Monday, December 12, 2011

12th December 2011 - Update about InterN0T

Dear InterN0T'ers and guests,


Over the last couple of weeks, we've worked  hard on getting a backup of our files back without any luck. Alas, one of our mediators even got blacklisted in the process by 1and1. After reading through their Terms&Conditions, I (MaXe) found out that the domain was still my legal and intellectual property as I anticipated, and that I could file a complaint, even a lawsuit (if I had the money), as both a part of their Terms&Conditions (see references) and the UDRP (Uniform Domain-Name Dispute Resolution Policy), protects domain name at least.

We've given up on getting our files back from 1and1, including the most recent database, but the domain is something we're still fighting for. However, as a backup / precaution we've bought intern0t.org as well. (intern0t.com was already taken, we prefer .org anyway.) It may seem strange, why do we need another domain name? Imagine we lose control over intern0t.net for 3-12 months, as right now we only control the nameserver records, not the actual whois record including any transfers. It would be catastrophic, esp. with our rank in the Google search engine which has already gone down, including a lot of traffic we're losing. This traffic, is visitors to InterN0T. We earn 0 (zero) [insert currency] on these, but we do value all legitimate visitors, as that is one of the things our community is about.

Recently we contacted the support department, which told us to contact the security department, which then told us to, contact the transfer department. See below.

------------------------------------------------------------------------------------
Dear [Redacted], (Customer ID: [Redacted])

Thank you for contacting us.

As we double checked your account, currently is it being locked by our security team. It would be best to contact them so that they can provide you the necessary information you need.

Here is our Security team direct number: 1-877-206-4253, they are available 9am-5pm EST, Monday till Friday

If you have any further questions please do not hesitate to contact us.

--
Sincerely,
[Redacted]
Technical Support
1&1 Internet
------------------------------------------------------------------------------------

After reading that I sent the "Security Team" (security-team@1and1.com) the same e-mail, and received the following reply:

------------------------------------------------------------------------------------
Dear [Redacted], (Customer ID: [Redacted])

If you have any inquiries about domain transfers, please email transfers@1and1.com.

--
Sincerely,
Security Team
1&1 Internet, Inc.
--------------------------------------------------------------------------------------------

Currently, I'm awaiting a reply from the "1and1 Domain Transfers" department, if there even is such a department? After all, I work at a helpdesk too, for a large financial company with ~35'000 users, so I'm quite familiar with how cases like this works too, including "security departments" that barely knows anything about information security, ethical hacking and penetration testing.

One thing that in particular is interesting, is some parts of 1and1 is (or has been not long ago) outsourced to TelePerformance, and if this is the company handling my case, then I wouldn't recommend anyone to use 1and1 ever again. How can I judge this company? I've worked for them of course, I know the type of people they hire as agents, team leaders, managers, even site managers. A company like this, is not suitable for making any judgements, about ethical hacking communities (or pentest companies for that sake) at all.

The funny thing is, there's a lot of other hacking communities hosted at 1and1 too, some of them are bigger, some of them are smaller, some of them has been around for longer than InterN0T, how come it was only us that got terminated? How can that be fair judgement? As I see it, the balance of what you could call "justice" has tipped to the wrong side.

Anyway, the most important thing for us right now, is that we regain full control over the intern0t.net domain, and that we restore the website. Over the last couple of weeks we've also set up our own mailservers, and made sure they do not violate any T&C's, etc. Of course we're not going to use 1and1 ever again, so currently we use two other providers instead, that seems better than the previous. (Even though it took some time setting the initial servers up the right way.)

This current week we're in, is the week that will matter most for the intern0t.net domain, as we've almost located all of the necessary files and databases to restore a copy of the site as it looked roughly 6 months ago, perhaps even earlier than that. It's a drawback, but the site will be there soon, either via intern0t.net or intern0t.org.

We wish all of you a very happy X-mas in case we don't have any further news on this blog before the site is restored.


Best regards,
MaXe


References:
http://www.icann.org/en/udrp/
http://www.icann.org/en/registrars/registrant-rights-responsibilities-en.htm
http://www.icann.org/en/transfers/
http://order.1and1.com/TcPdr;jsessionid=6807123412397CB6593E425AF2845266.TCpfix243a?
http://order.1and1.com/terms;;jsessionid=6807123412397CB6593E425AF2845266.TCpfix243a?

3 comments:

  1. Hopefully the forum will be back soon!
    You doing great work MaXe :)

    ReplyDelete
  2. Good Luck, you're almost there!

    P.S. Helpdesk? If YOU are not working on the PenTest field... who does?

    ReplyDelete
  3. Thanks Jolly! About Helpdesk, well that's just to get some food on the table and pay the bills, it hasn't been easy to get into pentesting for a living, but I'm working on it.

    If all goes as planned, I should be relocating to Australia in half a year, hopefully less as I currently have a job waiting for me there, which includes pentesting as well.

    ReplyDelete