Account login password given away to wrong person.

[johnnywj]

Hi,

For some few days ago i pushed some names to a user at 1 of the places i have my domain names. and since that person let some of my information in
the whois for that name be there and included his name and email address for 1 of these Administrative or Registrant contact. He got my password to my
account so he loged into my account. I was lucky that this is a honest person. He told me about this.

So when you push a name to a person that buy from you he can keep some
of your information if this is a not honest person. and that way he can push/transfer all your names to his account. and maybe he also change all the whois information for all the domain names before he transfer the names so you dont get a e-mail about this transfer. so if you are very unlucky the next time you log in you have 0 domains left.

So i feel that, that place i had those names i pushed should only give out this password information to the email address that the account owner have on file.

I have heard that peoples have been stolen names that way before.

and when i told this place about this and asked them why they gave my
password to this person, this is what i got in answer.

>We only provide account information to the Administrative or Registrant >contact email addresses only. If you like for us to review this matter further >for you, please provide more detailed information.

So if you push a name and this person insert his contact email to the Administrative or Registrant contact email he can start taking names from you. So that is not any fun.

I felt i should write down this over here.


Im gone start use Account Level IP Address Access Restrictions.

IP level access restrictions should only be used by advanced users and those that understand what it is they are doing. When you restrict access to your account by IP address, computers that do not use the IP addresses you specify will not be allowed access to your account.

You should only use IP access restrictions when the IP address you are using is static.

 

[Mr Webname]

Did you sell a name that was previously your Admin contact email address?

 

[johnnywj]

Did you sell a name that was previously your Admin contact email address?

No i did not.

 

[Anthony Ng]

From what I know, when you push a domain at eNom, it automatically shows the new account default. So are you talking about GoDaddy or OpenSRS, or even Dotster or Register.com?

But even then, the other party shouldn't be able to get into your account if the registrar honestly only sends login info to the Administrative Contact. Of course, we know some registrars will do just anything you can think of to compromise the security of our domains.

 

[HHH]

Who are you talking about?

 

[johnnywj]

From what I know, when you push a domain at eNom, it automatically shows the new account default. So are you talking about GoDaddy or OpenSRS, or even Dotster or Register.com?

But even then, the other party shouldn't be able to get into your account if the registrar honestly only sends login info to the Administrative Contact. Of course, we know some registrars will do just anything you can think of to compromise the security of our domains.

Its this place DomainSite.com

Who are you talking about?

DomainSite.com

 

[Mr Webname]

Suggest a PM to member Owen about this: http://www.dnforum.com/member.php?userid=75

 

[denny007]

The person which got the password was me. One thing you state is wrong: I never logged into your account. The problem is, domainsite use as a AUTHINFO the account password. So - I asked for authinfo for domain in my account, but because of the admin contacts remained unchanged, I got the password. I don;t understand why people using all the lame registrars, Namecheap RuleZ !

 

[Steen]

denny007 - Quite good of you not to log in