publication croisée depuis : https://lemmy.pierre-couy.fr/post/584644

While monitoring my Pi-Hole logs today, I noticed a bunch of queries for XXXXXX.bodis.com, where XXXXXX are numbers. I saw a few variations for the numbers, each one being queried several times.

Digging further, I found out these queries were caused by CNAME records on domains that look like they used to point to Lemmy/Kbin instances.

From what I understand, domain owners can register a CNAME record to XXXXXX.bodis.com and earn some money from the traffic it receives. I guess that each number variation is a domain owner ID in Bodis’ database. I saw between 5 to 10 different number variations, each one being pointed to by a bunch of old Lemmy domains.

This probably means that among actors who snatch expired domains, several of them have taken a specific interest with expired domains of old Lemmy instances. Another hypothesis is that there were a lot of domains registered for hosting Lemmy during the Reddit API debacle (about 1 year ago), which started expiring recently.

Are there any other instance admins who noticed the same thing ? Is any of my two hypothesis more plausible than the other ? Should we worry about this trend ?

Anyway, I hope this at least serves as a reminder to not let our domains expire ;)

  • pcouy@lemmy.pierre-couy.frOP
    link
    fedilink
    arrow-up
    2
    ·
    3 months ago

    That’s really really weird, I cannot resolve the domain to an IP, even after trying a bunch of different DNS servers. If you’re on linux, can you run nslookup pathfinder.social and paste the output here ?

    • Zagorath@aussie.zone
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      3 months ago

      If you’re on linux

      I’m not, but I do have WSL installed. It returned “Can’t find pathfinder.social: No answer”

      Out of interest, I tried the same command in Microsoft PowerShell, I get:

      Server:  dns9.quad9.net
      Address:  9.9.9.9
      
      Name:    pathfinder.social
      

      That’s the full output. No actual list of returned addresses.

      I’m guessing my system just has pathfinder.social cached.

      • pcouy@lemmy.pierre-couy.frOP
        link
        fedilink
        arrow-up
        2
        ·
        3 months ago

        Yeah, this probably has to do with the cache. You can try opening dev tools (F12 in most browsers), go to the network tab, and browse to pathfinder.social. You should see all requests going out, including “fake requests” to content that you already have locally cached

        • Zagorath@aussie.zone
          link
          fedilink
          English
          arrow-up
          1
          ·
          3 months ago

          Oh neat, I’d never thought of that before. Woulda been handy back last time I was working on a PWA!

          200 OK (from service worker)

          So yeah, getting it from the cache.