New ask Hacker News story: Beware HN: The rise of weaponized "abuse" reports
Beware HN: The rise of weaponized "abuse" reports
22 by tothrowaway | 2 comments on Hacker News.
Reputation management companies are hired to clean up Google search results for their clients. They usually send scary sounding emails, or letters demanding some "unauthorized", "sensitive" or "threatening" content (created by a user) be removed. They can't use a DMCA notice because it isn't a copyright complaint. If you do not give in to their demands, they will send the same scary sounding notices to abuse@[host], abuse@[registrar] and abuse@[dns provider]. The most unscrupulous reputation management company I've ever dealt with (izoologic) has apparently figured out that "phishing" is the best way to get what they want. They claimed a user-generated page on my site was phishing for credentials (because it happened to mention their client's name and had a login form on it). I got this from Namecheap: """ We are writing from the Namecheap Legal and Abuse team. It has come to our attention that phishing content is displayed on your website at the link: [URL to an entirely innocent page] As a reminder, phishing is expressly prohibited by our Universal Terms of Service Agreement, paragraph 7. "Acceptable Use Policy (AUP)" at https://ift.tt/2eiQG8P We need you to act promptly in removing the reported content within the next 24 hours. While we always try to avoid having to interrupt our customers' services, if we receive no response from you or no action is taken within the mentioned time frame, unfortunately, we will be forced to suspend the domain until the matter is resolved. """ From my logs, I can see Namecheap didn't even visit the page before requiring me to take it down within 24 hours. If I had been on vacation, apparently my domain would have been suspended. If you accept user generated content, you need to be vigilant about handling these weaponized abuse complaints. They can take down your business in a day if you are not paying attention.
22 by tothrowaway | 2 comments on Hacker News.
Reputation management companies are hired to clean up Google search results for their clients. They usually send scary sounding emails, or letters demanding some "unauthorized", "sensitive" or "threatening" content (created by a user) be removed. They can't use a DMCA notice because it isn't a copyright complaint. If you do not give in to their demands, they will send the same scary sounding notices to abuse@[host], abuse@[registrar] and abuse@[dns provider]. The most unscrupulous reputation management company I've ever dealt with (izoologic) has apparently figured out that "phishing" is the best way to get what they want. They claimed a user-generated page on my site was phishing for credentials (because it happened to mention their client's name and had a login form on it). I got this from Namecheap: """ We are writing from the Namecheap Legal and Abuse team. It has come to our attention that phishing content is displayed on your website at the link: [URL to an entirely innocent page] As a reminder, phishing is expressly prohibited by our Universal Terms of Service Agreement, paragraph 7. "Acceptable Use Policy (AUP)" at https://ift.tt/2eiQG8P We need you to act promptly in removing the reported content within the next 24 hours. While we always try to avoid having to interrupt our customers' services, if we receive no response from you or no action is taken within the mentioned time frame, unfortunately, we will be forced to suspend the domain until the matter is resolved. """ From my logs, I can see Namecheap didn't even visit the page before requiring me to take it down within 24 hours. If I had been on vacation, apparently my domain would have been suspended. If you accept user generated content, you need to be vigilant about handling these weaponized abuse complaints. They can take down your business in a day if you are not paying attention.
Comments
Post a Comment