Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Issues with porkbun, incase any one may help
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Issues with porkbun, incase any one may help

agentmishraagentmishra Member, Host Rep
edited February 2020 in Help

hi

last night i purchased a domain from porkbun.com, for one of our projects

just added it to the directadmin dashboard

no mails, no files other than the index.html (skeleton)
no activity

the details shows this
Disk Space 420.04 KB
Bandwidth 70.35 KB
E-mails 1
FTP Accounts 1
Databases 0

and porkbun suspended my domain sending this email

==========
Hello there,

We wanted to let you know that suspicious activity was detected on xxxx by Google Safe Browsing (https://safebrowsing.google.com) and it has been suspended. This can mean a few things, but generally it means that your domain is being used for what appears to be malicious activity. This probably means your website has been hacked or exploited in some way. For information on how to unflag your site please visit https://developers.google.com/web/fundamentals/security/hacked/request_review.

Please contact support if you require more information.

Thank you,
The Porkbun Team

==========

in above the domain name is removed and put as xxxx

in the same dashboard we have more than 40 domains hosted, and all are working fine. i personally can vouch there isnt any compromise or malicious activity

i email them and tried to talk to them via the online chat

and they say, online chat is for tech support not for any thing else, and i will have to await the response from the support team, no eta...

do these happen with others as well,

also how do i proceed, i do not see a way out

any help would be great

thanks

Thanked by 3supakika default Adam1
«13456

Comments

  • Transfer your domain to internetbs, don't worry with them anymore.

    Thanked by 1MannDude
  • agentmishraagentmishra Member, Host Rep

    how to transfer, i do not have the transfer code its locked

  • @agentmishra

    So you have absolutely no idea what the "suspicious activity" on your domain could have been?

  • NeoonNeoon Community Contributor, Veteran

    Wait, they suspend domains if google detects anything?
    Please tell me that's a joke, must be right?

  • Your domain is fucked until you unflag it. Lite Manager, a remote access software company, got hacked and their exe replaced with a malicious one.

    Visiting their site 2 years later was still flagged by Google. And maybe Malware bytes.

    Do a search history on the domain and see when it was last (ab)used.

    Thanked by 2uptime agentmishra
  • NeoonNeoon Community Contributor, Veteran
    edited February 2020

    "Yes, if the domain gets placed on Google Safe Browsing, we will suspend it as a precaution. Then, email us, we'll unsuspend and then you can fix it at Google and it won't be suspended again."

    So I suspect, porkbun has active monitoring running, as soon one domain gets a hit from google, its suspended. The reasoning of that was, because the internet belongs to google, if google blocks your domain, makes no sense to keep it online.

  • Can you check domain history or archive.org record ? In case that have been heavily abused and used by others and released.

    Thanked by 1agentmishra
  • As others say, domain seems to be highly abused by someone else and then released. Have you contacted porkbun though? Their support was pretty fast

  • FAT32FAT32 Administrator, Deal Compiler Extraordinaire

    I used to have a domain where during one lesson I demonstrated how phishing attack works, despite I am the only one who submitted the form, my domain was blocked by Google until I submit a request for unblocking. I guess it is a feature in Chrome that detects potential phishing and submit to their server.

  • someshzsomeshz Member, Host Rep

    I didn't face such problem with my registry, at least first they send notice regarding any abuse.

    Thanked by 1agentmishra
  • BlaZeBlaZe Member, Host Rep

    Just send an email -_- and explain to them what you explained it here in the post.

  • The same shit was happened to me. Do this: add domain to google webmaster and inform porkbun to unlock domain to fix the problem. That's it.

    After this just migrate domains to cloudflare.

    Thanked by 1agentmishra
  • NyrNyr Community Contributor, Veteran
    edited February 2020

    Neoon said: "Yes, if the domain gets placed on Google Safe Browsing, we will suspend it as a precaution. Then, email us, we'll unsuspend and then you can fix it at Google and it won't be suspended again."

