News

Update on Spam-Support Website(s) Hosted by Namecheap.com

Back in November of 2017, we wrote about the provider NameCheap.com - and the difficultly we had encountered in getting them to do anything about a website that they hosted, which we had repeatedly been spammed with links for. The focus of that article was merely on their lack of any response to the abuse reports we had sent to them, after (at the time) more an week. But when we finally DID receive a reply, their response was more ridiculous than we could have possibly expected.

First, some additional details that we weren't yet aware of at the time of the previous post on this topic: it turns out that the GetMyBusinessFundedNow[dot]com domain name is using something that many providers refer to as a "masked redirect" - in other words, they're using a full-page frame or iframe to display the content of another spam website (findbusinessfunding365.com). To anyone familiar with spammers & their common tactics, the reason for this should be obvious: it puts their spamming operations at less risk from abuse complaints - even if getmybusinessfundednow.com is suspended, the actual spam support content is still present on findbusinessfunding365.com, and probably unaffected because it's hosted by a different provider (Unified Layer, yet another provider who appear to turn a blind eye to spam complaints). In many ways, this is just a slight variation of the spammer tactic of using free URL-shortening services to redirect to their spam URLs, while hiding the actual sites & making them harder to report.

It also turned out that these same (by all appearances) spammers are using several other Namecheap-hosted domains in the same way: as masked redirects to/embeds of findbusinessfunding365.com. So far, the ones we've directly observed are:

GETMYBUSINESSFUNDEDNOW.COM
BUSINESSFUNDS365.COM
FINDBUSINESSFUNDING-247.COM
PROBUSINESSFUNDING.COM

However, when we reported those spam-support sites to Namecheap, they repeatedly insisted that they had no responsibility for the issue, because the actual content of the spam website was hosted elsewhere, and just embedded using an iframe/frame - despite the fact that they most certainly were (and still are) hosting the actual links being advertised by the spam EMails. Amazingly, they even claimed that they weren't actually providing hosting for getmybusinessfundednow.com and the other domains, despite the fact that they all resolve to an IP address that they are responsible for. Their sole justification seems to be that their spammer customers don't have a hosting service, but only domain registration service (with the masked-redirect-via-frames provided as part of that service) - which is ridiculous, because an iframe/frame only works if it's inside an HTML document, and that requires hosting by definition. Even if it's an extremely limited, purpose-specific form of hosting, it's still hosting - so by all appearances, that response was nothing more than a flimsy excuse for Namecheap to knowingly continue providing service to spammers.

The one kinda-sorta exception was PROBUSINESSFUNDING.COM: initially they claimed that they had resolved the problem by suspsending the domain's registration:

But when I happened to check it about a month & a half later, I noticed that the domain was still active & still resolving to NameCheap's webservers. Foolishly, I took them at their intiailly word & didn't think to check if the site was actually down - so I don't know if their claim to have suspended the site was complete BS, or if they did suspend it and then un-suspsended it later. Though incidentally, the reason I thought to check if the domain was actually suspended was that almost the exact same thing happened with yet another spam support URL hosted by NameCheap (loanbrokersinternational.com): they claimed they had suspended the offending account, but the site was still active when I checked less than a day later... that one is a slightly different situation, though, as that particular site is hosted directly on their servers, rather than embedded using a frame/"masked redirect". We'll be writing a separate post to detail that incident.

To top it off, it seems like many (if not most) of the Namecheap support staff we interacted with had serious difficulty understanding basic aspects of their own job - and/or had serious difficulties with basic reading comprehension. In just a single support/abuse ticket, here's a list of the nonsensical objections that we received fro Namecheap staff, and the basic details that we had to explain to them:

  • They objected that the issue wasn't their responsibility, because the EMails weren't received from their server - which is of absolutely no relevance, since it was the website we were reporting to them, rather than the EMail. On top of that, the EMail was sent through a contact form, so the actual message technically came from our severs; both of those details were clearly spelled out in the initial message we sent to them.


     
  • They objected that they had no evidence of the issue, since the domain wasn't listed in anti-spam blacklists - which was both incorrect (as we had provided them with multiple samples of the spam EMails advertising that domain), and not relevant for the same reason as their previous objection (the blacklists they cited were specifically for sources of spam EMail, while we were reporting the spam-support website instead). Amusingly, however, some of the domain names ARE present in blacklists of spam URLs - but when we pointed that out, we've received no response in the several months since.


     
  • They objected that they could not terminate domain registration due to spam complaints - which was also irrelevant, since it was the spam site/URLs that we were reporting, and not the domain name itself (nor would it even be necessary to suspend/terminate the domain registration, given that they're the host of the site).

