Nameservers Changed Issues on Sav.com

[xmarthost]

My nameservers for all domains have been changed to ns1.all-harmless.domains and ns2.all-harmless.domains, and I am unable to change the DNS again. What could be the issue?

Also, a friend of mine is facing the same problem with over 600 domains. What's going on with sav.com?

 

[bmugford]

It's hard not to be susceptible to sponsorship offers from CleanDNS on domaining websites and on industry conferences, and their PR machine.

I notice it with IT.com too.

But compared to this... they are not a real threat.

I guess I will never get sponsorship offers, because I will tell someone if I think something sucks or has issues.

This is true even for companies I generally support.

Some are better than others when it comes to being objective.

Brad

 

[zotix]

.... or you try to outsource operational tasks

 

[bmugford]

Hello Again. We want to introduce everyone to a new NamePros user and partner of ours, @CleanDNS. For the last 3 years, Sav has worked with the team at @CleanDNS to review and process all domain abuse reports, work with registrants regarding abuse and to prevent abuse by disabling domains as accounts as needed. You can read more about recent actions taken here: https://cleandns.com/sav-com-and-cleandns-tackle-domain-name-abuse-at-an-unprecedented-scale/

You have been working with @CleanDNS for the last 3 years.

So, why was your abuse so high. What were they actually doing in that time?

By any objective definition, whatever they were doing was a bad job simply based on the numbers.

Brad

 

[Future Sensors]

https://ithreat.com/ithreat-announces-executive-appointments/

March 10, 2022 – NEW BRUNSWICK, NJ – iThreat, a leading provider of internet investigative and monitoring solutions, today announced several top-level management promotions. Company founder Jeff Bedser is now executive chairman, Ashleigh Brady, managing director, and Alyssa Barberio, director of operations.

https://www.icann.org/en/ssac/members?page=2

My previous employer and company, iThreat, held a contract with ICANN for the DAAR system. I no longer am associated with that company or contract as of 10.2021.

 

[Future Sensors]

I just tweeted about this.

Orphaned listings are bad. Orphaned listings that can control the actual domain would be disastrous.

Again, if this problem exists it is one of the most serious security flaws I have seen in the domain world.

Care to comment @Nick R?

https://twitter.com/x/status/1820492115149001191

 

[Future Sensors]

 

[bmugford]

 

[Future Sensors]

https://en.wikipedia.org/wiki/Talk_to_the_hand

 

[zotix]

Sorry, is that a bot ?

So there are many advantages to outsourcing (and now AI):

But one of the disadvantages is that you need someone to coordinate and orchestrate this mix of different teams.
I had helpdesks in the Netherlands, India, Poland that I contacted (during a transformation project), guess what, the Dutch were (of course the most expensive employee), but other than that - everyone was able to give a proper answer.

For the others, without discrimination (including my Pakistani relatives), there was such a language barrier that I spent more time adjusting things than making progress.

Also, and this is my personal experience, the Customer Care Centre often doesn't care about economic factors. Their focus is on 'taking care' of a particular customer's problem.

The more I read in this thread, I’m even more sorry for the affected people. Damn.

But at least one hope one hope I don’t loose after seeing this. Getting into a management board before getting 40 years old (8,5y left)- seems like it does not need that much

Mustafa

 

[Future Sensors]

 

[Future Sensors]

How long does it take @CleanDNS?

 

[Ryan_DA]

Don't hold your breath, @batman is just as likely to respond.

Outside the ICA's mandate I think. They aren't really involved with the registrar/user side of things. That would be something for ICANN to deal with. It would be hard to get in the middle of since there are accusations of abuse etc.

Regardless, it seems like Sav has a bunch of problems they need to figure out. DNS abuse is something ICANN is always forming groups and committees to address. I'm on the BC group at ICANN and it's discussed pretty much constantly. My impression is that they are starting to tighten the screws on registrars who aren't complying with dns abuse claims.

Registrars are also magnets for credit card fraud. It's hard to police since you don't want to throw a bunch of hoops in front of a $10 purchase.

 

[zotix]

There is a probability of 80-90% that this Social Media Coms. The team is not even aware of what is going on.
Or they copy and paste pre-written postings from their Excel sheet.

@Future Sensors , I guess you remember - as you said this "directly" initially, I would like to quote that.

Damage control in action.

This was Tuesday, page 8/15.

