More stolen domains: bo.com, pu.com, jy.com, showroom.com, samantha.com

[TheLegendaryJP]

Spot on John.

 

[Dave Zan]

Dave, the account email can be readily determined by a minor security bug.

If you want to know the actual account email for a domain name at Netsol, as opposed to the admin contact email, you use the "lost userid or password" function at the Netsol login.

You then identify the domain name.

And, here's the boneheaded part, Netsol then asks you which method you want to use to retrieve or reset the password. Among the options it lists is "send an email to <the account control email address>"

And, before you rag on me about posting that, any hi-jacker knows this (the feature has useful purposes as well, particular where the domain name is owned by an organization, and nobody remembers whose email was being used). Accordingly, it's better that you know it too, in case you were relying on security through obscurity.

Hmm, just tried it and it's just as you said. There was actually a time it didn't
reveal the email address of the user, but apparently they saw fit to tweak it
to what it does now.

Thanks anyway for the heads up, John. Fortunately it's not a free email addy
and what not, and I'm actually transferring it soon.

Keeping my fingers crossed...

 

[jberryhill]

There was actually a time it didn't
reveal the email address of the user, but apparently they saw fit to tweak it
to what it does now.

Yup.

As I said, this can be something of a handy feature, since if you forgot the user/pass, you might have also forgotten or lost the email address as well. Also, it does require a few more steps than simply harvesting admin email addresses.

 

[Yaffiliate]

This is one of the best threads I have read in a while. Thanks to everyone for the great suggestions.