Hi,
Yeah I managed to get through to Crazy Domains support which surprised me, and
they have flagged it to their operations folks as well. It looks like they have
yet to take action, over an hour later - the whois still shows the CloudFlare
NSes.
Unfortunately, even when this is pulled, this will stay in the DNS for up to 24
hours if it’s already in your cache. Once it’s removed (perhaps someone can
notify here, I’ll do that if I get told that it’s happened before I see info
here) I encourage people to flush their recursive DNS caches if possible, and
add dummy zones for these things if not.
You want to configure your servers to return bad data. Returning REFUSED won’t
work in all cases, because hosts fail over to other DNS servers that are
configured - I tested this by configuring my server, and 8.8.8.8 as DNS servers
on my local machine. Then again, you might find that the number of people who
have additional name servers configured that are not on your network is pretty
small.
Perhaps 127.0.0.1 isn’t best, I’m not sure. Anyway, config for those who want
it:
Unbound (tested on 1.5.1):
local-zone: “orderkfc.co.nz.” static
local-data: “www.orderkfc.co.nz. 300 IN A 127.0.0.1”
local-data: “orderkfc.co.nz. 300 IN A 127.0.0.1”
Bind (tested on 9.8.something):
named.conf:
zone “orderkfc.co.nz." IN { type master; file “block”; };
Bind zone file ‘block’:
@ IN SOA ns1 hostmaster ( 1 7200 120 86400 360 )
IN NS ns1
IN A 127.0.0.1
www IN A 127.0.0.1
--
Nathan Ward
> On 19/10/2015, at 23:43, David Morrison <da...@nzrs.net.nz> wrote:
>
> Hi Nathan,
>
> We (NZRS) have reached out to contacts at Crazy Domains and pointed them to
> this list and the raised issue.
>
> Kind regards
>
> David
>
> David Morrison
> Chief Marketing Officer
> NZRS Ltd
>
> P +64 49316973
> M +64 274366182
> F +64 49316979
> E da...@nzrs.net.nz <mailto:da...@nzrs.net.nz>
> W www.nzrs.net.nz <http://www.nzrs.net.nz/>
> S david.morrisonnz
> T @dotnz
>
> PGP 7A38 2F84 C7DF 8FF2 34F8 B4F2 BC54 10AE 2501 6600
>
>> On 19/10/2015, at 11:18 pm, Nathan Ward <nz...@daork.net
>> <mailto:nz...@daork.net>> wrote:
>>
>> Hi all
>>
>> This is back again, this time under “orderkfc.co.nz
>> <http://orderkfc.co.nz/>”.
>>
>> Same deal as last time.. though, anyone know anyone with Crazy Domains? In
>> my experience they’ve been even harder to reach than registrars normally are.
>>
>> --
>> Nathan Ward
>>
>>> On 18/10/2015, at 19:01, Nathan Ward <nz...@daork.net
>>> <mailto:nz...@daork.net>> wrote:
>>>
>>> All,
>>>
>>> You might’ve seen ‘kfcdelivery.co <http://kfcdelivery.co/>.nz’ pop up on
>>> social media today. It’s a scam.
>>>
>>> If you have the ability to block this website so your users cannot reach
>>> it, please do so.
>>> If you have stuck your CC details in there, cancel your card.
>>>
>>> It is hosted through CloudFlare, don’t block the IPs, but perhaps you can
>>> filter on your DNS or something.
>>>
>>> I have reached out to the registrar for the domain to get it blocked
>>> (discount domains). If anyone has a contact there other than support@ to
>>> get it pulled ASAP, please use it - I don’t know anyone there.
>>>
>>> The logic of the site is roughly:
>>> <snip>
>>> # Validate input and set error if validation fails
>>>
>>> if(error){
>>> "You must fill in the red fields"
>>> }else{
>>> "Our servers are down due to heavy traffic, please try again later"
>>> }
>>>
>>> # send data to servers anyway
>>> </snip>
>>>
>>> --
>>> Nathan Ward
>>>
>>
>> _______________________________________________
>> NZNOG mailing list
>> NZNOG@list.waikato.ac.nz <mailto:NZNOG@list.waikato.ac.nz>
>> http://list.waikato.ac.nz/mailman/listinfo/nznog
>
_______________________________________________
NZNOG mailing list
NZNOG@list.waikato.ac.nz
http://list.waikato.ac.nz/mailman/listinfo/nznog
