Namebio - No longer allowing free searches?

[NickB]

Just got the below message after trying a search......

Search is Not Allowed
We are no longer processing this search for free users due to massive abuse. We apologize for the inconvenience. If you want to run this search you will need a paid membership. Thanks for your understanding.


@Michael - looks like a few (or more) idiots have ruined it for everyone then?

 

[Michael]

We'll enable it at some point in the near future, but we're being attacked pretty badly and disabling the search they're doing is the only way to stop it. At the moment it only applies to searches where the length is exactly 2 chars longer than the keyword, or "from" one char longer and no "to".

So for example:

Keyword: test, Length: 6-6
Keyword: test, Length: 5+

And if you close the popup and keep going, it'll work fine. It's only the second time the table is drawn that it refuses to process the search. It's a really hackish way to block them and keep the site from crawling.

Sorry, but yea... one person is making life harder for everyone.

 

[NickB]

We'll enable it at some point in the near future, but we're being attacked pretty badly and disabling the search they're doing is the only way to stop it. At the moment it only applies to searches where the length is exactly 2 chars longer than the keyword, or "from" one char longer and no "to".

So for example:

Keyword: test, Length: 6-6
Keyword: test, Length: 7+

And if you close the popup and keep going, it'll work fine. It's only the second time the table is drawn that it refuses to process the search. It's a really hackish way to block them and keep the site from crawling.

Sorry, but yea... one person is making life harder for everyone.

No need to apologise, you gotta do what you gotta do - there is always someone/some people who will try and take the piss with most things

 

[Michael]

Ok, here's where we stand now. I've implemented a CAPTCHA that you'll only see once every 24 hours, and only when visiting the homepage (and eventually the details pages, i.e. namebio.com/sld.tld). When you solve it, it should take you back to where you were before you were whisked away.

I also restored the searches that the attacker was doing for free users. No more popups or workarounds. That is assuming this actually works and the attacker doesn't have a way around the CAPTCHA, which frankly wouldn't surprise me. We'll give it a few days and see if the site gets crushed any more, but please don't be mad if we have to go back to something more intrusive. The site actually loading is the top priority.

@NickB - If given this update you no longer want the membership, let me know and I'll refund you 100% as soon as possible. Sorry you felt like you had to do that for the site to be usable, even though it was only for two or three really specific searches. Maybe wait a few days to make sure we stick with this solution.

Hopefully this is acceptable for everyone, and the attacker doesn't have a way around it, so I can go back to actually being productive instead of playing cat and mouse.

For those of you who are members, as long as you're logged in you won't have to solve the CAPTCHA.

 

[Michael]

That really stinks but it was only a matter of time.

How many NB threads were started about how to "work around" a 15-30 second ad?

The # of seconds was a complaint & they reduced that (if I remember correctly.) Any reasonable effort they made to support the NB site, while allowing free access to their service.

With Michael on and responding to the actual threads - many folks continued to push, and continued to post "work arounds". Really just throwing it right out in their face.

Well, they "worked around" free access to one of the most important platforms & teams in our space, IMO.

It's a shame - but search for the numerous threads, look at the whole situation, explaining the effort and cost of supporting free. Not sure what else could have come after months and months of same.

Did you even read my response? It's literally right below the OP. We're not going paid and we're not trying to force people into paid memberships. We're being attacked by a botnet and this is the only way to stop it, it's only temporary and an extremely limited set of actions that triggers it. I even told you how to get around it...

Another way is that every time you load the homepage, click page 2 and page 3 of the results before trying to enter any filters, you'll never come across the message shown in the OP. Hopefully the attacker doesn't read this, lol.

 

[Michael]

@Michael - I had responded prior to seeing your post. Must have been typing as other messages were being posted. Only saw the first message & responded, didn't know the rest of the story and should have hung on. I just get frustrated with - regardless of platform - making it hard to operate as a service or free benefit. I have had to shut down a couple of site (I want to relaunch soon) due to abuse of free services. Sorry for jumping the gun - but didnt want to just flat out delete my first message, but happy to do so if you request.
Thanks,

No worries. Sorry if I was a little snippy, been a crappy last couple of days dealing with these attacks. They're by far the most sophisticated I've ever seen, and really hard to block in a way that doesn't impact other people. They have a botnet with hundreds of thousands of random IPs and they only ever do one search from each IP, and search so fast it wrecks the site. Crazy...

