When the pandemic hit us back in 2020, the whole world stood still, or at least it looked like that at first sight. With the lockdowns, work from home became a must, and many businesses focused on expanding their online presence. All of this created spikes in the global internet consumption on a new unprecedented level, which challenged the whole web hosting industry. Luckily, the years of constant technology evolution made the entire industry more flexible, so we’ve managed to adapt very quickly to the new reality. If I’m being honest, as a system administrator, I loved the challenges that arise. It was like waking up from a winter hibernation 🙂
Now almost two years later, we have all the numbers, and after some crunching, we can see that the web hosting industry grew by 30% in this period, which by itself is impressive, right?
But I wouldn’t be writing this article if everything was so great. As we all know, with the good comes the bad as well, and as a person who stood in the frontline during all of this, I can say it was really bad. As the web industry grew, so and the cybercrime rate, with a “slight” difference of 600%. Yes, that is correct, a 600 percent. Consequently, to all of this, the requests in the abuse departments grew, as well. For comparison, our abuse department had a 70% increase in abuse tickets during this period. Similarly, some of our peers reported a rise of up to 90%, none of us were prepared for such a scenario.
Our abuse department queue became so big that we had to train our support teams to handle abuse requests as well, the abuse team worked extra shifts, we were all processing abuse tickets. Eventually, with enough determination and hard work from all of our teams, we’ve managed to keep up with the situation. Additionally, we’ve improved our whole abuse handling process. We’ve introduced various risk mitigation tools that keep track of the reputation of the resources hosted on our network, which gave us the advantage to react in a more timely fashion, most often way before we receive any abuse request.
The range of abusive content varied, but the primary focus was on phishing scams, cryptocurrency scams, fake shops selling fake COVID medicine, etc.
For most cases, our procedures were straightforward. For example, if the contents were hosted on our network, we would simply suspend that client service with a single click, and that was it, but when it came to suspending abusive domains, it required a bit more effort.
How To Suspend a Domain Name?
There are several ways that a domain can be “suspended”, the first way is to reach directly to the registrar and ask for a suspension/deletion, which can be painstakingly time-consuming and slow. The alternative would be to modify the domain DNS zone or NS records to resolve to some non-resolvable IP or DNS zone that the abusive client does not control.
As a responsible web hosting company, we recognize the importance of fast reactions to phishing or financial scams to avoid more extensive damage. Hence when it comes to domain suspension, we knew that it needed to be done from our end, and it needed to be fast.
Before the pandemic, in most cases, a simple NS change was enough. We would use non-existing NS servers for most TLDs, and the domain would not resolve. In some instances, due to the registry politics, we needed to create a valid DNS zone with proper SOA records for the NS changes to be accepted, a simple task, but when it needs to be done in significant volume, it can take some time. So naturally, when we’ve experienced high volume, we’ve automated this zone creation process, but this put additional strain on our main DNS servers, not to mention the occasional attacks we’ve received as a revolt for our take-down action. Additionally, as the domains would become unresponsive, the abusive clients would open up several tickets asking about the status of their domains, even if we send an email in advance to them about the domain suspension.
So a decision was taken. We needed to create a separate DNS system that would be fast, secure, and reliable. With the separation of this system, we will be able to doge some of the vengeful attacks and handle traffic of domains involved in abusive behaviors without impacting our domain reputation.
SUSPENDED.PAGE is an authoritative DNS server with one sole purpose, to handle DNS traffic from any domain and point it to a particular IP address where the end visitor will be greeted by a friendly looking landing page informing them that the domain name they’ve opened was involved in some illicit activity, here is an example. This way, each involved party will know that the domain is suspended. This approach has several advantages, for example, from a victim’s point of view, they will get educated that not everything that comes in their mailbox should be trusted. But, on the other hand, it sends a strong message, “we caught you”, to the abusive client, which usually results in 0 support tickets.
For us, the most crucial part was that the service should be accessible for anyone and that it needs to work automatically without any need for zone creation from our staff or some kind of API integration. It sounds like magic, but we did it, with what we like to joke internally, a “wildcard NS” server. All anyone needs to do is to point a domain to suspended.page name servers:
And that’s it. The domain will start resolving to the landing page as soon as the DNS changes are propagated through the network. Meanwhile, it will automatically issue an SSL certificate, thus making the domain even more secure.
The DNS server returns valid SOA records, so the NS changes will be accepted even from domain registries that perform predelegation checks, eg. .DE. On top of this, the whole service is HTTP/3 ready, so it is blazing fast. It is needless to say that the entire technological stack of suspended.page is built on industry-standard open-source web and DNS software, which makes the whole service very secure and reliable.
What’s the Catch?
Our long-term goal with this project is to keep it free and open for anyone. The service will be:
- free for use forever,
- free of ads and analytics forever,
- not that anyone would love backlinks from abusive websites, but we need to point out that there will be no backlinking in any form. The only link on the landing page will be the one currently linking to the service homepage: https://suspended.page.
In short, this is our Christmas gift for the whole web hosting community.
We hope that small and medium-sized web hosting companies could see a massive benefit from this service, mainly by reducing the time needed in handling domain suspensions and reducing the post suspension tickets. Furthermore, in 2022 we plan to release a set of plugins for a popular web hosting management system, e.g., WHMCS, making the whole process a one-click procedure.
With this, I’m concluding our last blog post for 2021.
On behalf of the whole BlackHOST team, I would like to wish you all a very Merry Christmas and a Happy New Year ⛄🎊✨