this post was submitted on 14 Jun 2024
4 points (100.0% liked)

Selfhosted

38804 readers
200 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
4
Never buy .xyz (sh.itjust.works)
submitted 2 months ago* (last edited 2 months ago) by HumanPerson@sh.itjust.works to c/selfhosted@lemmy.world
43 comments fedilink hide all child comments
 

I just wanted to post this here because I want to help you all and hurt gen.xyz as much as possible. I had a .xyz domain through njal.la which I used to host jellyfin, homeassistant, and other basic things for friends and family. My domain recently became inaccessible without any notice. After a while of troubleshooting, I found that it had been reported to xyz as abuse, and they must have done zero investigation whatsoever before serverholding my domain. I thought about opening a ticket with xyz to get my domain back, but realized that I no longer wish to buy from some shitty company that will take down any site without warning. Bought a .com domain since they are somewhat reputable, and I would advise everyone here to never buy a .xyz domain. Angry rant over.

top 43 comments
sorted by: hot top controversial new old
[–] chiisana@lemmy.chiisana.net 3 points 2 months ago (1 children)

Locks can happen by registrar (I.e.: ninjala, cloudflare, namecheap etc.) or registry (I.e.: gen.xyz, identity digital, verisign, etc.).

Typically, registry locks cannot be resolved through your registrar, and the registrant may need to work with the registry to see about resolving the problem. This could be complicated with Whois privacy as you may not be considered the registrant of the domain.

In all cases, most registries do not take domain suspensions lightly, and generally tend to lock only on legal issues. Check your Whois record’s EPP status codes to get hints as to what may be happening.

[–] HumanPerson@sh.itjust.works 2 points 2 months ago (1 children)

I'm on a new domain now anyway. I will be more careful on this one, but I suspect they just didn't look into it. I do really appreciate that you seem to be both knowledgeable and not an asshole. That seems to be a rare combination to find in this thread.

[–] Oisteink@feddit.nl 2 points 2 months ago (1 children)

That’s the main difference between lemmy and early reddit. Reddit had good info from knowledgeable people, and moderation. Here it seems most are 8 years old with 0 knowledge talking shite. Voting to “prove their point”. Like downvoting your reply.

[–] HumanPerson@sh.itjust.works 1 points 2 months ago (1 children)

Sorry to see you got downvoted for saying something that Reddit did better than Lemmy. I think a lot (though probably not the majority) of lemmings as well as people invoiced in open source can't take criticism, especially of an open source project they care about. It is unfortunate as it negates a lot of the benefits of open source / free software.

[–] Oisteink@feddit.nl 1 points 2 months ago

I don’t care about internetpoints, and I’ve given up hopes for lemmy as a platform. There's too many subs compared to people, so people are smeared too thin out.

Reddit had soul back then. It was fresh, new, different. Lemmy is just a bleak copy of Reddit, missing quality content and people.

[–] slazer2au@lemmy.world 2 points 2 months ago (1 children)

Yeah the cheaper the domain the more likely it is for abuse to occur and your own domain to be lumped into that category.

[–] HumanPerson@sh.itjust.works 1 points 2 months ago

It cost the same as my new .com one. It was the registry (not registrar) that took it down.

[–] peskywarrior@lemmy.world 2 points 2 months ago* (last edited 2 months ago) (6 children)

Just wanted to say in case others see this, you can buy a .xyz domain from reputable places (maybe for a higher cost). I believe the OP is talking about the specific site 'gen.xyz'.

I have an xyz domain with Cloudflare, host many things on it (like Jellyfin), and haven't had any issues yet.

Edit: as many have pointed out, my understanding of registrars was wrong and gen.xyz actually owns all xyz tlds. Sleep in fear if you own one I suppose

[–] SaltySalamander@fedia.io 3 points 2 months ago

gen.xyz controls all .xyz domains, even yours. Doesn't matter where you registered it.

