I just wanted to post this here because I want to help you all and hurt gen.xyz as much as possible. I had a .xyz domain through njal.la which I used to host jellyfin, homeassistant, and other basic things for friends and family. My domain recently became inaccessible without any notice. After a while of troubleshooting, I found that it had been reported to xyz as abuse, and they must have done zero investigation whatsoever before serverholding my domain. I thought about opening a ticket with xyz to get my domain back, but realized that I no longer wish to buy from some shitty company that will take down any site without warning. Bought a .com domain since they are somewhat reputable, and I would advise everyone here to never buy a .xyz domain. Angry rant over.

  • peskywarrior@lemmy.world
    link
    fedilink
    English
    arrow-up
    109
    arrow-down
    9
    ·
    edit-2
    5 months ago

    Just wanted to say in case others see this, you can buy a .xyz domain from reputable places (maybe for a higher cost). I believe the OP is talking about the specific site ‘gen.xyz’.

    I have an xyz domain with Cloudflare, host many things on it (like Jellyfin), and haven’t had any issues yet.

    Edit: as many have pointed out, my understanding of registrars was wrong and gen.xyz actually owns all xyz tlds. Sleep in fear if you own one I suppose

    • viking@infosec.pub
      link
      fedilink
      English
      arrow-up
      64
      ·
      5 months ago

      The thing is that gen.xyz is the registrar itself, i.e. the highest authority for this tld. If they blacklist domains, you’re screwed.

    • OpticalMoose@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      23
      ·
      5 months ago

      Thank you for that explanation. My regex impaired ass thought he wanted to hurt generation[x|y|z].

      I’m like “what’d we ever do to you?”

    • Snot Flickerman@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      17
      arrow-down
      2
      ·
      5 months ago

      Cloudflare can still go bad, but its usually for high-capacity users who are using way more than the average. I haven’t seen any homeserver users get hit with any trouble, but I’ve seen a couple small businesses have bad situations with Cloudflare, although it honestly seems like the minority.

      Cloudflare has issues but for most its probably fine.

      • peskywarrior@lemmy.world
        link
        fedilink
        English
        arrow-up
        10
        ·
        5 months ago

        From what I’ve seen/heard, if you follow the ToS (usually by not proxy-ing hosts that shouldn’t be proxied or are in violation if they are) there’s nothing to be afraid of ¯⁠\⁠_⁠(⁠ツ⁠)⁠_⁠/⁠¯

    • HumanPerson@sh.itjust.worksOP
      link
      fedilink
      English
      arrow-up
      9
      ·
      5 months ago

      I bought from njal.la. they were almost entirely unhelpful but pointed me to the site for the tld. It appeared through their wording that gen.xyz who owns the xyz tld was responsible for taking the domain down. I bought my new domain through porkbun tho.

      • Syn_Attck@lemmy.today
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        1
        ·
        5 months ago

        Njalla just buys domains from major registrars on your behalf and owns them on your behalf. Godaddy, Tucows, etc. It was the owner of the entire .xyz space (gen.xyz) who shut your domain down. Njalla is just passing along the info. Porkbun will do the same.

        • HumanPerson@sh.itjust.worksOP
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          1
          ·
          5 months ago

          I know, but they didn’t pass much info. They told me it was serverhold and nothing else. They could have at least said it wasn’t them that did it.

          • Syn_Attck@lemmy.today
            link
            fedilink
            English
            arrow-up
            7
            ·
            5 months ago

            Since its servhold, you may be able to remove the offending content (for a short time, anything public-facing) and then contact reg.xyz to get it unsuspended. You’re right though that’s not very good customer service.

