1

Although the question has a much broader scope an example case is my posted question: Should I worry if I have tried to ssh into a 'fake' dyndns.org site? (with ssh keys)

In summary the previous question is related to people running sites with the (supposed) aim of collecting ssh logins to poorly secured servers using dynamically allocated ips through dyndns.org. By running a server on for instance dyndn.com tyou could collect passwords where people accidently miss the s when ssh'ing in and if the sites using password authentication only theyve you have all you need.

Its got me thinking as to why these sites are still up considering theres reasonable supsicion (on my part thats all it is) that theyre being run for nefarious purposes.

Arent theyre agencys to tackle this behaviour? Is it that people dont report it (I havent, who to?), wouldnt dyndns be looking out for it and sort it (ill try to email them tomorrow)? Is it that theres no proof?

Community
  • 1
jonnyxcvhanger
  • 63
  • 3
  • 1
    I think it comes down to the fact that noone has the authority. Remember the internet is a global thing, and many countries either don't care or are themselves invested in such operations – Numeron Nov 13 '15 at 01:41
  • Internet atm is in the state of wild-west. There are some small spots that are under control of some organisation, but most of it is no-mans-land. Noone has the authority or wants to take control. Whether this is positive or negative depends quite a lot on your point of view. – Paul Nov 13 '15 at 01:52
  • Jurisdiction. If it isn't in an area where your laws apply and there isn't an agreement with that area, nothing will be done. – Fiasco Labs Nov 13 '15 at 04:27
  • similar question today with answers that would also answer this one: http://security.stackexchange.com/questions/65280/are-there-actions-taken-against-websites-that-deliver-malware?rq=1 – jonnyxcvhanger Nov 13 '15 at 13:14

3 Answers3

7

There are several reasons for this.

1.) It may be very hard to track down the owner of the server.

2.) The server may be hosted at an ISP in a country that speaks a very different language than the language of the people being targeted. Think about hosting a fake website for a very small mid-West US Bank at a Japanese or Korean ISP. Figuring out who to even contact may be a bit of a challenge then you have the language barrier (BTW: Google translate is great for this situation and most ISP's want to help you).

3.) Some countries don't care about this (The Russian Business Network has a lot of well known IP addresses hosting a world of bad stuff but no one can get the Russian government to do anything about this).

4.) Some governments either don't have the resources to do anything about this and don't want to get involved (possibly too busy with a war or other critical issues) and do the ISP's don't even bother.

5.) Some ISP's are very small and understaffed and possibly have a big list of other to-do items like taking care of paying customers so this just takes a while.

6.) ISP's that are on the edge of going out of business will take any money they can get. The bad guys are paying customers in many cases.

7.) Some organizations have bad security and when they get hacked they don't notice for months. This allows an attacker to setup a website, especially a virtual webserver, on an insecure webserver and run it for a long time.

etc...

In the long run it's not that some people don't spend effort to get these taken down generally people do but the sites pop up again very quickly and for some attacks a site being up for 24-hours is very effective and can potentially infect millions of computers.

Ultimately there are a lot of other reasons but these are the most common.

Hopefully this info helps.

Trey Blalock
  • 14,099
  • 6
  • 43
  • 49
4

Why are websites obviously run for nefarious reasons not taken offline asap?

The internet connects computer systems on the whole world and which are of course under different jurisdictions. There is no central onnisciente, onnipotente and infallible authority which can just go and switch off anything it does not like. And you also cannot send a drone to bomb the data center in some other country just because there might be hacker lurking there.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
2

You're forgetting the obvious answer that one person's nefariousness is another's business savvy.

As @numeron alludes to, many things that are frowned upon where you might live aren't necessarily where the server might be.

I'm sure you realize that in some countries, laws aren't enforced as evenly as others, especially when the supposed victims aren't citizens of or live in that country. Sometimes, those officials who might enforce such laws may be swayed into indifference by a well-placed contribution or share in the enterprise.

Bottom line: there is not a global authority to whom one can complain, nor universal laws that all website operators have to follow.

Ron Trunk
  • 627
  • 3
  • 6