This morning I was toying with an idea for easing NoScript allowance of sub-objects and sub-scripts which, even being 1st party content, are offloaded to different domains for performance reasons.
One prominent example is YouTube, which recently started serving scripts from ytimg.com, requiring NoScript users who want to watch videos on youtube.com to whitelist both domains.
Now the idea, probably too much naive not to be a dead end, was to correlate domains by "ownership", using real time and cached WHOIS queries: sub-content whose Registrant information matches top-level page site's would be allowed to load if the latter is trusted.
Databases (in)accuracy aside, this approach is too much coarse-grained to fit: how many NoScript users would be happy to put www.google.com and googleanalitycs.com in the same basket?
Anyway, playing some minutes with com.whois-servers.net (the "meta-server" where WHOIS client programs lookup the server responsible for a certain .com domain) yielded some amusing results:

[ma1@groucho]$ cat >wtf && chmod 700 wtf
#!/bin/bash
while [ ! -z "$1" ]; do
echo
SUFFIX=${1//[a-zA-Z-_]*./}
exec 3<>/dev/tcp/$SUFFIX.whois-servers.net/43
echo -e >&3 "$1"
egrep -i "$1\.\w+\." <&3
shift
done
[ma1@groucho]$ ./wtf YOUTUBE.COM YAHOO.COM GOOGLE.COM MICROSOFT.COM
YOUTUBE.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
YOUTUBE.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM
YOUTUBE.COM.IS.N0T.AS.1337.AS.WWW.GULLI.COM
YAHOO.COM.ZZZZZZ.MORE.INFO.AT.WWW.BEYONDWHOIS.COM
YAHOO.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
YAHOO.COM.ZOMBIED.AND.HACKED.BY.WWW.WEB-HACK.COM
YAHOO.COM.VIRGINCHASSIS.COM
YAHOO.COM.TWIXTEARS.COM
YAHOO.COM.OPTIONSCORNER.COM
YAHOO.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM
YAHOO.COM.JOSEJO.COM
YAHOO.COM.JENNINGSASSOCIATES.NET
YAHOO.COM.IS.N0T.AS.1337.AS.SEARCH.GULLI.COM
YAHOO.COM.ELPOV.COM
YAHOO.COM.EATINGFORJOY.NET
YAHOO.COM.DALLARIVA.COM
YAHOO.COM.CHRISIMAMURAPHOTOWORKS.COM
YAHOO.COM.BGPETERSON.COM
GOOGLE.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
GOOGLE.COM.ZOMBIED.AND.HACKED.BY.WWW.WEB-HACK.COM
GOOGLE.COM.YAHOO.COM.MYSPACE.COM.YOUTUBE.COM.FACEBOOK.COM.THEYSUCK.DNSABOUT.COM
GOOGLE.COM.WORDT.DOOR.VEEL.WHTERS.GEBRUIKT.SERVERTJE.NET
GOOGLE.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI.COM
GOOGLE.COM.SPROSIUYANDEKSA.RU
GOOGLE.COM.SERVES.PR0N.FOR.ALLIYAH.NET
GOOGLE.COM.PLZ.GIVE.A.PR8.TO.AUDIOTRACKER.NET
GOOGLE.COM.IS.NOT.HOSTED.BY.ACTIVEDOMAINDNS.NET
GOOGLE.COM.IS.HOSTED.ON.PROFITHOSTING.NET
GOOGLE.COM.IS.APPROVED.BY.NUMEA.COM
GOOGLE.COM.HAS.LESS.FREE.PORN.IN.ITS.SEARCH.ENGINE.THAN.SECZY.COM
GOOGLE.COM.BEYONDWHOIS.COM
GOOGLE.COM.ACQUIRED.BY.CALITEC.NET
MICROSOFT.COM.ZZZZZZ.MORE.DETAILS.AT.WWW.BEYONDWHOIS.COM
MICROSOFT.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
MICROSOFT.COM.ZZZOMBIED.AND.HACKED.BY.WWW.WEB-HACK.COM
MICROSOFT.COM.ZZZ.IS.0WNED.AND.HAX0RED.BY.SUB7.NET
MICROSOFT.COM.WILL.LIVE.FOREVER.BECOUSE.UNIXSUCKS.COM
MICROSOFT.COM.WILL.BE.SLAPPED.IN.THE.FACE.BY.MY.BLUE.VEINED.SPANNER.NET
MICROSOFT.COM.WILL.BE.BEATEN.WITH.MY.SPANNER.NET
MICROSOFT.COM.WAREZ.AT.TOPLIST.GULLI.COM
MICROSOFT.COM.USERS.SHOULD.HOST.WITH.UNIX.AT.ITSHOSTED.COM
MICROSOFT.COM.TOTALLY.SUCKS.S3U.NET
MICROSOFT.COM.SOFTWARE.IS.NOT.USED.AT.REG.RU
MICROSOFT.COM.SHOULD.GIVE.UP.BECAUSE.LINUXISGOD.COM
MICROSOFT.COM.RAWKZ.MUH.WERLD.MENTALFLOSS.CA
MICROSOFT.COM.OHMYGODITBURNS.COM
MICROSOFT.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM
MICROSOFT.COM.LOVES.ME.KOSMAL.NET
MICROSOFT.COM.LIVES.AT.SHAUNEWING.COM
MICROSOFT.COM.IS.NOT.YEPPA.ORG
MICROSOFT.COM.IS.NOT.HOSTED.BY.ACTIVEDOMAINDNS.NET
MICROSOFT.COM.IS.IN.BED.WITH.CURTYV.COM
MICROSOFT.COM.IS.HOSTED.ON.PROFITHOSTING.NET
MICROSOFT.COM.IS.GOD.BECOUSE.UNIXSUCKS.COM
MICROSOFT.COM.IS.A.STEAMING.HEAP.OF.FUCKING-BULLSHIT.NET
MICROSOFT.COM.IS.A.MESS.TIMPORTER.CO.UK
MICROSOFT.COM.HAS.ITS.OWN.CRACKLAB.COM
MICROSOFT.COM.HAS.A.PRESENT.COMING.FROM.HUGHESMISSILES.COM
MICROSOFT.COM.FILLS.ME.WITH.BELLIGERENCE.NET
MICROSOFT.COM.CAN.GO.FUCK.ITSELF.AT.SECZY.COM
MICROSOFT.COM.ARE.GODDAMN.PIGFUCKERS.NET.NS-NOT-IN-SERVICE.COM
MICROSOFT.COM.AND.MINDSUCK.BOTH.SUCK.HUGE.ONES.AT.EXEGETE.NET