            On a related note, it’s possible a misconfiguration allowed some of the contents or index to be shown publicly and it got caught in a search engine and was taken down in an automated DMCA sweep. I believe .xyz is an American registrar so have to respond to DMCA but could be wrong on that. I like to stay with any .TLD that archive uses… md, ph, etc.

            https://help.sav.com/hc/en-us/articles/11933048624923-Resolving-serverHold-on-Your-Domain

    • danhab99@programming.dev
      link
      fedilink
      English
      arrow-up
      2
      ·
      5 months ago

      How expensive can “reputable” be. I got danhab99.xyz for like ¯⁠\⁠(⁠°⁠_⁠o⁠)⁠/⁠¯ $20/year?? Who cares

        • LifeInMultipleChoice@lemmy.world
          link
          fedilink
          English
          arrow-up
          6
          ·
          edit-2
          5 months ago

          This is all news to me. I thought .xyz was owned by Google after they became Alphabet and had that ABC.XYZ site years ago.

          Love when I see stuff like this and get to learn something new

  • chiisana@lemmy.chiisana.net
    link
    fedilink
    English
    arrow-up
    42
    ·
    5 months ago

    Locks can happen by registrar (I.e.: ninjala, cloudflare, namecheap etc.) or registry (I.e.: gen.xyz, identity digital, verisign, etc.).

    Typically, registry locks cannot be resolved through your registrar, and the registrant may need to work with the registry to see about resolving the problem. This could be complicated with Whois privacy as you may not be considered the registrant of the domain.

    In all cases, most registries do not take domain suspensions lightly, and generally tend to lock only on legal issues. Check your Whois record’s EPP status codes to get hints as to what may be happening.

    • HumanPerson@sh.itjust.worksOP
      link
      fedilink
      English
      arrow-up
      23
      arrow-down
      5
      ·
      5 months ago

      I’m on a new domain now anyway. I will be more careful on this one, but I suspect they just didn’t look into it. I do really appreciate that you seem to be both knowledgeable and not an asshole. That seems to be a rare combination to find in this thread.

      • Oisteink@feddit.nl
        link
        fedilink
        English
        arrow-up
        21
        arrow-down
        27
        ·
        5 months ago

        That’s the main difference between lemmy and early reddit. Reddit had good info from knowledgeable people, and moderation. Here it seems most are 8 years old with 0 knowledge talking shite. Voting to “prove their point”. Like downvoting your reply.

        • HumanPerson@sh.itjust.worksOP
          link
          fedilink
          English
          arrow-up
          5
          arrow-down
          3
          ·
          5 months ago

          Sorry to see you got downvoted for saying something that Reddit did better than Lemmy. I think a lot (though probably not the majority) of lemmings as well as people invoiced in open source can’t take criticism, especially of an open source project they care about. It is unfortunate as it negates a lot of the benefits of open source / free software.

          • Oisteink@feddit.nl
            link
            fedilink
            English
            arrow-up
            5
            arrow-down
            7
            ·
            5 months ago

            I don’t care about internetpoints, and I’ve given up hopes for lemmy as a platform. There’s too many subs compared to people, so people are smeared too thin out.

            Reddit had soul back then. It was fresh, new, different. Lemmy is just a bleak copy of Reddit, missing quality content and people.

  • Toes♀@ani.social
    link
    fedilink
    English
    arrow-up
    34
    arrow-down
    4
    ·
    edit-2
    5 months ago

    Sounds like an issue with your registrar more so than the domain authority?

    Do you have any information to distinguish that?

    Does anyone here know if they are the same entity?

    • HumanPerson@sh.itjust.worksOP
      link
      fedilink
      English
      arrow-up
      10
      ·
      5 months ago

      I didn’t get the domain through gen.xyz, they are the registry (not registrar) for the xyz tld. They are the ones who control every xyz domain which is why I warned against them.

  • blackstrat@lemmy.fwgx.uk
    link
    fedilink
    English
    arrow-up
    24
    arrow-down
    1
    ·
    5 months ago

    I received so much spam and abuse of my network from .xyz domains that they are fully blocked in every conceivable way from being accessed or accessing my network.

  • TWeaK@lemm.ee
    link
    fedilink
    English
    arrow-up
    30
    arrow-down
    8
    ·
    5 months ago

    I mean, a jellyfin server is typically full of copyright protected material. I also wouldn’t expect them to notify you in advance, however they should still send some notice when they stop providing the service you’ve paid for.

