ISP GoDaddy.com has come under fire for pulling a popular hacking Web site down this week, allegedly at the request of MySpace.com
GoDaddy pulled the plug on the Seclists.org Web site, knocking about 250,000 pages of archived mailing lists offline for most of Wednesday, apparently because a post to the Full Disclosure discussion list archived on the site contained the names and passwords of MySpace.com users.
Seclists.org hosts widely read archived copies of a number of discussion lists, including Bugtraq and the Daily Dave. It is used by tens of thousands of readers every day, according to the site's owner, Gordon Lyon, who is better known by his hacker pseudonym, Fyodor Vaskovich. Lyon is also the creator of the Nmap network scanning security tool.
MySpace and GoDaddy did not reply to calls and e-mails requesting comment, but Lyon said he was told by GoDaddy representatives that his site was pulled at MySpace's request.
MySpace was responding to a legitimate concern about its users' privacy. More than a week ago, nearly 60,000 MySpace passwords and user names were disclosed on the Full Disclosure list. They had been collected and posted on a phishing Web site, which has since been shut down, but a copy of the list was also posted to Full Disclosure. Copies of the list can still be found online, leading Lyon to wonder why his mirror copy of the discussion list was singled out.
Though service was eventually restored, Lyon blasted the ISP for acting without giving him time to remove the offending post.
"Instead of simply writing me ... asking to have the password list removed, MySpace decided to contact (only) GoDaddy and try to have the whole site of 250,000 pages removed because they don't like one of them," he wrote Thursday on his Web site. "And GoDaddy cowardly and lazily decided to simply shut down the site rather than actually investigating or giving me a chance to contest or comply with the complaint. Needless to say, I'm in the market for a new registrar."