I feel like you and others researched more about the structure of this than SAV officially announced.
Damage control
Unfortunately.
If this were more relevant to the public, it could be a perfect use case for universities with economic majors.
"Management Basics," "Turnaround Strategy", "Restructuring," "Corporate Communication,".

This spread of responsibilities (not only by Countries) and giving the entire Abuse Topic to an Outsourced provider, who is suddenly the Single Point of Contact (via DM), makes it even more challenging to get on the same page within a company.
But those things need speed, a fast reaction. We all know how forums, Reddit, and X can influence things and people's decisions nowadays.

It's not that this SAV Help Assistant is writing Template Answers, but the CTO himself is posting the same post in another Thread. He does not even sign off on his post. No, hi, no, bye.

This is truly getting suspicious.

Especially the fact that for my example (I did not mention it), I changed my E-Mail because I migrated everything to Outlook, so I just had to be careful.
Now, after changing my Email address, I have in my Portfolio 2 Different WHOIS Registrants, each Email with one ID with a specific E-Mail. I never experienced that, especially when I changed Account Level.

Anyways.

Mustafa

 

[Future Sensors]

I feel like you and others researched more about the structure of this than SAV officially announced.

That could very well be the case.

 

[zotix]

Show attachment 260543

How long does it take @CleanDNS?

Aha, okay, but that's one thing I don't understand.
Take down the Website - the Fraudulents don't care.

They have mainly hosted their stuff on other DMCAA Hostings with Reverse Proxy. Take down the site; another one is online in 30 minutes.

 

[Future Sensors]

I'm curious to see if @dirk has any new insights.

 

[dirk]

I'm curious to see if @dirk has any new insights.

Need to catch up with a lot of post... Dropped my phone and cracked the screen, new one arrived this evening. Will catch up soon as I'm traveling

 

[Gabriele]

Today I conducted a small experiment. I picked a domain that I let expire a couple of years ago but was still visible in Account 1, even though it wasn't currently registered. I then logged into Account 2 and registered the same domain.

Show attachment 260512

After this, I went back to Account 1 and changed the nameservers. When I check Account 2, the change doesn't show up, so Account 2 has no clue the nameservers have been altered. However, the WHOIS record for the domain shows the nameserver changes successfully.

Show attachment 260515

The question for the experts is: if Account 1 changes the DNS and uses it for malicious purposes, which account would be banned? Account 1, Account 2, or both?

Thinking about it, I think SAV's approach is very innovative. Today, everything is about sharing: we have bike sharing, car sharing... so why not share your domains with complete strangers? Who knows, maybe you'll make some new friends along the way...

 

[Gabriele]

Today I conducted another experiment. From Account 1, I successfully pushed the domain to the new Account 3. The domain is still present in Account 2 (the actual owner), so at least it can't be stolen, unless it's transferred elsewhere using the authorization code. However, now in Account 3, the creation and expiration dates have updated, so there are basically two identical listings in both Account 2 and Account 3.

 

[Future Sensors]

Today I conducted another experiment. From Account 1, I successfully pushed the domain to the new Account 3. The domain is still present in Account 2 (the actual owner), so at least it can't be stolen, unless it's transferred elsewhere using the authorization code. However, now in Account 3, the creation and expiration dates have updated, so there are basically two identical listings in both Account 2 and Account 3.

Thanks for your continued research on this @Gabriele.

It's stunning that this research has to be done by members of this forum, and that @Sav.com @Nick R are not capable of solving these serious security issues on their systems, even while these issues have been reported by several customers repeatedly during the past few years.

Especially worrying is that @CleanDNS is basing their highly experimental AI automated abuse handling on incorrect registrant/account info from Sav.com for years.

Despite this, Sav and CleanDNS are full of praise for the security of Sav's systems. Jeffrey Bedser, CEO of CleanDNS and ICANN SSAC member, even goes so far as to state in their joint press release that during his 15 years in ICANN circles, he has never experienced such good security at a registrar (basically praising their own work, because CleanDNS is doing abuse handling for Sav for 3 years already, with mediocre results).

Jeffrey Bedser, CEO of CleanDNS, remarked, “I cannot recall a time when a registrar worked as hard to uphold the security and stability of the Internet in my 15 years with the ICANN community. This proactive approach is setting a new standard in the industry and demonstrates a strong commitment to maintaining a safe and secure internet environment.”

How do you even come up with something like that.