you attribute it to the source and don’t make money from it.

Leave a Reply