Find Out Who Registered A Domain Name

The Internet is an amazing place where we can expand our knowledge – or – just look pictures of animals with funny captions, but have you ever wondered to yourself who owns that domain, who took the time to build that amazing website, see if a business is legit or maybe you just want to learn a new nerdy skill?

A domain name can be registered by anyone so long as its available and not registered to anyone else, and can be bought at anytime through hundreds, thousands or maybe millions of companies known as domain registrars. The job of a domain registrar is to take money and convert it into domain registrations as they are essentially the middle men between the domain registries (the top dogs of the domain world, the owners of the bit after the dot) and ourselves.

When a domain is registered, regardless of the registrar used, contact details will always need to be provided. These details form what’s known as the legal registrant and can be either a company or an individual who will legally own the name for however long it has been registered for.

That’s great but what next? Well here comes the juicy bit! All that information is kept in a global database known as the WHOIS database (pronounced “who is”) which is free to browse and will give an insight into any domain registration.

Querying WHOIS

The following guide will show you step by step how to query the WHOIS database for free with no special software required. To keep things simple I will be using a website that I created which has a built in WHOIS tool.

  • First things first we need to head to the WHOIS tool, click onto the following link or type it into your address bar directly: http://www.nerdtools.co.uk/whois/
  • Once the website loads you’ll see a box where it asks you to enter a domain name, enter the domain which you would like to query and press Enter or the “Let’s do this! >” button
    whois-query-1
  • After a few seconds you’ll be redirected to a new page that shows the domain details in a similar format to one shown below:
    whois-query-2
  • As  you can see from the screenshot above a lot of information is returned, so much that it doesn’t all fit on screen without scrolling but once you read through you will easily see who owns the domain, when it was registered, when it expires and other useful information

Notes

  • In the example above you can see no “Registrant’s address” is returned, this is because its a .UK domain and Nominet (the registry behind all .UK domains) allow the address to be hidden for any non-trading individuals, but with domains such as .COM, .NET, .ORG the information will always be available
  • Depending on the domain name things may look a little different to the one in the example
  • Any changes to a domains details can take up to 24 hours to show so things may not always be accurate
  • There are strict terms that need to be followed when it comes to using the information returned from a lookup and these can be found usually be found at the bottom – It’s not shown in the screenshot as it was so big, to see them click here and scroll down
  • Sometimes registrars offer a privacy package that will hide the registrants contact information and replace it with the registrars instead, if you see a domain like this that’s trading as a business stay well away as it could be up to no good!

WordPress & Spam: Key’s Solution

Recently I began to see an increase in malicious login attempts to my servers from bots (ie. automated attempts to login via FTP, POP/IMAP, SSH and so on) which gave me an idea for a new side-project on NerdTools known as the Bad Bots Intrusion & Spam Detection database.

After a few hours of developing a database was generating before my eyes of all the bad bots and their failed attempts, which then got me thinking, aside from using the database with a firewall can this be intergrated with WordPress to stop spam before its even posted?

A few more hours developing and I have now created two plugins which are listed in the WordPress extension directory. One is called NerdTools Bad Bots Spam Reporter which cleverly and annonymously reports the IP address of an author whenever a comment is classed as spam, and the other is called NerdTools Bad Bots Spam Defender which again annonymously screens every authors IP address against the database and if a match is found it won’t allow the comment to be saved.

Going a little deeper into the reporting plugin; when a comment is classed as spam the authors IP address is reported to the database but it won’t be entered straight away, our system will wait and see if any patterns form, if so it will then be entered and further comments will not be allowed.

It may seem madness having two seperate plugins to work as one but I didn’t want to force people into reporting comments if they don’t want to and vice versa with the defending plugin.

In terms of infrastructure the database is hosted on a high performance SSD server which has memcache enabled. Future plans include clustered servers for even greater performance.

Not bad for a few hours work!

 

 

 

 

Server Security Tips

Whenever I deploy a new server I always ensure that any flaws which I’ve picked up from my few years of server experience are fixed, leaving the new server as secure as can be and ready for use.