The amazing thing is that this data is not even meant for human consumption!

4 Responses to “Yahoo.com Zombied and Hacked, Google.com Acquired By Calitec (WTF?)”

  1. #1 pdp says:

    Giorgio, I don't quite get the purpose of the exercise. All I can see is that you are whois-ing names which mean nothing.

  2. #2 Giorgio says:

    @pdp:
    it was not an exercise, and the purpose (if any) was just performing some manual WHOIS queries (whose first step is retrieving the right host to query from *.whois-server.com) to see how difficult and/or useful would have been integrating WHOIS lookups inside NoScript.
    Then, early in the process, I was simply surprised and amused in finding so much unexpected spam returned looking up the most popular domains, and thought it was funny to share.
    BTW, some of those domains are certainly part of some SEO scheme, but some of them look just goliardic or vandalic... excercises?

    [edit]:
    Reading your comment, I've got the impression you believed I somehow "invented" or generated those names to WHOIS semi-random data. If so, please look better at my bash script: those names are returned by the root WHOIS meta-server when it's queried for YOUTUBE.COM, YAHOO.COM, GOOGLE.COM or MICROSOFT.COM. In other words, they are apparently domains with existent WHOIS records, and every time a GNU whois client queries one of the four popular ones it has to dig through all that spam in order to find the relevant info(!)

  3. #3 Ronald van den Heetkamp says:

    Hi Giorgio!

    Yeap, you can do that too, it's really easy. And no, they aren't hacked :) this has been discussed a long time ago, and people were really fooled by it. Yeah it's just fun and games.

  4. #4 hanfi says:

    Hi,

    I just wanted add, i really would like to see some sort of "Multi-allow".

    As you said, its maybe no good idea to use whois for this, since even if google.com is allowed dont means googleanalitycs.com should be allowed.
    A simple solution would be to just add a "(temporary) allow all scripts on the site" to the noscript menu. Then on youtube we dont have press 2 times, but only one time.
    For sure, my prefered solution would be to let users create "sets" in the noscript preferences, but this could be very confusing for the not so advanced users.

    Oh, and if im talking about missing features, a menu point "allow all scripts on this side until i leave(either domain or maybe even this specific site)" would be nice too.

    about the whois replies, i think as long humans play with technology, we will see things like that. Similar for http-headers, check out http://www.nextthing.org/archives/2005/08/07/fun-with-http-headers for example.

Bad Behavior has blocked 3529 access attempts in the last 7 days.