    So I suspect, porkbun has active monitoring running, as soon one domain gets a hit from google, its suspended. The reasoning of that was, because the internet belongs to google, if google blocks your domain, makes no sense to keep it online.

    That is RIDICULOUS.

    I will contact Porkbun and let them know that if this doesn't change I will be migrating my domains away.

    They had a representative in the forum maybe it was the CEO, can anyone tag him?

  • NyrNyr Community Contributor, Veteran
  • NeoonNeoon Community Contributor, Veteran

    @Nyr said:

    Neoon said: "Yes, if the domain gets placed on Google Safe Browsing, we will suspend it as a precaution. Then, email us, we'll unsuspend and then you can fix it at Google and it won't be suspended again."

    So I suspect, porkbun has active monitoring running, as soon one domain gets a hit from google, its suspended. The reasoning of that was, because the internet belongs to google, if google blocks your domain, makes no sense to keep it online.

    That is RIDICULOUS.

    I will contact Porkbun and let them know that if this doesn't change I will be migrating my domains away.

    They had a representative in the forum maybe it was the CEO, can anyone tag him?

    Well, imagine that the site will be unavailable for days, until google removes the entry.
    Could be even false detection and your site is gone.

  • That's actual madness, a domain registrar suspending a domain based off the opinion of a 3rd party (Even Google can make mistakes). I'll also be transferring out.

  • Wait, they suspend domains if google detects anything?

    Porkbun support team is power hungry. Once they locked my account with many domains in it because there's a bug on their 2fa that made it unable to get correct 2fa code using Google authenticator app.
    I called them and threatened to report to my bank and charge back because my credit card is registered as auto pay auto renew all domains in their control panel which I was locked out. They didn't admit the bug, but after 2 weeks and sparse replies, eventually they let me get my account access back after giving so many private details. Porkbun is cheap but the support team has serious issues. I moved out of porkbun to save my sanity.

    Thanked by 1agentmishra
  • Thanks for posting this. Yet another registrar to avoid, will probably move my domains from them.

    Thanked by 2agentmishra Lunar
  • NyrNyr Community Contributor, Veteran

    I never understood why some registrars are so heavy handed on abuse matters anyway, there must be an underlining reason which I don't understand.

    Given how difficult is to lose the ICANN accreditation, with many grey hat registrars doing shady stuff for a long time without consequences, I don't get why many legitimate registrars act in such anti customer ways.

    Specially in this case, why would they trust Google when it is even a direct competitor to them. Pretty sure that not even Google Domains will suspend domains blacklisted by Google Safe Browsing.

  • NeoonNeoon Community Contributor, Veteran

    @Nyr said:
    I never understood why some registrars are so heavy handed on abuse matters anyway, there must be an underlining reason which I don't understand.

    Given how difficult is to lose the ICANN accreditation, with many grey hat registrars doing shady stuff for a long time without consequences, I don't get why many legitimate registrars act in such anti customer ways.

    Specially in this case, why would they trust Google when it is even a direct competitor to them. Pretty sure that not even Google Domains will suspend domains blacklisted by Google Safe Browsing.

    To me it sounds like an idea of someone in Porkbun, #yolo lets just suspend domains when google reports threats so we keep abuses low.

    If they would have picked it up differently, like informing the costumer that his domain got flagged, like Hetzner why not but that way, baaaaaaa.

  • spunspun Member
    edited February 2020

    I had a .xyz domain that was suspended by the .xyz registry. They said they saw what looked like spam activity and suspended the domain. I had to email them to get the domain back (but I did get it back). The emails sent out were legitimate emails.

    .xyz has some type of spam filter that even if no one reports you for spam they can flag you and your domain is basically dead.

    Thanked by 2agentmishra Lunar
  • oborsethoborseth Member, Host Rep

    Hello, all. Thanks for tagging me. @agentmishra I'm sorry this happened, I know it's frustrating. I did find your support ticket and am looking into it. Also be aware that your domain is still listed with Google Safe Browsing and probably won't function too well in general until that gets cleared up, we provide a link in the email you received that explains how to get delisted.

