Abuse Policy Takes SecLists.Org Offline

SecLists.Org, a popular site that archives the messages from numerous popular security mailing lists, was temporarily shut down by, one of the largest domain name registrars. The SecLists.Org site, run by Fyodor (developer of the popular Nmap tool) was shut down after complaints by MySpace.

In the middle of January, someone posted a message to a popular mailing list that contained a list of thousands of MySpace logon credentials. The list was gleaned from a Web site that hosted a false MySpace logon panel. Unsuspecting users entered their credentials in the bogus logon form, and the credentials were recorded and stored on a server. At some point, the list was taken off the Web site but not before people had copied it. One of the people who copied the list attached it to a message that was later sent to the Full Disclosure mailing list.

SecLists.Org archives all messages sent to the Full Disclosure list, so its archives contained a copy of the message that had the MySpace logon details attached. And that's what led to the complaint from MySpace, which in turn led to turn off the SecLists.Org domain.

Fyodor thinks and MySpace went too far too fast in shutting off the domain. In a message posted to the SecLists.Org site, he wrote, "I woke up yesterday morning to find a voice message from my domain registrar (GoDaddy) saying they were suspending the domain Apparently Myspace is still reeling from all the news reports more than a week ago about a list of 56,000 myspace usernames+passwords making the rounds. It was all over the news, and reminded people of a completely different list of 34,000 MySpace passwords which was floating around last year.... Instead of simply writing me (or asking to have the password list removed, MySpace decided to contact only GoDaddy and try to have the whole site of 250,000 pages removed."

According to Fyodor, the SecLists.Org site was offline for most of January 24; however, the site was subsequently restored and the content that offended MySpace was removed. However, as Fyodor pointed out, the list of MySpace accounts is circulating the Internet and easily located using a search engine.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.