It all started with a message from a reader. She was planning to put a Web site up and needed to register a domain name.
She chose to use her first and last names for the domain (just as I own larryseltzer.com) and checked it on at least one service for availability.
She went back in a day or two to register it and, lo and behold, it had just been registered to an outfit named Chesterton Holdings.
It's obvious that Chesterton Holdings is a domain squatter. The domain was not just registered, there was a Web page up on it.
The page was covered with the sorts of ads you usually see on squatted pages, and the ads were all syndicated through information.com.
Several days later, Chesterton released the domain, probably having had few or no hits on it. Chesterton's own Web page contains the following statement:
- "We acquire domain names through an automated process rather than by any process that would intentionally infringe on any person's rights. If you have any questions about a domain, please submit your query to us below. It is our policy to transfer a domain name to any entity that, in our reasonable opinion, has a legitimate claim. We will promptly transfer a domain name to you if you can show us that you have a legitimate claim."
So the question remains: How did Chesterton Holdings get hold of the reader's domain name and register it before she did? Is it part of this mysterious "automated process"?
The main site she had used to check for domain availability was the CNet Domain Search page.
This is a "meta-search" page, meaning that when you enter a domain name in it, the page checks several other services for domain availability, consolidates the reports and delivers them back to the user.
The actual search is performed by search.com, also a CNet property. The reader had gotten results for web.com, dotFM, e-nic, and APlus.net.
 |
| Click to Enlarge |
I decided to run some tests, so I picked three names out of the air and checked them with the CNet Domain Search page including myfuzzycat.com and lickmynose.com.
I let the matter go and about 30 hours later I checked with a separate whois service and determined that the domains belonged to Chesterton Holdings.
The same ad-based Web pages were up on them. Bingo. Click on the thumbnail image nearby to see the page.
My next step in testing was to go to the four hosting services meta-searched by CNet and search them directly with new domain names also picked out of thin air. Two days later they haven't been taken.
At this point I have to say I don't know exactly what's happening, but something fishy is going on. With a whole lot more testing, I think I could figure out the source of Chesterton's domain name feed, but I decided it was time to get the story out first.
The reader who brought all this to my attention called aplus.net, which told her that Chesterton Holdings monitors whois requests, and that's how they learn which domains to register.
This would be a great explanation if it were possible, as a general matter. But it's not generally possible to monitor whois requests.
Here is what's possible, based on what I know:
- CNet, or someone at CNet, could be passing the requests on to Chesterton. I don't believe this for a second.
- One of the hosting services that CNet is checking with (and there could be more than they indicate) could be passing data on to Chesterton. This seems unlikely to me.
- Chesterton could have compromised one of the servers involved in the process, for instance the whois server used by one of the hosting services. This seems possible to me. There are a number of other hacking techniques, DNS cache poisoning for example, that could indirectly give Chesterton access to data from these queries.
- Verisign could be passing the data on to Chesterton. I don't believe this, either.
I've been in touch with CNet about this matter as I have investigated it. They don't really have an explanation, nor would I expect them to if their meta-search was doing what it was supposed to do. I also attempted to contact Chesterton, without success.
Even though I've speculated on possibilities that are more or less likely than others, I don't think I'm close to a definitive explanation. All I really know is that there's no legitimate way to do what Chesterton Holdings is doing, and I hope they finally get called for it.
Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. He can be reached at larryseltzer@ziffdavis.com.
Click here to view the full article.
Comments (0 posted)
CyberNews
