Kazakh Government Takes Down 93k Websites To Site-Block A Single Massage Parlour

from the got-'em-though dept

Thu, Sep 26th 2019 7:55pm — Timothy Geigner

Site blocking. When it comes to law enforcement and IP enforcement efforts, site blocking is the simple man's solution to a very complicated problem. The claim that floats out there in the ether is something like: hey, if we discover sites are breaking the law in some way, we can just order ISPs to block access to the site and the problem's solved. Despite that simplistic send up, the practice of blocking sites in this way inevitably leads to massive collateral damage and flat out abuse. And, yet, those that advocate for site blocking shrug their shoulders at this. After all, if you want to make an IP omelette, you have to break some percentage of the internet, right?

But the award for fucking this all up at scale must certainly go to the government of Kazakhstan, which wanted to take a massage parlor's website off of the internet for engaging in some very massage-parlor-y behavior, and managed to pull down 93,000 other websites along with it.

State censors trying to erase the web presence of an erotic massage emporium called Rainbow Spa back in late July did so by ordering the blocking of the site's IP address instead of its domain name. The ban-happy block was targeted at two IP addresses, reported by local outlet Hola News as 185.165.123.36 and 185.165.123.206. The first of these hosts around 9,500 domains, while the second keeps just over 84,000 websites online.

Unfortunately for the bungling censors, these two IPs resolve to shared infrastructure in Russia – including a large number of websites hosted on the Tilda Publishing platform, a sort of Wordpress-style CMS-plus-prebuilt-skins intended for rapid deployment by the unskilled.

First, blocking a website by its IP address in 2019 is hilariously inept. Sites these days routinely share cloud infrastructure through providers. This isn't strictly some cost-cutting measure by web providers, but necessary to secure sites at scale against attack by filtering against malicious traffic. This is how hosts protect against DDoS attacks. To be handing the keys to blocking websites to people that very clearly haven't the slightest clue what they're doing is the kind of thing only national governments can do.

Tilda Publishing itself pointed this out.

Blocking a resource by IP address is an outdated and barbaric practice that has long been inconsistent with modern cloud-based IT technologies and access restriction mechanics.

And it's not just that there was so much collateral damage that makes all of this so damning for the Kazakh government. The massage parlor, as I type this, still has one of its websites up and live.

It's hard to imagine a better example of why we shouldn't allow government the power to block websites than this.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: censorship, cloud computing, kazakhstan, site blocking

11 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Anonymous Coward (profile), 26 Sep 2019 @ 6:24pm

Those that need to know, know, those that don't need...
to know will find out?

It makes one consider how many Kazakh officials attend the services of the Rainbow Spa that they are so concerned with the existence of such a service. To allow such a heavy handed Internet related sanction, rather than the legally enabled closing of the emporium seems more like trying to eliminate some kinds of disclosure rather than eliminating some nefarious entity.

Which brings up the question, is that entity actually nefarious in Kazakhstan? Or are the powerful just reluctant to be associated with their dealings with that entity? Some might say, they seemingly are concerned about being rubbed the wrong way.

Though, not knowing the actual business practice of the Rainbow Spa (or the laws in Kazakhstan), I am not sure how being rubbed the wrong way is even possible. Unless it gets out...erm...is exposed...um...I mean intercoursely expounded...arg...ejected...I think I should stop now, though it might appear that some others went to the finish line, and now regret it. Um...I mean regret that it might be known rather than regretting that their blue pill worked.
[ link to this | view in chronology ]
- Anonymous Coward, 26 Sep 2019 @ 9:22pm
  
  the Rainbow Spa probably just rubbed them the wrong way?
  [ link to this | view in chronology ]
  - Anonymous Coward, 27 Sep 2019 @ 12:30pm
    
    Re: the Rainbow Spa probably just rubbed them the wrong way?
    First thing came to mind, someone has a secret they don't want exposed!
    [ link to this | view in chronology ]
That One Guy (profile), 26 Sep 2019 @ 11:37pm

Sometimes the jokes just write themselves...
Censorious prudes try to shut down massage parlor for being a little too 'intimate' in their service and end up screwing more people than said parlor could dream of.
[ link to this | view in chronology ]
PaulT (profile), 27 Sep 2019 @ 12:41am

"The first of these hosts around 9,500 domains, while the second keeps just over 84,000 websites online."

But, I'm sure one of the regulars will be in here soon to tell us how an IP identifies an individual for the purposes of criminal prosecution...

"The massage parlor, as I type this, still has one of its websites up and live."

So, sadly typical of this kind of thing. Nearly 100,000 innocent people have potentially suffered, but the person they're supposed to be targeting may have barely noticed.
[ link to this | view in chronology ]
Bobvious, 27 Sep 2019 @ 1:55am

an IP identifies an individual
Exactly. I can frequently be found at 127.0.0.1
[ link to this | view in chronology ]
- Dark Helmet (profile), 27 Sep 2019 @ 3:31am
  
  Re: an IP identifies an individual
  There's no place like 127.0.0.1
  [ link to this | view in chronology ]
  - Bobvious, 27 Sep 2019 @ 4:54am
    
    Re: Re: an IP identifies an individual
    So is that concept ridiculous, or ludicrous?
    [ link to this | view in chronology ]
    - Max (profile), 27 Sep 2019 @ 9:05am
      
      Re: Re: Re: an IP identifies an individual
      Risible.
      [ link to this | view in chronology ]
      - Bobvious, 27 Sep 2019 @ 1:53pm
        
        Re: Re: Re: Re: an IP identifies an individual
        For those who don't get the reference...
        
        https://www.youtube.com/watch?v=ygE01sOhzz0
        [ link to this | view in chronology ]
Anonymous Coward, 30 Sep 2019 @ 7:45am

the whole aim being, as has been said a million times, NOT to shut down a single website but to show that this and actually, any government, can control the relative country's Internet, because that is definitely the ultimate aim of them all!! no government, in particular the likes of the communist countries and those members of the '5 eyes' want the people to be able to find and spread anything that those governments dont like and that includes information about the rich and famous as well!!
[ link to this | view in chronology ]