Forum

Nick Berlette exposed a security problem in Dynadot’s domain management system:
“I have found a way to acquire any domain registered on DynaDot… [they] apparently have a very skimpy security system. I found that you can get any domain you want, with a few clicks.”
The post about this security loophole at Dynadot was originally posted here but since January 2007 it has been reprinted across the internet.
http://www.berlettefx.com/2007/01/5/exploiting-dynadot/

Further he goes on to explain the process in detail:
“Right about now you should be getting the gist of how this works. By editing that number, you can get access to any domain name. Enter your information in it, and press Change Account. Go through the form and all, and then check your email inbox. Once you approve it, that domain belongs to you!” http://forums.rateurhost.com/showthread.php?tid=37&pid=76

Dynadot’s legal department responded with a strong letter to Liquid X Host. They sent a Cease-and-Desist Order: “We request that you disable hosting services immediately to avoid further damage to Dynadot’s reputation and to stem the upsurge in hacking attempts on our security system that we have experienced in the last few weeks since your customer posted this criminal how-to on his website.”  

Even though I have faith in the IT professionals and engineers at Dynadot.  The website has been down repeatedly lately and it worries me. I think Nick Berlette should have informed Dynadot about this problem in private instead of posting it to a public blog.

By Liza Y.V. Shipovskiy author of VOLITION. Book is sold on Amazon.com, BUY.com and Barnes & Noble online.


[This post has been edited by author on Nov 16, 2007 7:06pm.]

Uh uh. It's time to move to other regitrar.

That is BS. Editing the URL will only work for domains that belong to the user logged in (you).

Hello Author,
It`s not so easy as your expectation,Any Pusing or moving such a domain first the process went to Dynadot Staff and then they`ll know the source immediately and sure they`ll stop it if it not lagal.

Any site or any server maybe have some opening gaps bw4,while or after maintenance processes, And as we all know at the this monthe dynadot have some developments at their servers , And after theses processes i noticed that they becomes better and better than be4.

Otherwise i think noone have been lost any domain from his account,If someone have plz let us know !
The lonk in your post doesn`t work, and the domain name includes is under pending Delete in Godaddy !

  Domain Name: BERLETTEFX.COM
  Registrar: GODADDY.COM, INC.
  Whois Server: whois.godaddy.com
  Referral URL: http://registrar.godaddy.com
  Name Server: NS1.SUSPENDED-FOR.SPAM-AND-ABUSE.COM
  Name Server: NS2.SUSPENDED-FOR.SPAM-AND-ABUSE.COM
  Status: pendingDelete
  Updated Date: 15-nov-2007
  Creation Date: 03-sep-2006
  Expiration Date: 03-sep-2007

I`m a client with Dynadot since more than a year and have more than 200 domain names with them ,And antil the moment i haven`t noticed any problem.

I advice you Bandar to move your domains from other registrars to Dynadot the same i do,For many reason :
Safety and good security.
Good and friendly Staff.
Good engeneering.
Fast respond , And many other good reasons.

Thank you.
E3SARCOM WEB HOST
Janal.

That`s right Kate.

Hmm, we have not had any reports of stolen domains.

You can always look in the "Inactive Domain" list in your account to make sure no domains were moved out. Even if a domain is moved out, it will still show up in that list.