When you’ve been on the internet a while, you realise that if a service can be spammed there’s a 100% chance it will be. So it was no great surprise to learn about the spamming of InterNIC’s WHOIS service.
This isn’t about scraping the WHOIS data, it’s far geekier. People are actually spamming the data you get returned by a command line WHOIS lookup, as you can see below.
Yahoo!
MSN
If you want to see this yourself and you’re running a Mac, opened a new shell and type the command:
#whois google.comLinux users would do it by querying the interNIC whois server
#whois -h whois.internic.net google.comAnd if you’re on Windows, you’d have to download a whois program, like wwhois. Place the whois.exe file on your C drive then go to start > run and type cmd.
C:\Documents and Settings\YourName>cd ..
C:\Documents and Settings>cd ..
C:>whois google.com
It’s interesting to see so many people on the net call this hacking or DNS poisoning…it’s not that smart. You might also think that people have registered these as sub-domains. Wrong again. These are just registered name servers.
At the moment there are no limits on the number of name servers you can register on a domain and they are free to enter. The pattern matching at InterNIC brings these up when you do a search query.
I assume the aim is to get people to re-type these domains into their browser. It’s a limited audience though, apart from system administrators there is a pretty slim chance of anyone else seeing it. However these days nothing goes unnoticed on the net and you can find this material spilling out into the search engines (1|2). This puts their URL in front a much larger audience, with the added bonus of sometimes getting a link out of the deal. It goes without saying that a dramatic ‘hacking’ is a popular subject for bloggers.
In that light I’m surprised the technique hasn’t been more widely abused. A few scripts in the wrong hands and it could be scaled up to target millions of domains. So far it seems low-key, mostly hacking groups rather than mainstream spammers.
So why doesn’t interNIC stop this? It should be easy for them to alter their search matching. Apparently they cleared out these dead records a few years back but there must be a better way to deal with this. Maybe a Registry level solution, limiting the number of name servers or making people pay to set these up. In any case it’s an issue that needs looking at and as it seems to be growing, the sooner the better.
Nick Wilsdon is the CTO of 
0 responses so far ↓
There are no comments yet...Kick things off by filling out the form below.
Leave a Comment