Even eliciting those lame excuses/red-herrings from Namecheap has been like pulling teeth: we've consistently noticed a pattern where they won't reply to a support/abuse ticket for days/weeks at at time - but publicly shame them about it on Twitter, and suddenly the ticket gets a response within an hour or two. It's almost as if Namecheap is more concerned with giving the public appearance they're responsive to those issues, than actually doing ANYTHING effective to address them. At the very least, it doesn't do much to dispell that impression when, of the 6 most recent abuse complaints we sent to them, 5 of them are stll open more than a month later & have received no response from NameCheap - while the 6th was closed without the issue having been resolved (the aforementioned loanbrokersinternational.com site, which is still active on their servers as of the time of this writing).

It also turned that this was not an isolated issue - or a new one either. A recent article published by Brian Krebs, one of the comments linked to blog post from 2015, which details almost the exact same issue: same spammer tactic (using domains hosted by/registered with Namecheap to embed content from separate stes via frames/masked redirects), and the exact same run-around from Namecheap's support staff (repeatedly claiming that the spam sites weren't hosted by them, when they clearly were) - the only difference seems to be that those spammers were hawking weight lose products instead of business loans. So that issue has been ongoing for at least 3 years now, and Namecheap is well-aware of it. While the KrebsOnSecurity article wasn't about that particular issue, it did mention NameCheap as one of the top registrars for TLDs (domain name extensions) that are favoured by spammers and spammers; the article also includes a quote from Namecheap's CEO, Richard Kirkendall, where (among other things) he accuses Krebs - a noted tech security ressearcher/journalist - of making "irresponsible assumptions." Kirkendall (or at least someone claiming to be him) then jumped into the article's comments, and didn't exactly inspire confidence in the company's willingness to address spam issues - particularly when he referred to people who oppose spamming as "nazis."

And as far as Namecheap's failure to address the use of their services by spammers, this is not even the only incident that we have experienced. In fact, the main reason for posting this update is that we've witnessed several further examples of even more absurd failures by Namecheap to address spam complaints, and it seemed that we should post an update on the first incident before moving onto the other, even more ridiculous ones. Stay tuned for those details!






Comments

MikeD on August 10 2018

When I notified Namecheap of Terms and Conditions violation (below) they are no longer including @their domains in the reply to & the spam never stops.
It would be great if namecheap gets blacklisted or sued into oblivion.

Elshara Silverheart on October 11 2018

I’ve hosted with Name Cheap for 3 years. Specifically October 2015 - July 2018. I found your blog post while looking for a review of Name Cheaps services, as I’m not happy with their hosting.
They don’t, for example, advertise the limitations of their hosting.
1Gig ram, 20 processes no matter what plan you choose. If people are spamming on Name Cheap’s servers, it’s probably because of automated means protesting they think that limitation for an active site will suffice. When it doesn’t, they’re told to upgrade, but don’t get the specks of an upgraded plan. I would add shady business to their reputation personally, as a customer of their hosting. I’ve never had a domain issue with them to date however I will say their interface for host records management has gotten much worse.
Name Cheap does take spamming seriously. I couldn’t even send 2000 emails to an opt in social network newsletter mailing list before they suspended the hosting due to imposing a mail limit. In truth they don’t want anyone emailing anyone on their servers. I think it’s quite sad though, because you can email people in stages, if you can handle a 3 hour suspension window per day with their hosting if you push them on it. They just don’t have a sense of permanency as a Ukrainian web host.
Needless to say, web hosting is in some respects, quite Nazi like. Especially when support agents from poor countries, don’t care to wish to see eye to eye with you regarding services which are more false positive, than not. In terms of the actual depth of the issue at hand. It appears that if you get one that has in house support from the US, UK, Canada, Australia and New Zealand, you’re fine. Anywhere else, tends to disregard the rule book as it were, allowing any kind of illegal and in some cases, harmful activities on to their network (s) with 0 regard to others feelings on the matter no matter the situation. Some providers are so Nazi like, they enjoy putting policies up for the sake of a policy. And then doesn’t do anything about said policy, unless they can prove said policy only effects legitimate reasons. Then they enforce it. Which is what I mean by an unreliable hosting experience I’ve encountered with most hosting providers.
Go Daddy has a type of policy response like that with their domains. And then they won’t give it back. I know several domains I’ve owned, I’ve had sold without my permission using several other providers including Name Cheap to Sedo, just because they expired. If there’s any company I want shut down, that’s one of them.
All in all, I am sorry you’re facing troubles with yet another group of hosting providers, which aren’t keeping up with the meaning behind their offered service |(s) to shady individuals using their platform.

Linux and Windows web hosting plans start at just $7.95/mo.