    • HumanPerson@sh.itjust.worksOP
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      2
      ·
      5 months ago

      It typically is, and I won’t comment on whether mine is, but that isn’t enough reason to take it down. I was quite careful about who I gave access to, as well as making sure people had secure passwords. It is highly unlikely that anyone got in and saw any copyright violation before reporting it.

    • givesomefucks@lemmy.world
      link
      fedilink
      English
      arrow-up
      20
      arrow-down
      52
      ·
      5 months ago

      Yeah, dude tried to open his own personal Netflix and is surprised it got taken down.

      From post history he managed to keep it up for less than a month.

      I’m betting by “friends” he meant either online friends he’s never met, or people he wanted to impress.

      So they gave zero fucks and handed it out to more people. Like, just the idea that you’re giving it to so many people that you actually buy a domain?

      There’s a reason everyone isn’t already doing it already.

      • HumanPerson@sh.itjust.worksOP
        link
        fedilink
        English
        arrow-up
        33
        arrow-down
        3
        ·
        edit-2
        5 months ago

        I kept it up for more than a year. By friends I mean like 3 people I know in real fucking life, and I made them all set secure passwords. Way to assume the worst about people, it is a very healthy attitude to have.

        • oldfart@lemm.ee
          link
          fedilink
          English
          arrow-up
          13
          arrow-down
          4
          ·
          5 months ago

          This whole thread is depressing to read, full of corporate bootlickers putting blame on you.

  • johntash@eviltoast.org
    link
    fedilink
    English
    arrow-up
    22
    arrow-down
    2
    ·
    5 months ago

    Eh while it sucks, registrars and web hosts get so many abuse reports that sometimes they just err on the side of caution and don’t investigate as thoroughly as you’d like.

    Of course it also depends a lot on various things like what type of complaint, how much money you spend with them, account history, complaint source, etc.

    They should be able to tell you what they had a problem with and give you a chance to fix it.

  • earmuff@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    19
    ·
    5 months ago

    Also, don‘t use it for any mail servers. Spam Assassin gives a negative score by default on *.xyz domains. Stupid as shit, but I had to learn the hard way.

      • earmuff@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        4
        ·
        5 months ago

        Agree. I just got it for fun and because it was cheap. I used it for my disposable e-mail addresses but now switched to .org

        • Flax@feddit.uk
          link
          fedilink
          English
          arrow-up
          4
          ·
          5 months ago

          I know someone who had a Minecraft server which used a .net domain (most Minecraft servers do use .net, even one I hosted did) and he renamed it once and used an .xyz domain and it suddenly looked like a sketchy Russian porn site

  • umami_wasabi@lemmy.ml
    link
    fedilink
    English
    arrow-up
    9
    ·
    5 months ago

    Shit. I have my peraonal domain hosted on .xyz for email. Guess time to migrate. Any TLD suggestions?

  • fuckwit_mcbumcrumble@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    11
    arrow-down
    2
    ·
    5 months ago

    You can buy .xyz domains from places other than gen.xyz. I have mine from namecheap and I haven’t had any issues in like 10 years with them.

    • HumanPerson@sh.itjust.worksOP
      link
      fedilink
      English
      arrow-up
      8
      ·
      5 months ago

      I had mine through njal.la. It was the registry itself that locked it though. I switched registrar too after njalla took a long time to respond to my question with a vague, unhelpful, and short response.

    • dinckel@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      5 months ago

      I have mine through namecheap too, although the name server is from cloudflare now. The only issue i’ve had was some shitty forums preventing registrations from anything that wasn’t @gmail.com

  • slazer2au@lemmy.world
    link
    fedilink
    English
    arrow-up
    13
    arrow-down
    4
    ·
    5 months ago

    Yeah the cheaper the domain the more likely it is for abuse to occur and your own domain to be lumped into that category.