[–] OpticalMoose@discuss.tchncs.de 2 points 2 months ago (1 children)

Thank you for that explanation. My regex impaired ass thought he wanted to hurt generation[x|y|z].

I'm like "what'd we ever do to you?"

[–] HumanPerson@sh.itjust.works 2 points 2 months ago (1 children)

No, I'm in that category too lol.

[–] threelonmusketeers@sh.itjust.works 1 points 1 month ago

As is everyone born between 1965 and 2015, which is quite a few people.

[–] Kiwi@lemmy.world 1 points 2 months ago

That’s not how domains work.

[–] viking@infosec.pub 1 points 2 months ago

The thing is that gen.xyz is the registrar itself, i.e. the highest authority for this tld. If they blacklist domains, you're screwed.

[–] HumanPerson@sh.itjust.works 1 points 2 months ago (1 children)

I bought from njal.la. they were almost entirely unhelpful but pointed me to the site for the tld. It appeared through their wording that gen.xyz who owns the xyz tld was responsible for taking the domain down. I bought my new domain through porkbun tho.

[–] Syn_Attck@lemmy.today 0 points 2 months ago (1 children)

Njalla just buys domains from major registrars on your behalf and owns them on your behalf. Godaddy, Tucows, etc. It was the owner of the entire .xyz space (gen.xyz) who shut your domain down. Njalla is just passing along the info. Porkbun will do the same.

[–] HumanPerson@sh.itjust.works 1 points 2 months ago (1 children)

I know, but they didn't pass much info. They told me it was serverhold and nothing else. They could have at least said it wasn't them that did it.

[–] Syn_Attck@lemmy.today 1 points 2 months ago

Since its servhold, you may be able to remove the offending content (for a short time, anything public-facing) and then contact reg.xyz to get it unsuspended. You're right though that's not very good customer service.

On a related note, it's possible a misconfiguration allowed some of the contents or index to be shown publicly and it got caught in a search engine and was taken down in an automated DMCA sweep. I believe .xyz is an American registrar so have to respond to DMCA but could be wrong on that. I like to stay with any .TLD that archive uses.. md, ph, etc.

https://help.sav.com/hc/en-us/articles/11933048624923-Resolving-serverHold-on-Your-Domain

[–] SnotFlickerman@lemmy.blahaj.zone 0 points 2 months ago (1 children)

Cloudflare can still go bad, but its usually for high-capacity users who are using way more than the average. I haven't seen any homeserver users get hit with any trouble, but I've seen a couple small businesses have bad situations with Cloudflare, although it honestly seems like the minority.

Cloudflare has issues but for most its probably fine.

[–] peskywarrior@lemmy.world 1 points 2 months ago

From what I've seen/heard, if you follow the ToS (usually by not proxy-ing hosts that shouldn't be proxied or are in violation if they are) there's nothing to be afraid of ¯⁠\⁠_⁠(⁠ツ⁠)⁠_⁠/⁠¯

[–] earmuff@lemmy.dbzer0.com 2 points 2 months ago

Also, don‘t use it for any mail servers. Spam Assassin gives a negative score by default on *.xyz domains. Stupid as shit, but I had to learn the hard way.

[–] johntash@eviltoast.org 2 points 2 months ago

Eh while it sucks, registrars and web hosts get so many abuse reports that sometimes they just err on the side of caution and don't investigate as thoroughly as you'd like.

Of course it also depends a lot on various things like what type of complaint, how much money you spend with them, account history, complaint source, etc.

They should be able to tell you what they had a problem with and give you a chance to fix it.

[–] TWeaK@lemm.ee 1 points 2 months ago (2 children)

I mean, a jellyfin server is typically full of copyright protected material. I also wouldn't expect them to notify you in advance, however they should still send some notice when they stop providing the service you've paid for.

[–] HumanPerson@sh.itjust.works -1 points 2 months ago

It typically is, and I won't comment on whether mine is, but that isn't enough reason to take it down. I was quite careful about who I gave access to, as well as making sure people had secure passwords. It is highly unlikely that anyone got in and saw any copyright violation before reporting it.

