30 July 2007
Skweezer - still not a phishing site
Posted by Barnabas under: Security .
Update: Skweezer.net DNS came back online around 11 PM last night, as far as I could tell. Was it a mistake? Does the abuse department at eNom have someone on call at night? I still don’t know even this morning. In the meantime, I am investigating DNS monitoring services such as DNS Stuff’s DNSAlert. DNS is as much a part of security as RAID or UPS.
Right now www.skweezer.net is completely down because our registrar BulkRegister/eNom has suspended DNS service, despite communicating with us earlier in the month. The reason? We’ve been reported once again as a phishing site, which we’re not, obviously. I believe the true culprit is Netcraft’s overly zealous anti-phishing service (more details why I think this below), but BulkRegister has not evaluated the claim appropriately. I guess we’re going to have to get this out of the way once a year, but once again, repeat after me: Skweezer is not a phishing site. In the meantime, if you want to access Skweezer, you’ll have to do it via IP address: http://72.1.97.146/, or try our temporary alternate domain: http://www.skweezer.org. The problem with the IP address URL is a new one to me:
The biggest issue in my opinion is that there’s no real due process, unlike last year. We did get some communication earlier in the month from eNom, which shows that they were in turn notified of Skweezer by Netcraft:
From: abuse [mailto:abuse@enom.com]
Sent: Wednesday, July 18, 2007 9:40 AM
To: msato@gwcorp.net
Subject: FW: Phishing domain registered by enomYour domain name is redirecting to a confirmed phishing website (see URL below). In order to prevent the possible disabling of your domain name, please take the necessary steps in order have the abusive content disbanded.
Failure to comply with this request could result in the placing of a registrar-hold on your domain name, which will block DNS resolution to this domain. Thank you for your cooperation in this matter.Regards,
eNom, Inc.—–Original Message—–
From: Netcraft Phishing Service [mailto:toolbar@netcraft.com]
Sent: Wednesday, July 18, 2007 5:15 AM
To: Brad Bailey; NOC; abuse
Cc: phish-isp-alert@netcraft.com
Subject: Phishing domain registered by enomThe URL below has been confirmed by Netcraft as a phishing
site:https://www.skweezer.net/s.aspx/https/www~paypal~com/
We are reporting it to you because there are indications that the domain in the url is registered by you. Details:
whois server “whois.enom.com”
Our media relations person replied that same day with what I consider a very nice explanatory e-mail, and never received a response, despite later follow-up:
Date: Wed, 18 Jul 2007 10:49:18 -0700
To: ‘abuse’ <abuse@enom.com>, <phish-isp-alert@netcraft.com>
Subject: RE: Phishing domain registered by enomTo whom it may concern:
The URL “https://www.skweezer.net/s.aspx/https/www~paypal~com/” is NOT a phishing site. The domain “skweezer.net” is a mobile transcoding service that’s been operating since 2001. The URL above is how “https://www.paypal.com” is accessed through our transcoding system that mobilizes Web content for cell phones and PDAs. PayPal is aware of our service and we’re discussing the possibility of mobilizing their online payment properties. If you have any questions please call (removed). Thank you and I hope we can resolve this issue quickly.
This afternoon they simply turned us off at around 5 PM Pacific time. As soon as I determined that it was not a server crash, power outage, or network problem, I called up BulkRegister and got someone on the phone within minutes (which is good). He cheerfully informed me that our domain was suspended for phishing. The only way to get it turned back on is by emailing abuse@enom.com, and there’s no phone number, nobody on staff over the evening to turn this back on. I volunteered to fly up to Seattle this evening to deal with eNom in person tomorrow morning, and that may still happen. The repercussions will not be good. We’ve been with BulkRegister for several years, but I have a feeling that 2007 will be the last.
Have you had any problems with eNom, BulkRegister, Netcraft, or another service that marked you erroneously as a spammer or phisher with no recourse? If so, post a link in the comments here. Also, we’re on the lookout for a DNS registrar that’s going to be in our corner, just like Data393 has been in our corner for hosting (they are awesome, by the way). If you’ve had a good experience, I’d like to know about that too.
2 Comments so far...
Gary Says:
31 July 2007 at 2:53 pm.
When using the Opera web browser phishing option you get the same warning when going to http://wap2.bonfiremedia.com
The importance of good DNS « Parsing Mobile Says:
1 August 2007 at 10:52 am.
[...] 1st, 2007 by barnabas We have reached a resolution regarding our DNS problem with BulkRegister. Meetings were had, apologies were offered and promises made. In the end, no [...]