GoDaddy Targeting Domains With Bitamp Open Source Project

[mgoz]

I'm sure everyone saw in the news recently that GoDaddy employees were socially engineered to give up some domain names. Yesterday I received a domain suspension warning from their Digital Crimes Unit claiming one of my domain names was hosting malicious content and violating their Universal TOS. They linked the domain name directly as a sample of the malicious content. When I went there, all that was there was an install of Bitamp's open source project from here:
https://github.com/bitampcom/bitamp

I had installed it roughly 6 months ago when it was first released on a domain I don't use, testing various wallet services for a client. I had completely forgotten about. Reviewing the files there, nothing was modified since I installed it and it's an exact copy of their repo with no modifications. Confused, I informed them that this was simply an open source project that I was testing and asked for them to explain what was in violation of their TOS.

Today they replied with the following:

The website associated with your domain x.com appears to be purporting an affiliation or official representation of Bitamp Bitcoin Wallet.

In order to authenticate this business affiliation we ask that you have someone from that organization reach out to us and provide confirmation that you have such permission.

In order to avoid any unwanted disruption of service, we require this proof of association to be provided within the next 48 hours.

Regards,

Digital Crimes Unit

I find it a bit odd that I received this days after they were socially engineered. Is anyone else getting these suspension warnings for crypto related services on their domains through GoDaddy or specifically for having the Bitamp open source project installed? From the emails, it is clear they do not know understand what open source or Bitamp is and what the MIT license allows.

[1714134997]

1714134997

[1714134997]

1714134997

[1714134997]

1714134997

[1714134997]

1714134997

[BayAreaCoins]

They are hiring too https://careers.godaddy.com/job/gilbert/senior-software-engineer-digital-crimes-unit/7795/17626372

[mgoz]

Now that explains it. These l33t h4x0rz coding in Go and Python must be querying all their domains and scraping Google search results for anything that mentions Bitcoin and sending out suspension notices.

It's not like I even care about the domain. I just think it's funny and want to bust their balls.

[Tushar Ramani]

GoDaddy is shit when it comes to domain and hosting services - let it be dedicated servers or premium domains. I had many domains over there and their support is absolutely bulshit. I probably haven't got such notices as I don't use GoDaddy anymore.

[mgoz]

I'd never use them for hosting. I've only ever used them for domains, but considering moving all of my domains elsewhere. Who's good/cheap these days for renewals?

Also, it turns out that this may have been an intellectual property claim request from Bitamp. However, it's not clear and I'm still confused since their project is licensed under MIT and Bitamp isn't a registered trademark in the United States. When I forwarded to Bitamp's support, they told me I had to remove all mentions of Bitamp claiming it's a security/phishing issue because the domain is ranking in Google. The test domain was an exact copy of their repo with no changes and appears their gripe is solely Google ranking.

So, I've done what Bitamp requested and now informing people to not use Bitamp since it is not truly open source. What they have licensed under MIT is only HTML/CSS/JS. They don't have the PHP scripts open sourced, so who knows what their wallet service actual does. What's in their repo doesn't actually work without the PHP scripts, so somehow a broken site that doesn't function is a phishing site.

I'd personally never use Bitamp, only tested for a client, and forgot about it. 6 months later I get threatened with suspension because Bitamp doesn't like that they licensed some of their code under MIT. Just image founders of WordPress sending take down notices and telling people to remove all mentions of WordPress from an unmodified default install. If Bitamp doesn't want to honor the MIT license and won't release PHP code, how can one trust any of their claims as being valid? Use hardware wallets!

[vabsy]

Who's good/cheap these days for renewals?

Namecheap is running a promotion till tomorrow for 50 domain transfers per account for about 7$ each.

[mgoz]

GoDaddy actually ended up suspending my domain and then giving it back the next day without me making any changes after the suspension. Made no sense and I ended up moving all of my domains elsewhere.

When I filed a complaint with the Better Business Bureau, their timeline of events didn't match what actually happened. They then later claimed a third-party contacted them stating my domain was a phishing site. Unless GoDaddy are complete liars, this was Bitamp. GoDaddy never once mentioned anything about someone claiming it was a phishing site, merely stating they believed my server was compromised, which wasn't hosted by them.

So Bitcoiners, let it be known that Bitamp does not want anyone to legally copy their MIT licensed open source project, for they will claim you are running a phishing site if legally testing an exact unmodified copy.

[Welsh]

I've used probably every major domain register under the sun, and I've always found them pretty much the same. Thing is, if you don't require hosting, or at least don't host with them there shouldn't really be any issues with any domain register that's considered trustworthy. Godaddy, and Namecheap have been leading the field for many years. I believe Namecheap allows Bitcoin payments, which is always a benefit.

You say your domains got suspended; Do you mean that they terminated your hosting package with them, or they suspended, and have taken away your domain? I don't think I've ever heard of the latter happening, but if its the former its probably due to you breaking their terms of service when it comes to their hosting services.

[mgoz]

Do you mean that they terminated your hosting package with them

No, I strictly used GoDaddy as a registrar only and would never host anything on their garbage servers. They changed my name servers, pointed it nowhere, and removed the domain from my account so I couldn't even manage it. This was after they requested I provide permission from Bitamp within 48 hours. Bitamp told them they had no problem with me using the project, but wanted me to make specific changes to their MIT licensed code, removing mentions of Bitamp. I made those changes within the 48 hours before GoDaddy suspended it days later. They then restored it a day later with no additional changes being made. In my 25+ years working in IT, I have never had this happen. Not even with clients. Hell, they even let well known hate groups and murderers use them for domains AND hosting and do nothing about it.

They are still claiming that Bitamp contacted them stating it was a phishing site when it was only an exact and unmodified copy of their "open source" project. As far as I know, Bitamp only contacted them after I copied them on the emails when GoDaddy stated I had 48 hours to get permission from Bitamp. I don't know if they contacted them prior to the initial suspension warning like GoDaddy is now claiming. The Bitamp project was on the domain for over 6 months doing nothing since I initially tested it. Bitamp apparently got upset because my domain was coming up on the first page of Google when searching Bitamp. The only thing open source about it is the HTML/JS/CSS. None of the PHP scripts are there to see what they could be doing with your seed. It's effectively a non-functioning project other than the JS generating a seed.