    To explain why we do this, we a lot of abusive registrations and we try to combat that with things like Google Safe Browsing, etc. It's accurate in that the domain is being blocked by Google, and probably most clients, and was being used for malicious purposes. It looks like in this case the domain was flagged for some prior phishing abuse before the new registrant purchased it. In certain situation, like phishing, we can be shut down by upstream providers if we do not take action within a very short period of time.

    All of that being said, I'll see if we could have handled this and other potentially similar situations better.

  • agentmishraagentmishra Member, Host Rep

    @oborseth said:
    Hello, all. Thanks for tagging me. @agentmishra I'm sorry this happened, I know it's frustrating. I did find your support ticket and am looking into it. Also be aware that your domain is still listed with Google Safe Browsing and probably won't function too well in general until that gets cleared up, we provide a link in the email you received that explains how to get delisted.

    To explain why we do this, we a lot of abusive registrations and we try to combat that with things like Google Safe Browsing, etc. It's accurate in that the domain is being blocked by Google, and probably most clients, and was being used for malicious purposes. It looks like in this case the domain was flagged for some prior phishing abuse before the new registrant purchased it. In certain situation, like phishing, we can be shut down by upstream providers if we do not take action within a very short period of time.

    All of that being said, I'll see if we could have handled this and other potentially similar situations better.

    well thanks for the reply

    what annoys me is that, your support staff says "they cant help over chat, no eta for mail back"

    also, in case you require my webserver access, i will let you in to it, if you may find the problem for me

    any ways, now that you have unsuspended my domain, i have asked for support from google, as per your advice

    let me see, what google has to say for a skeleton page to be used for phishing

    but i must admit, i somehow did not like the way you deal with customers (atleast me, not sure for others, but in this thread, i somehow find people not very satisfied with your ways and means)

    by the way, let me know of the phishing activities, you got the report of, either via email or in the pm, for my domain

  • oborsethoborseth Member, Host Rep

    I know. I saw the chat log and I'm sorry. I can definitely understand your frustration. We pride ourselves on providing great support and we let you down. Sometimes we have to be a bit heavy handed when it comes to security issues and actual abuse, but this doesn't meets that description.

    I also want you to know that the problem is not with your current site. The problem is that the domain was used for phishing prior to you buying it and Google still has it listed for some reason. There's not much we can do about it other than have you go through their process of getting it delisted. Hopefully they can get that done quickly.

    Take care and I hope we can somehow make it up to you.

  • @oborseth
    This thread has certainly gave me the "wobblies" over your service, given that I've now transferred a significant number of domains to you. :-/
    Relying on very dubious credentials of Google is really unacceptable.

  • @oborseth said:
    To explain why we do this, we a lot of abusive registrations and we try to combat that with things like Google Safe Browsing, etc.

    This is a really backwards way of preventing abusive registrations.. Do you use captchas, fraudrecord, maxmind, and other tools? Sites get hacked quite often and this really isn't the registrar's issue at all.

    In certain situation, like phishing, we can be shut down by upstream providers if we do not take action within a very short period of time.

    This is absolutely absurd, I work in a DC with a blend of upstream providers. This does not happen and will not happen if you address the issue in a timely manner. What kind of upstream shuts off your port for not responding urgently? Besides, why do you not just refer abuse reports to the network actually hosting the malicious content? This has nothing to do with the domain registrar.

    All of that being said, I'll see if we could have handled this and other potentially similar situations better.

    If anything, you need to stop automating this automatic suspension process. It doesn't sound like you have any intention of removing that though, and if so, I'll need to move my domains elsewhere. What other registrar does this?

  • oborsethoborseth Member, Host Rep
    edited February 2020

    Thanks for your feedback @lunar. I actually disabled the automated suspension of domains flagged by Google Safe Browsing earlier today, we'll now just send a notice. That being said, in business you try things to help streamline certain processes and help the majority of customers. Sometimes those things work and sometimes they don't but you do your best, in this case this is the first false positive we've had regarding this particular method of suspension but I feel any false positive is bad when it comes to suspending a customer's domain.

