I was on a friend's blog site today, commenting on on his blog entry and he asked me in the comments how some folks got a great deal of his personal identifiable information (PII in the trade).
He is an epidemiologist and takes on antivaccination folks, discrediting their nonsensical memes.
Needless to say, that generates enemies, another epidemiologist has actually had people call his boss to try to get him fired, walked up to his office building entrance, to be escorted away by security and received many a death threat.
Less than five seconds of sleuthing revealed how his name, telephone number, address, e-mail address were all revealed.
When he had registered his domain, he had not ensured that it was anonymized, the end result was a simple "whois" revealed all of the information.
Later, a screen capture of the doxing on facebook confirmed it, as whois has standard entries.
Below, I'll explain a bit about the process and basic pointers to avoid having anyone with a Linux system or running Cygwin on Windows to run Unix utilities use the whois command to learn more than you want anyone to know.
To have one's own domain, such as here with dailykos.com, one goes to a domain registrar and purchases the domain if it is available. More enterprising folks would buy their domain name, like dailykos and also register .net, .org, .com, .com.us, etc to avoid others grabbing the other domains and accidentally end up on a malicious or competing site.
One then points the acquired domain, which is part of the process, to the server one's domain should be resting upon.
To again use dailykos as an example, the server is www-dailykos-com-elb-60495075.us-west-2.elb.amazonaws.com at IP 54.187.174.198. That's a cluster hosted by Amazon and typically, it's shared and host header selection leads one to the site. Usually, occasionally the entire IP is rented for a site that has a great deal of traffic and resources.
So, a whois of www.dailykos.com reveals:
Domain Name: DAILYKOS.COM
Registry Domain ID: 87899509_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Update Date: 2013-06-26T21:47:35Z
Creation Date: 2002-06-26T19:46:19Z
Registrar Registration Expiration Date: 2020-09-12T03:59:59Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: @godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited http://www.icann.org/...
Domain Status: clientUpdateProhibited http://www.icann.org/...
Domain Status: clientRenewProhibited http://www.icann.org/...
Domain Status: clientDeleteProhibited http://www.icann.org/...
Registry Registrant ID:
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 14747 N Northsight Blvd Suite 111, PMB 309
Registrant City: Scottsdale
Registrant State/Province: Arizona
Registrant Postal Code: 85260
Registrant Country: United States
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: @domainsbyproxy.com
Registry Admin ID:
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 14747 N Northsight Blvd Suite 111, PMB 309
Admin City: Scottsdale
Admin State/Province: Arizona
Admin Postal Code: 85260
Admin Country: United States
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: @domainsbyproxy.com
Registry Tech ID:
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 14747 N Northsight Blvd Suite 111, PMB 309
Tech City: Scottsdale
Tech State/Province: Arizona
Tech Postal Code: 85260
Tech Country: United States
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: @domainsbyproxy.com
Name Server: NS-1920.AWSDNS-48.CO.UK
Name Server: NS-1148.AWSDNS-15.ORG
Name Server: NS-819.AWSDNS-38.NET
Name Server: NS-222.AWSDNS-27.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2015-09-12T07:00:00Z <<<
In my friend's case, his personal information was listed, rather than an anonymizing service.
I e-mailed him with a buffer of the whois information and told him to "raise merry hell with your domain registrar", which he did.
During the period that one of the slightly brighter antivaccination folks had released that whois buffer, he had gotten a death threat by telephone, threatening e-mails and the Dean of his college where he's working on his PhD at had a chuckling conversation after receiving a telephone complaint.
BTW, we're internet friends, hopefully before I leave the Baltimore metropolitan area, we'll meet for the promised beer. That said, a Google Maps view of his home address showed a very nice house. I'm pleased for him and his wife on their fine home.
Now, his whois of the domain has no PII in it.
But, the internet wayback machine will have the open groups, Google cache will have it for a long, long time.
For the curious:
whois epidemiological.net
Domain Name: EPIDEMIOLOGICAL.NET
Registry Domain ID: 1703717395_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.publicdomainregistry.com
Registrar URL: www.publicdomainregistry.com
Updated Date: 2015-09-11T13:34:24Z
Creation Date: 2012-02-23T22:28:24Z
Registrar Registration Expiration Date: 2016-02-23T22:28:24Z
Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
Registrar IANA ID: 303
Domain Status: clientTransferProhibited https://icann.org/...
Registry Registrant ID:
Registrant Name: Domain Admin
Registrant Organization: Privacy Protection Service INC d/b/a PrivacyProtect.org
Registrant Street: C/O ID#10760, PO Box 16 Note - Visit PrivacyProtect.org to contact the domain owner/operator Note - Visit PrivacyProtect.org to contact the domain owner/operator
Registrant City: Nobby Beach
Registrant State/Province: Queensland
Registrant Postal Code: QLD 4218
Registrant Country: AU
Registrant Phone: +45.36946676
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: @privacyprotect.org
Registry Admin ID:
Admin Name: Domain Admin
Admin Organization: Privacy Protection Service INC d/b/a PrivacyProtect.org
Admin Street: C/O ID#10760, PO Box 16 Note - Visit PrivacyProtect.org to contact the domain owner/operator Note - Visit PrivacyProtect.org to contact the domain owner/operator
Admin City: Nobby Beach
Admin State/Province: Queensland
Admin Postal Code: QLD 4218
Admin Country: AU
Admin Phone: +45.36946676
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: @privacyprotect.org
Registry Tech ID:
Tech Name: Domain Admin
Tech Organization: Privacy Protection Service INC d/b/a PrivacyProtect.org
Tech Street: C/O ID#10760, PO Box 16 Note - Visit PrivacyProtect.org to contact the domain owner/operator Note - Visit PrivacyProtect.org to contact the domain owner/operator
Tech City: Nobby Beach
Tech State/Province: Queensland
Tech Postal Code: QLD 4218
Tech Country: AU
Tech Phone: +45.36946676
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: @privacyprotect.org
Name Server: ns1.wordpress.com
Name Server: ns2.wordpress.com
Name Server: ns3.wordpress.com
DNSSEC:Unsigned
Registrar Abuse Contact Email: @publicdomainregistry.com
Registrar Abuse Contact Phone: +1-2013775952
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>>Last update of WHOIS database: 2015-09-12T07:14:04+0000Z<<<
For more information on Whois status codes, please visit https://icann.org/...
Registration Service Provided By: MACHIGHWAY
For those interested in Unix like tools for Windows, Cygwin has Unix tools for Windows.
If you have a Mac, you've already got the tools, but MacPorts adds functionality that Apple screws you out of
If you've got a Linux or *BSD box, well, you've got the tools or can install them from your distribution repository or installation disc.