mailing list archives
Re: GoDaddy.com shuts down entire data center?
From: Richard A Steenbergen <ras () e-gerbil net>
Date: Tue, 17 Jan 2006 03:19:14 -0500
On Tue, Jan 17, 2006 at 02:09:21AM -0500, Patrick W. Gilmore wrote:
On Jan 17, 2006, at 1:32 AM, Jim Popovitch wrote:
I want to say, from an outsider's perspective, that I whole
heartily applaud GoDaddy on the actions they took [...]
There seems to be a wide split on this topic. I was wondering if
people would privately tell me yes or no on a few questions so I can
understand the issue better.
1) Do you think it is acceptable to cause any collateral damage to
innocent bystanders if it will stop network abuse?
2) If yes, do you still think it is acceptable to take down 100s of
innocent bystanders because one customer of a provider is misbehaving?
3) If yes, do you still think it is acceptable if the "misbehaving"
customer is not intentionally misbehaving - i.e. they've been hacked?
3) If yes, do you still think it is acceptable if the collateral
damage (taking out 100s of innocent businesses) doesn't actually stop
the spam run / DoS attack / etc.?
I don't think anyone (well ok, anyone sane, I know we have a few nutjobs
on this list :P) thinks that arbitrarily blocking service to hundreds or
thousands of users because someone is unknowingly hacked is an appropriate
way to address network abuse. I really have no idea how aggressive GoDaddy
is with enforcing their AUP, as I don't personally use their services, but
based on what I know about the affected customer and what I can read from
the affected whiner's website I'm certainly not going to jump to the
conclusion that GoDaddy is running around like a hopped up abuse desk
worker on a power trip, shutting off service to random innocent people
because they feel like it.
The question at hand is, at what point does a registrar providing services
have an ethical or moral obligation to step in and do something when they
do encounter an excessive level of abuse by someone using their services?
At what point does ARIN revoke the allocation of a blatant and persistant
spammer who is violating the law without being stopped? I think the answer
is that clearly this isn't something they want to be doing on a regular
basis, any more than an ISP wants to be responsible for filtering every
packet that goes through their routers looking for warez and kiddie porn,
yet I have seen them do it in certain rare and severe cases of unrelenting
Maybe it is a judgement call, maybe it isn't. Bottom line, dealing with
abuse is an ass job, and I certainly wouldn't want it. Some days you're
doing a good thing because you shut down a spammer, some days you're doing
a bad thing because you shut down innocent services along with it (and
some days you're just fending off "stop hax0ring me on port 80 or I'll sue
you and call the CIA" e-mails).
I highly suspect that GoDaddy doesn't involve itself in these kinds of
issues lightly, which means that in all likelihood the level of abuse was
severe, with no communication from the person they suspended service to. I
for one have never heard of anyone I know having their GoDaddy service
suspended for this kind of thing. Unless someone has some actual facts
that GoDaddy is engaging in this kind of activity, I'm inclined to give
them the benefit of the doubt. This means, at least for now lumping them
in the "respecting them for taking a stand regarding the abuse of their
service" category, rather than the "wackjob conspiracy theorist
power-crazed zealot" category we all know and love. :)
Richard A Steenbergen <ras () e-gerbil net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)