Is this legal? Domain registrar ignoring abuse complaints

SoapBox Forums Thoughts and opinions Is this legal? Domain registrar ignoring abuse complaints

This topic contains 9 replies, has 7 voices, and was last updated by  nomad 2 months, 1 week ago.

  • Author
    Posts
  • #1119

    Sai
    Participant

    Can a registrar company (Openprovider.com) legally reveal my email address? To cut a long story short I filled an abuse complaint with a domain registrar after finding one of my WordPress sites was hacked and was redirecting to a counterfeit drugs selling site instead. I looked up the whois of this website and contacted the registrar the domain was registered with. Rather than taking the site offline the registrar basically told me that they don’t care. The registrar also said they would alert the hacker/drug dealers I filled a complaint complete with my contact information including (my email) :s
    It seems as though the domain registrar would rather make £10 domain registration fee each year and harbour criminals than do the right thing.

    I wouldn’t really be too bothered and would probably just make sure I secure my site next time… but I know this is far from a victimless crime selling fake drugs online has serious consequences and can be lethal… how can any legitimate company write something off like this.

  • #1120

    blueman
    Participant

    I don’t know the legalities of it but I suspect that if you wrote them an email mentioning the GDPR, they might panic a bit and change their tune.

  • #1121

    oldfogie
    Participant

    Forward your email thread to the police.

  • #1122

    eee
    Participant

    I suppose it rather depends on who the registrar is and where the transactions took place.

    GDPR has been mentioned, but if this was something other than a UK based registrar will GDPR be any help? As to forwarding the Email thread to the Police, I suspect that would be a waste of Electricity.

    • #1126

      blueman
      Participant

      GDPR has been mentioned, but if this was something other than a UK based registrar will GDPR be any help? As to forwarding the Email thread to the Police, I suspect that would be a waste of Electricity.

      My understanding was that the regulations apply to any company that does business with EU customers, regardless of where the company is registered. Obviously, in practice, some foreign businesses would be out of the reach of any enforcement but a lot of registrars would be doing enough business in the EU that they should pay attention to it if they have any sense.

      Doesn’t necessarily mean that it’s of any help in these circumstances. I just think that as something all businesses currently have to worry about and lots don’t fully understand, it’s probably a useful lever for consumers at the moment.

    • #1128

      nomad
      Participant

      Correct, see Article 3 of the regulation: https://gdpr-info.eu/art-3-gdpr/

      As a new law (albeit an extension of existing laws eg 1998 DPA), a lot of GDPR has yet to be tested in court, but a responsible business should be aware of its responsibilities and the potential penalties for reckless non-compliance (Article 84, accessible via the above link).

  • #1123

    nick123
    Participant

    Look at it the other way. Suppose someone made a complaint about your WordPress site, saying it was breaking some law, in some part of the world. You’d want to have an informed discussion, rather than some random registrar pulling the plug with little evidence.

    A lot of domain hosts or registrars wont want to get involved in squabbles. They don’t have the time or tools to decide if the drugs are fake, or if it is illegal etc. There is a dispute process available via ICANN, but it is long and usually expensive.

    If what the vendor is doing is illegal, then contact the appropriate authorities in your country. In this case it would be Action Fraud. They may not take immediate action, that you can see, but it could form part of a wider investigation.

    • #1124

      Sai
      Participant

      The registrar is based in Holland. The counterfeit drugs site is hosted by some dodgy Russian site. Godaddy for example if they find something dodgy on a domain registered with them they will inform you to get rid of the content within 48 hours or risk getting your domain deleted… this is how I found out that something dodgy was going on.

      There are probably millions of these sites set up by criminals and it is very much a whack a mole for the police getting them all… but I guess it doesn’t help when registrars and web hosts just pass the buck.

    • #1125

      nick123
      Participant

      There are probably millions of these sites set up by criminals and it is very much a whack a mole for the police getting them all… but I guess it doesn’t help when registrars and web hosts just pass the buck.

      Agreed. The hacking of your site was probably fully automated. A script looked for WordPress version x.y.z which has a known bug. The bug was exploited and a redirect was put in place.

      Not all webhosts and/or registrars have the resources to police their sites. They may spot unusual traffic patterns, or if your domain appears on SURBL or similar. It is ultimately the police who do the policing. If a registrar gets involved unilaterally, against content that might be illegal, there is a chance they could end up in court. They are no longer a common carrier, but a content provider. If they get involved because there is a security issue with your site, that is probably covered by the t&c’s.

  • #1127

    mo
    Participant

    The registrar is not necessarily also the hosting company. If they are not hosting the site and have no control over the domain’s DNS records then I don’t think there’s much they can do apart from try to notify the host. And they probably already know they’re on a hiding to nothing notifying a dodgy Russian one.

You must be logged in to reply to this topic.