 

[NickB]

signed up for the paid membership - easiest thing to do

 

[Michael]

Require email verification before enabling first time login, bots cannot solve that.

They can, I have a system in place where a Google Voice number receives 2FA codes, then emails the text messages to a Gmail account. A bot uses the Gmail API to read the email, extract the 2FA code, and then go enter it into the login page. Bots can do pretty much anything if you put enough work into them. Email verification would be a piece of cake.

 

[BrandPlease]

That really stinks but it was only a matter of time.

How many NB threads were started about how to "work around" a 15-30 second ad?

The # of seconds was a complaint & they reduced that (if I remember correctly.) Any reasonable effort they made to support the NB site, while allowing free access to their service.

With Michael on and responding to the actual threads - many folks continued to push, and continued to post "work arounds". Really just throwing it right out in their face.

Well, they "worked around" free access to one of the most important platforms & teams in our space, IMO.

It's a shame - but search for the numerous threads, look at the whole situation, explaining the effort and cost of supporting free. Not sure what else could have come after months and months of same.

 

[Michael]

@Michael Why don’t you add a free plan and restrict certain actions to logged in users only?

Sorry, forgot to mention, we actually do have a free plan. If you register and validate your email you get 150 results per search instead of 100. Not a huge deal, but doesn't take a lot of effort to sign up.

@Michael I am sure that the most frequent Namebio users are NP members, so I suggest offering NP members a discounted membership and I am sure many will subscribe. Epik for example gives special prices and fees to NP members.

I've always hesitated to do coupon codes because once the field is there, I think a lot of people won't sign up unless they're able to find a coupon. Which leaves us having to run promos pretty much 365. Plus the coupon would spread outside of NP, so that would basically just be changing our prices. I'll give it some thought though.

Fees too much

Not if you're using the site correctly. If you are, there's no way it can't earn you an extra $5/mo by helping you avoid a bad buy, jump on a good opportunity, or price your name better. Have you looked at the annual plans? They're 50% off.

The service should not be available for free. Plain and simple. A domainer who needs it - he will pay. I see no need to use it, but, should I change my mind someday - then I will subscribe. Enduser should not be able to see the data. By providing the data for free, namebio is doing is a disservice to the industry. Wholesale prices is not something public, and should never be disclosed...

That's why we leave the sales under $100 private. End users rarely find the site, but I assure you it is a good thing when they do. If they don't know you paid $350 for something what do you think they're assuming you paid? The answer is reg fee, I promise you. They weren't assuming you paid $5k, they probably don't even know domains can sell for that much.

I've actually sent end-users to the site to show them how much I paid to get them to increase their offer, it almost always works unless they just can't afford it.

 

[Michael]

I think I know how I'm going to block the attackers in a hopefully less annoying way that doesn't feel like a membership nudge. When you visit the homepage for the first time in X hours (days?) you are redirected to a CAPTCHA page, and once you solve it, it sends you back to the homepage with no restrictions on filters.

Or maybe I only do it if the site starts being under heavy load AND you haven't solved the CAPTCHA today. I don't know, still thinking about it, the only problem is that could interrupt a search, like you're on page 10 of a search with a lot of filters, it would be hard to return you to that spot. First page load would at least guarantee that you're not in the middle of something.

Would that be amenable to everyone? I have to figure out something, the alternative is the site crawling and taking 15-30 seconds to load search results. I don't think anyone wants that...

 

[Michael]

Believe me, if it comes to bots, scraping, or even anti-scraping I've thought about it for the better part of a decade. We have some really advanced anti-scraping measures already, but it's very hard to compete with a botnet. Someone who has one of those is already in the top fraction of one percent of scrapers.

