How I Lent Scammers a Domain

It began when my domain registrar contacted me. A domain I bought years ago and never really used, they informed me, was currently being used for phishing, which is against my registrar's terms of service.

Hmm. I’m not a black hat, so what was going on?

Logging in to my registrar (NameCheap) I was able to see that my domain's DNS was pointing at DreamHost, a shared web host I use for some websites. However, when logged into DreamHost, the domain in question was not listed.

I figured that the most likely way this came about was this:

  1. I pointed my domain name at my web host, intending to show a parking page.

  2. I never set it up at my web host, by accidental oversight.

  3. Someone else noticed the default DreamHost parking page and successfully convinced DreamHost to add the domain to their account.

What to do? The most obvious course of action was to reach out to my host. However, their support was unreachable! The contact form required me to select the domain in question, but the domain wasn’t in my account, it was in a scammer's. Then, I tried to use a different contact method for security and abuse, but this contact form was literally broken and could not be submitted.

I worked around my inability to resolve the situation with my host by using CloudFlare's free static site hosting instead, changing the DNS records at the registrar to bypass DreamHost entirely.

(Later I heard back from DreamHost after guessing at abuse-related email addresses in order to contact their abuse team, who told me they were already on it and had shut down the account used for phishing.)

My registrar was then satisfied, and I had done my part to reduce phishing on the Internet.


November 26th, 2024
Alan Hogan (@alanhogan_com).  Contact · About