Jump to content

Stopping abuse of subdomains


cmslauncher

Recommended Posts

I want to offer subdomains for my services similar to what blogspot or WordPress does with their blogging platform. For eg. subdomain.mydomain.com.

 

However I am getting users who are registering and abusing my service for phishing attacks. Browsers vendors like Google chrome and Firefox are marking the whole domain as "deceptive". This is harming all my customer and not just the offending subdomain.

 

I am using cPanel + WHMCS to offer this service with the hosting package.

 

How can I stop Google to mark the whole *.mydomain.com as deceptive.

Link to comment
Share on other sites

What exactly do you expect to happen?

 

If you offer a free trial or free hosting, you will absolutely attract malicious users. Actually most of them will be doing nasty things in your server.

 

Now, if you are offering them on a subdomain, yes, Google and browsers will correctly mark the whole domain as malware. This is why you want users to use their own domain.

 

In regards to how WordPress and other services are doing it?

 

The question to that is that they have very advanced systems to avoid malicious users from registering, they do all types of pre screening and filtering, then they have probably systems that detect malware or any other suspicious activity on files or things someone may be doing and finally they have an abuse team that constantly tracks and takes down malicious blogs.

 

Google will only mark the domain as malware if you are not acting promptly and removing the abusers. I suspect WordPress and free hosting services remove the malicious users in hours, not days. So Google and others services don't have a chance to mark them as malware.

 

And finally, like someone else said, they limit the environment heavily. You can't just upload PHP files and expect it to work. They don't give PHP, or database, or shell access and probably not even FTP. They only let you upload static files (and they filter or * them) and they mostly don't allow emails out, or any type of external data connection from the accounts. As last resort if someone does host something malicious, they take it down and quickly.

 

This is not a problem with WHMCS, its how you do business. If you are planning to give un-trusted, un-vetted and anonymous people access to your services, you can expect them to do very nasty things, including hacking your servers and all sites. Sadly this is the risk of doing business online. Giving someone access to any computer system always involves some type of risk.

 

The only part where WHMCS can help you is trying to do some checks on the sign up, for example, enable MaxMind or another fraud service, that should catch some users, or maybe you can enable phone or SMS verification, most malicious users don't want to have any type of verification, so that should kill a bunch of them. You will still have nasty users, even if they didn't do it on purpose. Giving free hosting always tend to people not caring about the servers because they are not paying for them, so they don't care if their logins are stolen. This is why some free hosting services remove or terminate the account if the user did't logged in a specific time period, because most people abandon their account. You don't want abandoned accounts either. Unless you plan to baby sit every single account and file you are asking for a nightmare here. This is why free hosting is so horrible in the first place. Someone not willing to pay you 1$ to host something, probably is just hosting garbage and does not care about your services or his hosting account either.

 

If you charge cheap you are going to attract the worse of the Internet, if you charge nothing, you are going to be the guy that is hosting all the malware and malicious sites online and a person that actually wants to pay you is going to stay far away from your services for that reason. You are going to damage your brand and reputation to oblivion and this is why no serious website or company tends to upgrade from a free hosting to a paid account.

 

Yes, there are services that are doing it but like I said, they are spending a lot of time and resources on providing those services. If you thought free services are free in cost you are wrong. They are not free for you at least, they will still you cost money and time. Companies that offer free services actually account the costs for each free account and they can only keep giving them as long as they are making profit from other customers upgrading which is also unfair as the ones that pay are subsidizing the free riders.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated