Directi/Resellerclub suspended my domain

[3r1c]

I run a web hosting company which i give each of my users a subdomain of a domain which i own.

Today one of my customers sites got hacked and a phishing page uploaded.

Now i always remove phishing pages whenever im informed of them.
But this particular bank sent abuse complaints to my isp, upstream, registrar and basically anyone they could.

Without giving me any notice resellerclub suspended my domain.
Now over 7000 customers are pissed at me because all their sites are down.

I called resellerclub and the first girl i talked to was very unhelpful, basically told me that the domain will not be unsuspended regarless of the phishing page removal, put me on hold and hung up on me.

Called back and spoke to a guy who said the abuse department are closed for the day and i have to call back tomorrow IT WAS ONLY 12PM!!!

I got a little pissed off at him and asked why are they interfering with my domain when im not even hosted by them, he said something about following icann rules. I cannot find anything on icann that requires a registrar to suspend a domain. In fact icann.org site says they are not interested in being contacted about spam or website content issues, and URDP rules state the domain cannot be suspended until the outcome of the process.

Anyone have experience with this.
I need my domain back working instantly.

Resellerclub also told me i can transfer the domain to another registrar, but the control panel wont allow me to set a transfer key because its suspended.

1. How can i get my domain back working.

2. Am i able to take legal action against resellerclub for damages to my business and reputation caused by this?

Thanks.
Eric

 

[-NC-]

Hopefully someone more experienced than me will be along to comment shortly, until then, my advice is:

1) From the sound of it, this isnt going to happen instantly

- I hope the whois contact emails for the domain do not also use email addresses which are at the domain

If not:
- Try to get Directi/Resellerclub to unlock the domain and email the auth code to the admin contact, if they won't then try to get them to Fax/Post it to you.

- Once you get the auth code, transfer it to Moniker, in my experience, this will probably take 3-5 days

2) Find a lawyer specialised in internet law and ask them:
There was a NamePros thread on this, but I can't find it. I knew this would happen, so I copied the list to here:
http://www.rankpod.com/internet/domain-names/legal/lawyers/

 

[Name Trader]

What does Directi/ResellerClub ToS say about phishing scams? We hear more often about this happening at GoDaddy. There you get two choices, either pay a fee and transfer away , or pay a larger fee and stay with promises that it won't happen again. I must say, I'm on the side of the bank, when it comes to these phishing scams. They have to do what they have to do to protect their customers. I know it's not any consolation, but GoDaddy's abuse department is also this unhelpful (from third hand accounts). Haven't you heard? That's why it's called the Abuse Department!

 

[3r1c]

The tos does not specifically say anything about phishing.
http://manage.resellerclub.com/serv...uestfor=customermasteragreement&pgaction=back

I dont understand how the content of my domain is any of the registrars business, none of the data is hosted by them or transmitted through them.

My datacenter and upstream did what they are supposed to do and forward the complaint to me and let me deal with it without disrupting my service, why couldnt the registrar do this.

Cutting a domain which has 7000 sites offline because of one site, without giving a warning is just stupid, i bet googlepages.com and geocities.com registrars dont suspend their domains over phishing pages, they know they would be bankrupt from the lawsuit if they did, but they think they can screw with people like me and get away with it.

 

[3r1c]

The tos does not specifically say anything about phishing.
http://manage.resellerclub.com/serv...uestfor=customermasteragreement&pgaction=back

I dont understand how the content of my domain is any of the registrars business, none of the data is hosted by them or transmitted through them, i cant find any icann regulation that requires them to do this.

My datacenter and upstream did what they are supposed to do and forward the complaint to me and let me deal with it without disrupting my service, why couldnt the registrar do this.

Cutting a domain which has 7000 sites offline because of one site, without giving a warning is just stupid, i bet googlepages.com and geocities.com registrars dont suspend their domains over phishing pages, they know they would be bankrupt from the lawsuit if they did, but they think they can screw with people like me and get away with it.

 

[Dave_Z]

Personally I've read of a few instances where DirectI is "stricter" than even Go
Daddy. This is one of two reasons why I'm wary of using them.

If you're going to take legal action against them for damages, you might want
to read the limitation of liability section first. If you lose, they might even sue
you for breach of contract.

Just letting you be aware of the risks. It ain't always pretty.

OTOH, only other chance is to work with them to try to get the domain name
unsuspended and all. Good luck.

 

[GDTECHDomains]

this isn't good. They should have simply given you a notice and if you don't act, then they could suspend the domain.
i guess they will allow you to change the registrar.

 

[3r1c]

You know come to think of it i bought this directi account (which has 6.49 registration price) from ebay, so i didnt even agree to any of these terms.

How can they write a contract that says they can do whatever they want and you have no rights if they mess up, is that even legal?

torrentspy and thepiratebay both are registered with http://www.key-systems.net/ i bet they get alot of complaints, so should this be a good registrar that wont shut down domains?

 

[3r1c]

You know come to think of it i bought this directi account (which has 6.49 registration price) from ebay, so i didnt even agree to any of these terms.

How can they write a contract that says they can do whatever they want and you have no rights if they mess up, is that even legal?

torrentspy and thepiratebay both are registered with http://www.key-systems.net/ i bet they get alot of complaints, so should this be a good registrar that wont shut down domains?

....

Whats wrong with this forum? i keep posting reply and it says its posted but its not there, and i try to post again and its says its a duplicate, i have to post a random text and then edit the post.