[–] givesomefucks@lemmy.world -2 points 2 months ago (1 children)

Yeah, dude tried to open his own personal Netflix and is surprised it got taken down.

From post history he managed to keep it up for less than a month.

I'm betting by "friends" he meant either online friends he's never met, or people he wanted to impress.

So they gave zero fucks and handed it out to more people. Like, just the idea that you're giving it to so many people that you actually buy a domain?

There's a reason everyone isn't already doing it already.

[–] HumanPerson@sh.itjust.works 4 points 2 months ago* (last edited 2 months ago) (1 children)

I kept it up for more than a year. By friends I mean like 3 people I know in real fucking life, and I made them all set secure passwords. Way to assume the worst about people, it is a very healthy attitude to have.

[–] oldfart@lemm.ee 1 points 2 months ago

This whole thread is depressing to read, full of corporate bootlickers putting blame on you.

[–] umami_wasbi@lemmy.ml 1 points 2 months ago (4 children)

Shit. I have my peraonal domain hosted on .xyz for email. Guess time to migrate. Any TLD suggestions?

[–] kilgore_trout@feddit.it 1 points 2 months ago (2 children)

If you live in Europe, .eu

[–] rickyrigatoni@lemm.ee 4 points 2 months ago

If you live on the Cook Islands you get to use .co.ck!

[–] Lemzlez@lemmy.world 1 points 2 months ago

.eu and your local tld are often quite a bit cheaper too!

[–] hertg@infosec.pub 1 points 2 months ago (1 children)

Most email providers will automatically put emails coming from .xyz to spam. I'd advise against using any "new TLDs", if you can. But if you must, avoid those that are frequently used for spamming. A lot of spam detectors will already score your emails as suspicious just for the TLD.

See for example, https://github.com/apache/spamassassin/blob/trunk/rulesrc/sandbox/pds/20_ntld.cf

[–] umami_wasbi@lemmy.ml 1 points 2 months ago

No wonder why some reported my mail fall into spam dispite I rarely sent any. God. I had it for almost 10 years already, and migrating would be painful.

[–] tills13@lemmy.world 1 points 2 months ago

Buy your country's local domain and support the local economy.

[–] BaroqueInMind@lemmy.one 1 points 2 months ago (1 children)

Most of the entire internet cannot run without Cloudflare for a reason. Just buy directly from the source.

[–] B0rax@feddit.de 1 points 2 months ago

Cloudflare is not the source…

[–] Toes@ani.social 1 points 2 months ago* (last edited 2 months ago) (1 children)

Sounds like an issue with your registrar more so than the domain authority?

Do you have any information to distinguish that?

Does anyone here know if they are the same entity?

[–] HumanPerson@sh.itjust.works 0 points 2 months ago

I didn't get the domain through gen.xyz, they are the registry (not registrar) for the xyz tld. They are the ones who control every xyz domain which is why I warned against them.

[–] blackstrat@lemmy.fwgx.uk 1 points 2 months ago

I received so much spam and abuse of my network from .xyz domains that they are fully blocked in every conceivable way from being accessed or accessing my network.

[–] fuckwit_mcbumcrumble@lemmy.dbzer0.com 1 points 2 months ago (2 children)

You can buy .xyz domains from places other than gen.xyz. I have mine from namecheap and I haven't had any issues in like 10 years with them.

[–] HumanPerson@sh.itjust.works 2 points 2 months ago

I had mine through njal.la. It was the registry itself that locked it though. I switched registrar too after njalla took a long time to respond to my question with a vague, unhelpful, and short response.

[–] dinckelman@lemmy.world 1 points 2 months ago

I have mine through namecheap too, although the name server is from cloudflare now. The only issue i’ve had was some shitty forums preventing registrations from anything that wasn’t @gmail.com

[–] contrefeu@akko.contref.eu 1 points 2 months ago

@HumanPerson @selfhosted Thanks for the heads up, several times I was this close to buy one. Glad I didn't.