Namebio - No longer allowing free searches?

[NickB]

Just got the below message after trying a search......

Search is Not Allowed
We are no longer processing this search for free users due to massive abuse. We apologize for the inconvenience. If you want to run this search you will need a paid membership. Thanks for your understanding.


@Michael - looks like a few (or more) idiots have ruined it for everyone then?

 

[Michael]

We'll enable it at some point in the near future, but we're being attacked pretty badly and disabling the search they're doing is the only way to stop it. At the moment it only applies to searches where the length is exactly 2 chars longer than the keyword, or "from" one char longer and no "to".

So for example:

Keyword: test, Length: 6-6
Keyword: test, Length: 5+

And if you close the popup and keep going, it'll work fine. It's only the second time the table is drawn that it refuses to process the search. It's a really hackish way to block them and keep the site from crawling.

Sorry, but yea... one person is making life harder for everyone.

 

[NickB]

We'll enable it at some point in the near future, but we're being attacked pretty badly and disabling the search they're doing is the only way to stop it. At the moment it only applies to searches where the length is exactly 2 chars longer than the keyword, or "from" one char longer and no "to".

So for example:

Keyword: test, Length: 6-6
Keyword: test, Length: 7+

And if you close the popup and keep going, it'll work fine. It's only the second time the table is drawn that it refuses to process the search. It's a really hackish way to block them and keep the site from crawling.

Sorry, but yea... one person is making life harder for everyone.

No need to apologise, you gotta do what you gotta do - there is always someone/some people who will try and take the piss with most things

 

[NickB]

signed up for the paid membership - easiest thing to do

 

[BrandPlease]

That really stinks but it was only a matter of time.

How many NB threads were started about how to "work around" a 15-30 second ad?

The # of seconds was a complaint & they reduced that (if I remember correctly.) Any reasonable effort they made to support the NB site, while allowing free access to their service.

With Michael on and responding to the actual threads - many folks continued to push, and continued to post "work arounds". Really just throwing it right out in their face.

Well, they "worked around" free access to one of the most important platforms & teams in our space, IMO.

It's a shame - but search for the numerous threads, look at the whole situation, explaining the effort and cost of supporting free. Not sure what else could have come after months and months of same.

 

[Michael]

That really stinks but it was only a matter of time.

How many NB threads were started about how to "work around" a 15-30 second ad?

The # of seconds was a complaint & they reduced that (if I remember correctly.) Any reasonable effort they made to support the NB site, while allowing free access to their service.

With Michael on and responding to the actual threads - many folks continued to push, and continued to post "work arounds". Really just throwing it right out in their face.

Well, they "worked around" free access to one of the most important platforms & teams in our space, IMO.

It's a shame - but search for the numerous threads, look at the whole situation, explaining the effort and cost of supporting free. Not sure what else could have come after months and months of same.

Did you even read my response? It's literally right below the OP. We're not going paid and we're not trying to force people into paid memberships. We're being attacked by a botnet and this is the only way to stop it, it's only temporary and an extremely limited set of actions that triggers it. I even told you how to get around it...

Another way is that every time you load the homepage, click page 2 and page 3 of the results before trying to enter any filters, you'll never come across the message shown in the OP. Hopefully the attacker doesn't read this, lol.

 

[Michael]

I think I know how I'm going to block the attackers in a hopefully less annoying way that doesn't feel like a membership nudge. When you visit the homepage for the first time in X hours (days?) you are redirected to a CAPTCHA page, and once you solve it, it sends you back to the homepage with no restrictions on filters.

Or maybe I only do it if the site starts being under heavy load AND you haven't solved the CAPTCHA today. I don't know, still thinking about it, the only problem is that could interrupt a search, like you're on page 10 of a search with a lot of filters, it would be hard to return you to that spot. First page load would at least guarantee that you're not in the middle of something.

Would that be amenable to everyone? I have to figure out something, the alternative is the site crawling and taking 15-30 seconds to load search results. I don't think anyone wants that...

 

[BrandPlease]

@Michael - I had responded prior to seeing your post. Must have been typing as other messages were being posted. Only saw the first message & responded, didn't know the rest of the story and should have hung on. I just get frustrated with - regardless of platform - making it hard to operate as a service or free benefit. I have had to shut down a couple of site (I want to relaunch soon) due to abuse of free services. Sorry for jumping the gun - but didnt want to just flat out delete my first message, but happy to do so if you request.
Thanks,

 

[Michael]

@Michael - I had responded prior to seeing your post. Must have been typing as other messages were being posted. Only saw the first message & responded, didn't know the rest of the story and should have hung on. I just get frustrated with - regardless of platform - making it hard to operate as a service or free benefit. I have had to shut down a couple of site (I want to relaunch soon) due to abuse of free services. Sorry for jumping the gun - but didnt want to just flat out delete my first message, but happy to do so if you request.
Thanks,

No worries. Sorry if I was a little snippy, been a crappy last couple of days dealing with these attacks. They're by far the most sophisticated I've ever seen, and really hard to block in a way that doesn't impact other people. They have a botnet with hundreds of thousands of random IPs and they only ever do one search from each IP, and search so fast it wrecks the site. Crazy...

 

[passini]

I got the same message.

Dnpric.es

For me the sold prices are not so important to pay a subscription. They are history, better check prices of similar domains for sale today...

 

[NickB]

I got the same message.

Dnpric.es

For me the sold prices are not so important to pay a subscription. They are history, better check prices of similar domains for sale today...

I want to know if similar sales have happened in the last 12 months(or longer) , proof of concept/comparable sales is nice to share with prospective buyers....

 

[premkumar]

@Michael Just add a Google captcha for each search, which solve botnets at least make it costly for botnets

 

[Michael]

Ok, here's where we stand now. I've implemented a CAPTCHA that you'll only see once every 24 hours, and only when visiting the homepage (and eventually the details pages, i.e. namebio.com/sld.tld). When you solve it, it should take you back to where you were before you were whisked away.

I also restored the searches that the attacker was doing for free users. No more popups or workarounds. That is assuming this actually works and the attacker doesn't have a way around the CAPTCHA, which frankly wouldn't surprise me. We'll give it a few days and see if the site gets crushed any more, but please don't be mad if we have to go back to something more intrusive. The site actually loading is the top priority.

@NickB - If given this update you no longer want the membership, let me know and I'll refund you 100% as soon as possible. Sorry you felt like you had to do that for the site to be usable, even though it was only for two or three really specific searches. Maybe wait a few days to make sure we stick with this solution.

Hopefully this is acceptable for everyone, and the attacker doesn't have a way around it, so I can go back to actually being productive instead of playing cat and mouse.

For those of you who are members, as long as you're logged in you won't have to solve the CAPTCHA.

 

[uzver]

@Michael Why don’t you add a free plan and restrict certain actions to logged in users only?

 

[Michael]

I got the same message.

Dnpric.es

For me the sold prices are not so important to pay a subscription. They are history, better check prices of similar domains for sale today...

I couldn't agree less, and not just because I'm biased. Asking prices are all over the place, the "comps" you find could be wildly overpriced causing you to do the same, and by definition they haven't sold so no buyer agreed that the price was fair yet.

On the other hand, looking at recently sold domains, you have a better indication that the price was right because the buyer agreed. Sure, the price could have been too low, especially if you look at old sales (but you can factor that in), but a majority will be prices that will lead to you actually selling, not just "asking".

Just my $0.02.

 

[Michael]

@Michael Why don’t you add a free plan and restrict certain actions to logged in users only?

Bots can very easily create a bajillion accounts and log into them. Fighting bots is really hard, basically anything a human can do in a browser a bot can do. Some bots can even solve CAPTCHAS.

 

[Sutruk]

Ok, here's where we stand now. I've implemented a CAPTCHA that you'll only see once every 24 hours, and only when visiting the homepage (and eventually the details pages, i.e. namebio.com/sld.tld). When you solve it, it should take you back to where you were before you were whisked away.

It worked fine here. I think it's a good solution to prevent the bot. At least it should work.

 

[Ostrados]

Bots can very easily create a bajillion accounts and log into them. Fighting bots is really hard, basically anything a human can do in a browser a bot can do. Some bots can even solve CAPTCHAS.

Require email verification before enabling first time login, bots cannot solve that.

 

[Michael]

Require email verification before enabling first time login, bots cannot solve that.

They can, I have a system in place where a Google Voice number receives 2FA codes, then emails the text messages to a Gmail account. A bot uses the Gmail API to read the email, extract the 2FA code, and then go enter it into the login page. Bots can do pretty much anything if you put enough work into them. Email verification would be a piece of cake.

 

[NickB]

@NickB - If given this update you no longer want the membership, let me know and I'll refund you 100% as soon as possible. Sorry you felt like you had to do that for the site to be usable, even though it was only for two or three really specific searches. Maybe wait a few days to make sure we stick with this .

Appreciate the gesture, will stick with it for now.

 

[Michael]

Believe me, if it comes to bots, scraping, or even anti-scraping I've thought about it for the better part of a decade. We have some really advanced anti-scraping measures already, but it's very hard to compete with a botnet. Someone who has one of those is already in the top fraction of one percent of scrapers.

 

[pchip]

I had a clue but had no clue that bots could be this bad. The botnet having access to thousands of random IP's is the difficult one for me. I would have thought you could block the IP but that obviously won't work for that one, especially when they only use it once, Yikes! I'll have to think about that one again.

Thanks Michael for posting your thoughts and insights into this issue, much appreciated!

 

[johnn]

Guys,
If you are going to use Namebio then please subscribe and support Michael.
He has one wife and a couple kids that he need to support.

The only thing that I get free in my life are viruses.

 

[premkumar]

Ok, here's where we stand now. I've implemented a CAPTCHA that you'll only see once every 24 hours, and only when visiting the homepage (and eventually the details pages, i.e. namebio.com/sld.tld). When you solve it, it should take you back to where you were before you were whisked away.

I also restored the searches that the attacker was doing for free users. No more popups or workarounds. That is assuming this actually works and the attacker doesn't have a way around the CAPTCHA, which frankly wouldn't surprise me. We'll give it a few days and see if the site gets crushed any more, but please don't be mad if we have to go back to something more intrusive. The site actually loading is the top priority.

@NickB - If given this update you no longer want the membership, let me know and I'll refund you 100% as soon as possible. Sorry you felt like you had to do that for the site to be usable, even though it was only for two or three really specific searches. Maybe wait a few days to make sure we stick with this solution.

Hopefully this is acceptable for everyone, and the attacker doesn't have a way around it, so I can go back to actually being productive instead of playing cat and mouse.

For those of you who are members, as long as you're logged in you won't have to solve the CAPTCHA.

Botnets can solve simple captcha and but some captchas like google captcha they may need capctha solving services which charge like $2/$3 for every 1000 captcha(such service use human from developing countries typing captcha ), What make capctha difficult 1. they have to code for captcha handling, 2. the more captcha you have for searches botnet have to spend more money. in that case its easy to buy paid API service from you than using botnet. so add captcha for each searches.

And finally thanks for Namebio service.

 

[Ostrados]

@Michael I am sure that the most frequent Namebio users are NP members, so I suggest offering NP members a discounted membership and I am sure many will subscribe. Epik for example gives special prices and fees to NP members.