 

[cache]

I understand your situation. I had recently my site shutdown by the hosting company because vbulletin said I did not have the license for the site. No one would bother to
warn me about the shutdown, they would tell you the formal process to appeal, and
how many weeks to resolve it etc, and no one would understand how important to
have the site back instantly. The fact is, you are the only one who cares about
your site, other people would care less. Unless you have the experience, you would not
understand it.

I don't have the experience for the registrar problem, so I can't offer any help here.
I can only say that I share your pain.

 

[3r1c]

finally i got my domain unsuspended, only under the condition that i will immediately transfer it to another registrar.

the bank which complained is satisfied that i removed the files and as far as their concered the issue is resolved, but the registrar dont seem to care that ive been their customer for 2 years.

cache: The situation with hosting companies is a little different, since hosts are legally liable for content hosted on their servers if they do not remove it when notified of it (although most give the customer time to respond), registrars do not host any data on their servers so i dont see why they care, they dont have to do anything unless they get a court order.

I cant believe companies like this actually have whole "abuse department" whos whole purpose is to disrupt the business of their customers.

 

[Kate]

Quite frankly that is not surprising at all. Registrars will suspend domains for a lot reasons. One example is when the validy of whois if challenged by some party then Enom and other registrars will typically put the name on hold if you do not react to their verification E-mails.

I have to side with the bank here. In criminal cases like this it can be reasonably expected from both the webhost and the registrar that they take action to stop the fishing ASAP (these operations always run during a very short time frame anyway).

Hosting is not always funny business, you have to deal with scammers or people who have bad security and jeopardize all their neighbors.
And if you let users use subdomains make sure that the top-level domain is not the domain you are trading under, or your whole business could be crippled as a result.

I'm afraid you are not in a position to take legal action. Instead the banks could take action against you. Consider this a lesson learned.

PS: from your first post you seem to be saying you are used to removing fishing pages as soon as you are notified. IMO you need to be more proactive and set up monitoring tools to detect potentially dangerous content.

 

[GDTECHDomains]

Quite frankly that is not surprising at all. Registrars will suspend domains for a lot reasons. One example is when the validy of whois if challenged by some party then Enom and other registrars will typically put the name on hold if you do not react to their verification E-mails.

Are you sure that with false whois (which is quite common), a domain may be suspended ?

 

[Jeffrey]

If planning to transfer, PLEASE do NOT transfer it to Godaddy. From the looks of it, Resellerclub got inspired by Godaddy's stupid actions.

 

[3r1c]

I really never thought a registrar would do this without sending notice, its a very big weak point in the internet if registrars are allowed to police content on servers they do not control.

I have an written agreement with my isp that they will not shut down my servers for any reason without a court order no matter what.

I am transferring it to enom which from experience just forwards the complaints to me.

As for the bank sueing me, they cant, there is no law against phishing, it is just a copyright/trademark violation, and as a web host i have immunity under the DMCA for any content as long as it is removed when i am notified, i had no knowlege of it, what are they going to sue me for? being the victim of a hacker?

 

[Kate]

Are you sure that with false whois (which is quite common), a domain may be suspended ?

I am positive. I know for a fact that Enom for example will put the name ON HOLD so it no longer resolves if whois turns out to be fake, or you fail to confirm whois accuracy. But they will restore the name once you have fixed the issue. Obviously your name can be unreachable for a few days in the meantime...

 

[3r1c]

I am positive. I know for a fact that Enom for example will put the name ON HOLD so it no longer resolves if whois turns out to be fake, or you fail to confirm whois accuracy. But they will restore the name once you have fixed the issue. Obviously your name can be unreachable for a few days in the meantime...

Thats true but thats beside the point.

Registrars have to make sure whois data is correct under icann rules.
There is no rules stating they have to remove domains because of site content.

In fact it says right here that icann are not interested in complaints about site content.
http://www.icann.org/announcements/announcement-06mar07.htm

 

[Kate]

3r1c: you are on shaky ground legally. There are laws which encompass phishing which is nothing else than theft + impersonation combined.
I think your ISP is crazy or downright irresponsible if they agree not to shut down your server for any reason. I would never sign such a contract. And if you are on a shared server the webhost will definitely shut down a site that is causing excessive CPU load or whatever nuisance, because they don't have a choice really.

Saying that some registrars/webhosts have different ways of dealing with these issues. Not saying they handled the whole thing in an ideal way, but they had to react.

It's certainly not the bank that is to blame.
Obviously it's not your fault but the hosting business is such that we have to deal with scammers and take steps to mitigate the risks.
But if each client has its own domains at least they wouldn't be affected as a whole. You should reconsider the subdomain issue now.

 

[3r1c]

I have 12 colocated servers, i own the server hardware.

I know its not exactly the bank that was the blame, but they did go out of their way to be a nuisance.

Its standard practice to send complaints about hosted websites to the abuse contact on the whois of the server IP address listed on arin.org, or finding the hosting company by looking at the nameservers.

Some customers have their own domains if they want them, but most just use the subdomain which i give them with the account.

 

[floatingworld]

For every subdomain you create riding on the one domain you multiply the risk of suspension of all caused by the actions of one, which appears to have been the case here. Maybe you could consider a review of your business model and create a separate domain for each of the users so that potential suspension is isolated to the one name and not bring down the whole neighbourhood.