WingNews logo WingNews
top | item 34768789

(no title)

NamecheapCEO | 3 years ago

To be clear, the issue was with a 3rd party provider that we use to send our newsletter. None of our own systems or customer accounts where breached. I sent a follow up email to all users that were affected. The domains linked in the original phishing emails were also disabled. I apologize for this issue and to anyone it may have affected. We have also taken immediate steps to insure it will not happen again.

discuss

order

clarifyitto|3 years ago

So… What happened? Did you get your keys stolen out of a CI or something? It just seems suspicious that you’d be the only business affected by this 3rd party provider.

btgeekboy|3 years ago

If I have a business and I use a company like sendgrid, I have credentials to use that service. If some employee has access to that account (such as to send newsletters), and that employee’s credentials were lost or stolen, that doesn’t seems suspicious at all.

I don’t have any inside info here, but it makes sense. And as a namecheap customer, I see no reason to panic at this time.

jcrawfordor|3 years ago

I don't think this is unique to NameCheap, I've gotten both metamask and DHL emails from other lists I'm on, I assume from the same threat actor. I would assume that they're opportunistically using whatever mailing list they can gain access to.

cft|3 years ago

This ridiculous registrar threatened to lock our domain and destroy our business within 24 hours for a defective DMCA notice that addressed one if our 40 million user profile subdomains. Our legal counsel advised to temporarily comply instead of arguing (although he did send them a nasty letter) to move over to a normal registrar from this cheap one, that i got when i was bootstrapping with no money because it was several dollars cheaper. It's not a business of a domain registrar (unlike a web host) to enforce DMCA notices.

scrollaway|3 years ago

So you found out how DMCA works and how much it sucks the hard way, eh?

You’re right it shouldn’t be the business of a domain registrar. But every provider in the chain that the copyright holders can reach to will end up responsible. You, the registrar, web host, ISP, everything.

Send your complaints to the US government and the copyright lobby. It’s a bullshit law. Namecheap complies with it because if they don’t, THEY get cut off by their own providers, and so on up the chain until the fines roll in.

beeboop|3 years ago

Abusive DMCA takedowns are unfortunately extremely easy, very time consuming to report, and seemingly very rarely have any action taken against the person who falsely claimed. Not excusing Namecheap here, what they did was totally shit.

Heroku did the same thing to me for same reason - completely shut down my entire account with several revenue generating websites with zero notice.

NamecheapCEO|3 years ago

This is our standard notification, word for word:

Untitled Note Hello XXXXX,

We are contacting you from the Namecheap Legal and Abuse department regarding your “XXXXX” Namecheap account.

We are in receipt of a copyright infringement notice pursuant to 17 U.S.C. §512 of the Copyright Act, requesting that we disable allegedly infringing material that appears on a domain hosted in your account (“Domain”):

xLINKSx

As a hosting service provider, Namecheap complies with the Digital Millennium Copyright Act (“DMCA”). We would like to help you avoid any service interruption. Please review the DMCA notice that we have included in this communication.

If you do not have the authorization to host the alleged disputed content, and if you are not authorized to use the disputed content, you will need to remove the content within 72 hours, or we may be required to suspend your hosting account under DMCA guidelines.

In order for us to consider a case resolved, the reported link(s) is to show the '404 Not Found' error/suspended page or redirect to the main page of the website.

If you believe that the identification of this infringing content is in error, we suggest that you contact the reporting copyright owner to resolve the matter. If the reporting copyright owner agrees there is a mistake, ask them to email Namecheap at dmca@namecheap.com.

If you are not able to come to an agreement with the reporting copyright owner or if you disagree with the copyright claim, you may submit a DMCA Counter-Notice to Namecheap within ten (10) business days of the date of this email. The Counter-Notice must comply with the requirements of the DMCA and must contain the following points:

1. Your contact information, including name, address, and telephone number, as well as facsimile number and email, if available;

2. A statement that, under penalty of perjury, you have a good faith belief that the material was removed or disabled as a result of a mistake or misidentification of the material to be removed or disabled;

3. Identification of the material that has been removed or to which access has been disabled, and the location at which the material had appeared before it was removed or access was disabled;

4. A statement that you consent to the jurisdiction of the United States District Court in which the address you provide is located, or if your address is outside the United States, for the judicial district of California;

5. A statement that you will accept service of process from the person who provided the initial notice or an agent of that person;

6. A physical or electronic signature by you or your agent.

The DMCA Counter-Notice should be sent either via this ticket by replying to our notice or to Namecheap.com Attn: Legal Department, 4600 East Washington Street, Suite 305, Phoenix, AZ 85034, USA, Facsimile:

Once a valid DMCA Counter-Notice has been submitted, Namecheap would provide a copy of the Counter-Notice to the reporting copyright owner. In addition, the DMCA requires that you remove the disputed content for at least ten (10) and not more than fourteen (14) days from when the Counter-Notice was served. Thus, Namecheap will advise the complaining party that the listing will be reinstated within ten (10) days and will remain so unless we hear from the reporting copyright owner that he or she has filed an action against you under the DMCA in a court of competent jurisdiction for copyright infringement and is seeking a court order to restrain you from publishing the disputed content.

