Skip to main content

Your NoIP.com powered site is not reachable? Here is why

When you run a remote service on your home computer, one of the things that you need to take into account is a changing IP address. The issue here is that if your IP address changes, you and everyone else connecting to that service needs to use it.

Since many home Internet connections get dynamic IP addresses regularly, it means that you have to communicate those changes to everyone so that your service remains accessible.

One way around this is to use a dynamic DNS service which assigns a static domain name to the hostname which can be used to access the service regardless of IP address.

One of No-IP.com's services is dynamic DNS. It is not the only service the company offers, you can register domain names and get mail access as well among other things, but it is probably its core product.

If you are making use of the service, you may have noticed that it is not working properly or at all anymore for a couple of days.

The reason why is explained in a company blog post. Microsoft has apparently seized several commonly used domains of the service on June 30.

Malware writers and spreaders used the system like this: their malware infects user computer systems which contact NO-IP subdomains that point to the control center so that these systems can be controlled over the Internet.

According to Microsoft, these domains have been used to spread malware and the company is filtering out the bad from the good so that legitimate hostnames should not be affected by it at all.

No-IP on the other hand claims that this is not the case and that "millions of innocent users are experiencing outages" because Microsoft's infrastructure cannot handle that many customer queries.

If your site or service is down or slow currently, that is why.  Neither Microsoft nor No-IP have revealed which domains are affected.

One question that arises out of this is why Microsoft went this road. According to No-IP, the company has a strict abuse policy and would have taken immediate action if Microsoft would have contacted the service first.

The two malware campaigns Bladabindi and Jenxcus were targeted specifically by Microsoft. By taking control of the domains, Microsoft controls all requests made to them so that it can stop any trying to contact the control center or commands from the it to the infected systems.

Our research revealed that out of all Dynamic DNS providers, No-IP domains are used 93 percent of the time for Bladabindi-Jenxcus infections, which are the most prevalent among the 245 different types of malware currently exploiting No-IP domains. Microsoft has seen more than 7.4 million Bladabindi-Jenxcus detections over the past 12 months, which doesn’t account for detections by other anti-virus providers.

Find out if your domain is affected

no-ip domain name server microsoft

The easiest way to find out if your domain is infected is by looking up its nameservers. You can do so by visiting who.is. It displays the name servers and if they show microsoftinternetsafety.net, they have been seized.

Some domains that are affected by this include

  • bounceme.net
  • myftp.biz
  • no-ip.biz
  • no-ip.info
  • myvnc.com
  • serveblog.net
  • redirectme.net
  • servehttp.com
  • systes.net

What can you do?

It is not clear how this will evolve. While you may be able to switch to different domain names offered by No-IP, you may want to consider moving to a different provider instead. Here is a short list of free dynamic DNS providers:

What's your take on the this? Was Microsoft right in seizing the domains (temporarily)?

This article was first seen on ComTek's "TekBits" Technology News

HOME