 

[pchip]

I had a clue but had no clue that bots could be this bad. The botnet having access to thousands of random IP's is the difficult one for me. I would have thought you could block the IP but that obviously won't work for that one, especially when they only use it once, Yikes! I'll have to think about that one again.

Thanks Michael for posting your thoughts and insights into this issue, much appreciated!

 

[BrandPlease]

@Michael - I had responded prior to seeing your post. Must have been typing as other messages were being posted. Only saw the first message & responded, didn't know the rest of the story and should have hung on. I just get frustrated with - regardless of platform - making it hard to operate as a service or free benefit. I have had to shut down a couple of site (I want to relaunch soon) due to abuse of free services. Sorry for jumping the gun - but didnt want to just flat out delete my first message, but happy to do so if you request.
Thanks,

 

[NickB]

I got the same message.

Dnpric.es

For me the sold prices are not so important to pay a subscription. They are history, better check prices of similar domains for sale today...

I want to know if similar sales have happened in the last 12 months(or longer) , proof of concept/comparable sales is nice to share with prospective buyers....

 

[uzver]

@Michael Why don’t you add a free plan and restrict certain actions to logged in users only?

 

[Michael]

@Michael Why don’t you add a free plan and restrict certain actions to logged in users only?

Bots can very easily create a bajillion accounts and log into them. Fighting bots is really hard, basically anything a human can do in a browser a bot can do. Some bots can even solve CAPTCHAS.

 

[johnn]

Guys,
If you are going to use Namebio then please subscribe and support Michael.
He has one wife and a couple kids that he need to support.

The only thing that I get free in my life are viruses.

 

[Ostrados]

@Michael I am sure that the most frequent Namebio users are NP members, so I suggest offering NP members a discounted membership and I am sure many will subscribe. Epik for example gives special prices and fees to NP members.

 

[premkumar]

@Michael Just add a Google captcha for each search, which solve botnets at least make it costly for botnets

 

[Michael]

I got the same message.

Dnpric.es

For me the sold prices are not so important to pay a subscription. They are history, better check prices of similar domains for sale today...

I couldn't agree less, and not just because I'm biased. Asking prices are all over the place, the "comps" you find could be wildly overpriced causing you to do the same, and by definition they haven't sold so no buyer agreed that the price was fair yet.

On the other hand, looking at recently sold domains, you have a better indication that the price was right because the buyer agreed. Sure, the price could have been too low, especially if you look at old sales (but you can factor that in), but a majority will be prices that will lead to you actually selling, not just "asking".

Just my $0.02.

 

[Sutruk]

Ok, here's where we stand now. I've implemented a CAPTCHA that you'll only see once every 24 hours, and only when visiting the homepage (and eventually the details pages, i.e. namebio.com/sld.tld). When you solve it, it should take you back to where you were before you were whisked away.

It worked fine here. I think it's a good solution to prevent the bot. At least it should work.

 

[NickB]

@NickB - If given this update you no longer want the membership, let me know and I'll refund you 100% as soon as possible. Sorry you felt like you had to do that for the site to be usable, even though it was only for two or three really specific searches. Maybe wait a few days to make sure we stick with this .

Appreciate the gesture, will stick with it for now.

 

[HotKey]

My word!! What is it, classified information, like top-secret level stuff now being held over at NB? Give me a break, when it takes me 10 minutes to get through the captcha, I'm out of there. Click all the planes.. I click all the planes.. click all the trains.. I click all the trains.. click the click and then blink twice, clap yours and 10 jumping jacks.

 

[Michael]

My word!! What is it, classified information, like top-secret level stuff now being held over at NB? Give me a break, when it takes me 10 minutes to get through the captcha, I'm out of there. Click all the planes.. I click all the planes.. click all the trains.. I click all the trains.. click the click and then blink twice, clap yours and 10 jumping jacks.

If you want to send me a screen recording I’ll be happy to take a look. We’re getting slammed by bots more than usual lately so I had to throw up the CAPTCHA unfortunately. I’ve never experienced what you described though, I just recorded this: