You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
#476 showed that nsupdate.info service is lacking some functionality for zone operators who are not running their own nsupdate.info software instance (but just run DNS service for some zone offered via nsupdate.info website) and thus do not have admin access to configuration files and django admin:
some users abuse the service by using dyndns for their criminal activities
domain owners get complaints (usually forwarded from their domain registrar, sometimes also directly), from police, fbi, interpol, etc.
of course registrars are not willing to handle too many of such complaints
When offering hosts / domains, one can not do much to prevent such abuse, but we need to be able to react quickly if we get informed about such abuse.
My usual procedure when an abusive (in the sense of "being used for criminal activities") host is found:
check what user account created the host (manually via django admin)
kill the user account in the database (which will also kills all hosts of that user, which might be also used for criminal activities anyway) (manually via django admin)
blacklist the host names so they can't be recreated (manually via config file)
TODOl:
move the host blacklist from config to the DB (check what we already have)
have some view for domain owners where they can fill in a "bad host list"
do same procedure as above, just automated
report back about all host names that were deleted / blacklisted
The text was updated successfully, but these errors were encountered:
#476 showed that nsupdate.info service is lacking some functionality for zone operators who are not running their own nsupdate.info software instance (but just run DNS service for some zone offered via nsupdate.info website) and thus do not have admin access to configuration files and django admin:
When offering hosts / domains, one can not do much to prevent such abuse, but we need to be able to react quickly if we get informed about such abuse.
My usual procedure when an abusive (in the sense of "being used for criminal activities") host is found:
TODOl:
The text was updated successfully, but these errors were encountered: