Kazakh Government Takes Down 93k Websites To Site-Block A Single Massage Parlour

from the got-'em-though dept

Site blocking. When it comes to law enforcement and IP enforcement efforts, site blocking is the simple man's solution to a very complicated problem. The claim that floats out there in the ether is something like: hey, if we discover sites are breaking the law in some way, we can just order ISPs to block access to the site and the problem's solved. Despite that simplistic send up, the practice of blocking sites in this way inevitably leads to massive collateral damage and flat out abuse. And, yet, those that advocate for site blocking shrug their shoulders at this. After all, if you want to make an IP omelette, you have to break some percentage of the internet, right?

But the award for fucking this all up at scale must certainly go to the government of Kazakhstan, which wanted to take a massage parlor's website off of the internet for engaging in some very massage-parlor-y behavior, and managed to pull down 93,000 other websites along with it.

State censors trying to erase the web presence of an erotic massage emporium called Rainbow Spa back in late July did so by ordering the blocking of the site's IP address instead of its domain name.  The ban-happy block was targeted at two IP addresses, reported by local outlet Hola News as 185.165.123.36 and 185.165.123.206. The first of these hosts around 9,500 domains, while the second keeps just over 84,000 websites online.

Unfortunately for the bungling censors, these two IPs resolve to shared infrastructure in Russia – including a large number of websites hosted on the Tilda Publishing platform, a sort of Wordpress-style CMS-plus-prebuilt-skins intended for rapid deployment by the unskilled.

First, blocking a website by its IP address in 2019 is hilariously inept. Sites these days routinely share cloud infrastructure through providers. This isn't strictly some cost-cutting measure by web providers, but necessary to secure sites at scale against attack by filtering against malicious traffic. This is how hosts protect against DDoS attacks. To be handing the keys to blocking websites to people that very clearly haven't the slightest clue what they're doing is the kind of thing only national governments can do.

Tilda Publishing itself pointed this out.

Blocking a resource by IP address is an outdated and barbaric practice that has long been inconsistent with modern cloud-based IT technologies and access restriction mechanics.

And it's not just that there was so much collateral damage that makes all of this so damning for the Kazakh government. The massage parlor, as I type this, still has one of its websites up and live.

It's hard to imagine a better example of why we shouldn't allow government the power to block websites than this.

Filed Under: censorship, cloud computing, kazakhstan, site blocking


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Anonymous Anonymous Coward (profile), 26 Sep 2019 @ 6:24pm

    Those that need to know, know, those that don't need...

    to know will find out?

    It makes one consider how many Kazakh officials attend the services of the Rainbow Spa that they are so concerned with the existence of such a service. To allow such a heavy handed Internet related sanction, rather than the legally enabled closing of the emporium seems more like trying to eliminate some kinds of disclosure rather than eliminating some nefarious entity.

    Which brings up the question, is that entity actually nefarious in Kazakhstan? Or are the powerful just reluctant to be associated with their dealings with that entity? Some might say, they seemingly are concerned about being rubbed the wrong way.

    Though, not knowing the actual business practice of the Rainbow Spa (or the laws in Kazakhstan), I am not sure how being rubbed the wrong way is even possible. Unless it gets out...erm...is exposed...um...I mean intercoursely expounded...arg...ejected...I think I should stop now, though it might appear that some others went to the finish line, and now regret it. Um...I mean regret that it might be known rather than regretting that their blue pill worked.

    reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 26 Sep 2019 @ 11:37pm

    Sometimes the jokes just write themselves...

    Censorious prudes try to shut down massage parlor for being a little too 'intimate' in their service and end up screwing more people than said parlor could dream of.

    reply to this | link to this | view in chronology ]

  • icon
    PaulT (profile), 27 Sep 2019 @ 12:41am

    "The first of these hosts around 9,500 domains, while the second keeps just over 84,000 websites online."

    But, I'm sure one of the regulars will be in here soon to tell us how an IP identifies an individual for the purposes of criminal prosecution...

    "The massage parlor, as I type this, still has one of its websites up and live."

    So, sadly typical of this kind of thing. Nearly 100,000 innocent people have potentially suffered, but the person they're supposed to be targeting may have barely noticed.

    reply to this | link to this | view in chronology ]

  • identicon
    Bobvious, 27 Sep 2019 @ 1:55am

    an IP identifies an individual

    Exactly. I can frequently be found at 127.0.0.1

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Sep 2019 @ 7:45am

    the whole aim being, as has been said a million times, NOT to shut down a single website but to show that this and actually, any government, can control the relative country's Internet, because that is definitely the ultimate aim of them all!! no government, in particular the likes of the communist countries and those members of the '5 eyes' want the people to be able to find and spread anything that those governments dont like and that includes information about the rich and famous as well!!

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.