Below are a few tips for keeping your server as secure as can be:

  • Have a secure root password – Use something random and at least 8 characters long
  • Use non-default ports – Change the default port for services commonly targeted by bots or attackers such as SSH
  • Check your logs – Look for authentication failures and put the related IPs in a block or reject rule using iptables
  • Process users – Make sure processes have their own users and aren’t ran as root

More tips will be added once I remember them!

Webmin 1.610 on CentOS 5.8 (x86)

The following commands can be used to install Webmin 1.610 on CentOS 5.8. Make sure you’re logged in as root and then follow the steps below.

Select a temporary directory to save the download to. We will only use the downloaded file once so it’s pointless keeping it.. free up space and put it in /tmp!

cd /tmp

Begin the download of Webmin using wget:

wget http://prdownloads.sourceforge.net/webadmin/webmin-1.610-1.noarch.rpm

Install Webmin by unpacking the archive:

rpm -Uvh webmin-1.610-1.noarch.rpm

Done! You can now login to your fresh installation of Webmin by heading to http://hostname-or-ipaddress:10000 using the root username and password.

Notes

  • You can download the file used in the example above by clicking here or see all Webmin related files by clicking here

Unstick a LinkStation Disk Backup

Imagine this… you have two decent network attach storage boxes which regularly backup one to the other using a built in Disk Backup tool –  Brilliant huh, sounds almost like a nerdy dream! Now imagine part way through a backup you get a power cut or you just trip over the power cable ripping the plug out the wall… not to worry, things will pick up where they left off… unless those decent boxes are Buffalo LinkStations!

I first discovered this flaw a few weeks back when one of my nightly backups seemed to be taking longer than usual. I gave the box about a day or so to try and fix itself but it still kept saying that the disk backup was in progress and in the admin interface and I was unable to cancel or remove the backup, so it was pretty much stuck as you can see below:

stuck-backup

I headed to the official Buffalo support website which seemed to have a fix for this common problem – See for yourself below:

buffalo-stuck-disk-backup
Okay so you have to restore the box to factory defaults… no thanks! I can only assume that because the HS-DHGL is one of their older discontinued products they just can’t be bothered to make a firmware update as it’s not worth their time or effort, but the other option is to use SSH to edit a file which will force the backup to complete.

Getting Unstuck

The following guide will assume you have already enabled SSH and are logged in ready to go, if you haven’t yet enabled SSH see this post here.

  • First of all we need to locate the backup configuration file and this depends on the job number specified on the admin interface, in my case it was number 1 so we need to type in the following command to open the file in a text editor:
    • "vi /etc/melco/backup1"
  • You will now see the configuration file open, hit I (for indigo) on your keyboard to allow inserting of new text and change the line status=running to status=done
  • Hit the Escape key and then type :wq to save your changes and quit
  • Head back to the admin interface to the Disk Backup section and you’ll now see the backup showing as complete as seen below:
    job-complete
  • That’s it – The backup is unstuck, and we haven’t had to restore anything to factory defaults!

Notes

  • This has been tried and tested on the following models/firmware: HS-DHGL/v2.1
  • Finally, if you could let me know if you encounter any problems or can confirm if this works for other models I’d be grateful

Icecast PHP Stats

A recent project of mine called Coop Cam uses several live video streams served by an Icecast server at different mount points which works great, but I found there was no real solution to simply display how many viewers were actually watching the live streams.

I put together a basic PHP code that reads the Icecast XML stats file and retrieves the current overall viewers (or listeners as its officially known) of all available mount points.

Code

// get the stats xml file //
$output = file_get_contents('http://admin:adminpassword@youricecastserver.com:8000/admin/stats');

// explode to make the magic happen //   
$listeners = explode('',$output);
$listeners = explode('',$listeners[1]);

// output to the world //
echo "Currently <b>$listeners[0]</b> people are watching the live stream!";

Once you have amended the admin password, server name and port the code above will then connect to your server and read the /admin/stats XML file. From here it will literally pick out the content shown between the <listeners></listeners> tags and that then becomes the $listeners[0] variable, simply place this wherever you want to display the amount of current viewers.