    I'll try to answer your questions. 1) We use all sorts of methods to prevent abuse including everything you mentioned and more. None of that matters because with 100's of 1000's of domains things get through and abuse quite often happens months after initial registration. As a registrar we are responsible for phishing and other forms of what ICANN refers to as "DNS abuse" (don't get me started). I agree with you that it shouldn't be our issue, but it is. 2) We absolutely can be shut off and have been for not dealing with certain forms of abuse, namely phishing, within 24 hours. 3) Done as of this morning. I won't name them but there are several registries and registrars that suspend based on being listed in Google Safe Browsing or at least use that as one of their fraud and abuse indicators.

    I've been doing this registrar thing for over 20 years and believe me, if I didn't have to worry or take action on domains being reported for abuse I would not. I don't believe the burden should fall on the registrars at all. Unfortunately that is not the case. At any rate, I thank you all for bringing this all to my attention and wish you all well.

  • NeoonNeoon Community Contributor, Veteran

    @oborseth said:
    Thanks for your feedback @lunar. I actually disabled the automated suspension of domains flagged by Google Safe Browsing earlier today, we'll now just send a notice.

  • @oborseth said:
    Thanks for your feedback @lunar. I actually disabled the automated suspension of domains flagged by Google Safe Browsing earlier today, we'll now just send a notice. That being said, in business you try things to help streamline certain processes and help the majority of customers. Sometimes those things work and sometimes they don't but you do your best, in this case this is the first false positive we've had regarding this particular method of suspension but I feel any false positive is bad when it comes to suspending a customer's domain.

    Thanks for replying so quickly. If that's the case, I think the right decision has been made. Automation is great, but it can introduce loads of issues and upset customers. Especially suspending an entire domain.

    I'll try to answer your questions. 1) We use all sorts of methods to prevent abuse including everything you mentioned and more. None of that matters because with 100's of 1000's of domains things get through and abuse quite often happen months after initial registration. As a registrar we are responsible for phishing and other forms of what ICANN refers to as "DNS abuse" (don't get me started). I agree with you that it shouldn't be our issue, but it is. 2) We absolutely can be shut off and have been for not dealing with certain forms of abuse, namely phishing, within 24 hours. 3) Done as of this morning. I won't name them but I know several registries and registrars suspend based on being listed in Google Safe Browsing or at least use that as one of their fraud and abuse indicators.

    1) I had never heard of this, why do registrars such as internetbs and other ICANN accredited registrars get away with this? Are you only responsible if you guys are the ones that run the nameservers for a domain?

    2) Are you referring to the upstreams of your nameservers? Have you been threatened by upstreams before? I think 24 hours is a reasonable amount of time to deal with abuse if it's severe. That saying, if it has been brought up with your upstream, I'd guess that you've received other abuse complaints directly, relating to said abuse?

    Thanked by 1agentmishra
  • oborsethoborseth Member, Host Rep

    1) I don't know the inner-workings of internetbs but my guess is that they will take action on abuse complaints such as phishing, child abuse, etc. Registrars are required by their contract with ICANN to investigate and take "appropriate" action on all abuse complaints. Certain types of what constitutes abuse, such as sites that sell and distribute opiates, can and have led to credit card processors turning off service. There's a movement within some ICANN working groups to more clearly define what abuse registrars are ultimately responsible for but that moves slowly and will probably end up not being perfect. If we are hosting content or DNS we are more at risk in that our service providers can take action against us. We may not be legally at risk in a vast majority of situations but we are certainly at risk in a business sense when we host or provide service for certain illegal content. It's always a question of what's best for the customer, what are we legally liable for, and what puts the business at risk?

    2) We've been shut off before for URL forwarding to a phishing site, admittedly back in the early days when our processes for dealing with complaints were not entirely streamlined as the are now. We now have very good relationships with our providers and have an almost perfect process for handling complaints and notices.

    We honestly very rarely have issues with this sort of thing. This was a particularly unfortunate incident in that the registered domain was previously used for phishing. Going forward it should not happen again though.

Sign In or Register to comment.