By submitting your Counter-Notice to Namecheap, you agree to waive, and hereby do waive any legal or equitable rights or remedies you have or may have against Namecheap with respect to any Counter-Notice you send, or claims regarding any aspect of the disputed content and its publication and/or Namecheap's action in implementing a takedown or re-establishing the content, and you agree to indemnify and hold Namecheap, and its owners/operators, affiliates and/or licensors, harmless to the fullest extent allowed by law regarding all matters relating to your sending of a Counter-Notice.

If you feel you received this notification in error, please contact us at with more information as to why. We do apologize for any inconvenience this may cause you.

====================================

Edit

ankit219|3 years ago

I had clicked on the DHL one link. It took me to a site which looked like DHL, and in the next step, chrome refused to load the website. Is there any impact on folks on clicked on the links? I never entered any info as such, so not sure, but looking for more information on whether I should be concerned.

notahacker|3 years ago

I assume it was a phishing site where the threat came if you actually provided them with details

(I didn't receive the DHL one, but did test the Metamask link in a safe browser environment. It was just a phishing site to try to get people's crypto credentials)

morganbird|3 years ago

It's just phishing. You're not at risk if you didn't give them your credit card info or anything like that.

joshka|3 years ago

I never received an email, but just today received spam on an email address only used with namecheap. You might want to check your logic for what was impacted.

zeitgeist1|3 years ago

why is a company like namecheap not servicing their own email servers? what a cop out. I've also read about you not wanting to update 2FA systems... another cop out

I wonder how many people got caught and ruined by this scam, what if you are behind it? you don't deserve to be in business.

Krisjohn|3 years ago

What about the open redirect?

xena|3 years ago

[deleted]

chronogram|3 years ago

[deleted]

satoshiiii|3 years ago

[deleted]

ezekg|3 years ago

Yeah! Like why is Microsoft lying by no longer being “micro.” They’re way too big for that name.

jallen_dot_dev|3 years ago

> straight up lying to your new customers

A bit overdramatic don't you think? Cheap is a matter of opinion.

cebert|3 years ago

Namecheap is still reasonably cost competitive. I use them for a few domains I own and haven’t had any major issues and found the price closer to other well known competitors.

dmak|3 years ago

Is it that difficult for you to comprehend brand names? It might have been accurate at some point, but times grow and brand names aren't meant to be taken literally.

Ser, your name is satoshiiii, so am I supposed to think you are the real Bitcoin creator? or are you straight up lying to other users?

orangepurple|3 years ago

Cheap is a matter of perspective, like all marketing.

FpUser|3 years ago

This is a cheap shot. I do not think "sir" will pay any attention.

walrus01|3 years ago

Can you please clarify how exactly the decision making process occurred to give a 3rd party email provider a copy of your private DKIM signing key for the domain "namecheap.com" ?

The emails could not have gone out with DKIM-signature and successfully validated by openDKIM at my receiving MX/SMTPD against the public half of the key in your DNS TXT record for your DKIM key, unless you had given them access to the private key.

Did the persons who are responsible for creating and maintaining your DKIM public/private key pair and its selectors directly give the key to some third party (sendgrid, mailchimp, whatever) type email newsletter services, or were they ordered to do so by somebody else in Namecheap management?

Or, did the persons responsible for your authoritative DNS zone for namecheap.com insert an additional DNS TXT record for the DKIM key used by a 3rd party service?

oneplane|3 years ago

While I don't know the details of the third party at name cheap, it's pretty common to have a bunch of third parties with their own DKIM keys and just trusting and including their public keys on your DNS zone. Nobody sends all their own mail, your service desk, support software, ticketing system, alerting system, collaboration provider all have DKIM keys and SPF records you're adding to your zone and they just control the keys for their own input.

This means that if they get pwned, it's their ability to send mail on your behalf that gets abused, not some key stealing and DKIM impersonation (and why would they bother if a perfectly fine emailing system is already open and ready to spam the crap out of everyone).