Notes

  • This code may or may not work depending on if your hosting provider allows the file_get_contents function – In my case I use my own dedicated servers and it works without issue, if you have any problems I’m sure I can sort something for you!
  • You can show the amount of sources, file connections and so on by amending the code to reflect the correct tags – A full list of tags can be seen by visiting the youricecastservername.com:8000/admin/stats page
  • You can find a live working example of this script here or actually see it in place here
  • Finally, you can download the script by clicking here or see all available Icecast files here

A Sticky Problem with Glue Records and 1&1 Internet

Recently I had a tidy up with my hosting infrastructure which involved moving a slave DNS server from one IP address to another. The easy part was setting up the server and changing the existing DNS A record to point to the new IP address, the fun started when it came to updating the Glue record held with 1&1.

If you weren’t already aware a Glue record is something set by the domain registrar (1&1 in this case) that points directly to the server where the domains DNS records are kept. This makes it possible  to have domain names with nameservers that are a subdomain of itself, for example nerdkey.co.uk could point to ns1.nerdkey.co.uk and ns2.nerdkey.co.uk.

The last time I’d update Glue records with 1&1 was a good few years ago, but it was a simple case of logging into the control panel, searching for the domain and then heading to the record for subdomain, hitting an edit button and then changing the existing A record IP address for a new one but it wasn’t that easy this time round.

After a little trial and error and a lot of head scratching it seems that since they rolled out their new control panel it just isn’t possible anymore to set or update Glue records – you could see the records don’t get me wrong, just not update them. Not to worry though, their technical support team will be able to update the records, right? WRONG! I emailed them several times, making things as clear as possible whilst at the same time thinking that their support advisers would be savvy enough to understand terms used within the industry they work in, didn’t go too well.

In a nutshell, here is the correspondence between us:

  • [Me] – Outlined the domain, that I wanted Glue records updating and the exact subdomains and IP addresses
  • [Them] – Asked me to confirm if these changes has already been made as my website was working fine (not what I asked?)
  • [Me] – Sent a slightly reworded version of the first, again outlining the essential details and that it hadn’t been updated
  • [Them] – Confirmed that website was working fine again, asked me to clear my cache and reply with any error messages (did they even read the email?)
  • [Me] – Sent a similar email along the lings of the first and second stating that they are the domain registrar and this is something they need to do, again included essential details
  • [Me] – Emailed them to see if any updates available
  • [Them] – Replied asking me to confirm that I wanted the NS2 record updated as well (because the last emails didn’t state that?)
  • [Them] – Responded saying the nameservers may possibly need to be reverted back to them for this to work, but they used a special “tool” instead and said to wait up to 48 hours
  • [Them] – Replied this morning (after the domain was transferred and Glue set correctly with a different provider) saying that everything is now set correctly

Enough was enough, it got to a point where I’d given them over a weeks worth of my time and they’d done little more then send me a few standard responses and ask for confirmation which was already given. My last attempt to gain faith in them involved changing the nameservers back to them to see if it would work and allow me to set the records, it partly did – I managed to set the NS1-4 subdomains to the correct A records then updated the domains nameservers to another provider temporarily straight after to avoid any downtime and left it a few hours. I came back a few hours later and tried to set the nameservers back to ns1-4.koserver.co.uk but got an error message saying the nameservers weren’t registered and found out that the update to the temporary nameservers hadn’t taken affect, slowly grinding my entire hosting network to a halt – great!

I know I hadn’t waited the standard propagation times, but given the past experience and useless support and the fact that everything was slowly grinding to a halt, it was time to transfer. After research I’d narrowed things down to two providers – I wanted to give Name.com a try, but as their system for transferring in .UK’s wasn’t automated I abandoned that plan and went for NameCheap. Within an hour the domain was with them and Glue records were set through the control panel and things are slowly coming back online.

In all my years of website hosting I have never had such a catastrophic outage, aside from looking into a second domain to host nameservers all my domains with 1&1 will be transferred elsewhere.

So in summary, if you know what you’re doing don’t go with 1&1. You’ll be treated like an idiot and just wasting your time throwing emails back and forth with them. They don’t really read your emails and the fact they removed such a critical feature without telling anyone speaks volumes in my opinion, I mean they still have an old support article on how to set Glue records, obviously doesn’t work though. It is a shame, but that’s life.