respect administrator:
I am a GoDaddy client.
earlier, my lawyer and I have contacted you many times about the theft of my account and domain name. But all GoDaddy departments replied to me because the registrants could not help me for too long. This means that if I could find the domain name stolen earlier, you could help me.
but now I want to say that when the address of the domain name registrant was changed, GoDaddy did not send any notification mail to me, which led to my failure to find the domain name in time. I found a loophole in the domain name transfer process of GoDaddy. Please look at my test process (I've made the whole test process into a video, please download watch)
==================================================
I registered two accounts in GoDaddy.com, and then bought a domain name
in one of the accounts, and I put two accounts in the mailbox. The registration mailbox address of the address and domain name is set to three different mailbox accounts
in general, as long as I modify the name or mailbox address of the domain name registrant, the GoDaddy system will automatically send a notification mail to the original mailbox of the domain name registrant
this mail is very important, once the domain name is stolen, domain name The owner or website master can find it in time, otherwise it will be difficult to recover the stolen domain name
, but there is a loophole in the GoDaddy's domain name transfer process. Using this vulnerability can make any information of the domain name changed no longer to send a notification mail to the original mailbox of the domain name
this is a very serious flaw, because once the GoDaddy account is stolen, until all the domain names in the account are stolen, the owner will receive only one notification mail
> > Br / > there will be only one line of defense for the protection of the domain name, the loss of the account is equal to the loss of all
there may have been many GoDaddy customers who have been stolen from the domain because of this vulnerability. I hope GoDaddy will pay attention to this problem, fix it early, and increase the other security measures of the GoDaddy account and domain name
continue my domain name below. Through my investigation, I already know the whole process of hackers stealing my domain name.
1. in February 22, 2012, hackers entered my GoDaddy account and changed my account mailbox into his account. But at that time, he did not modify any other information about my account or domain name.
2. in February 22, 2012, GoDaddy sent me a notification email, the title is