Whc? - Explain this one. Plus I have never used Atom (3.Viewing)
- Topic Starter mikeyboy
- Start date
- Replies: Replies 32
- Views: Views 497
Did you recently acquire this name and transfer it in?
It is unusual because name servers change automatically when the domain goes through TBR.
However on transfer in they do not and you have to manually change them.
However on transfer in they do not and you have to manually change them.
DomainRecap
Member
- Joined
- Nov 23, 2020
- Topics
- 66
- Posts
- 4,925
- Likes
- 2,787
I'd contact WHC and see if this is one of those strange domains that can be in multiple accounts at the same time (as expired/cancelled), and the prior owner changed the NS (probably by calling WHC) without realizing he no longer owns it.
I think Frank closed most of the loopholes, but there can still be problems here and there.
I am going to bet that the WHOIS registrar in 2023 (prior to the TBR run) was WHC.
I think Frank closed most of the loopholes, but there can still be problems here and there.
I am going to bet that the WHOIS registrar in 2023 (prior to the TBR run) was WHC.
Well that's scary AF. Whois says:
Updated Date: 2025-03-26T21:11:47Z
Creation Date: 2023-08-30T19:00:05Z
Registry Expiry Date: 2025-08-30T19:00:05Z
Good thought, but wrong guess. The domain was with Namecheap.com prior to dropping in 2023, so it does not sound like a previous WHC customer account conflict unless it was from even prior to that. The domain was previously regged from 2014-2023.
So for a nearly 2 year old domain, the fact that someone other than the owner could change nameservers, well that's pretty messed on and sounds like a huge security flaw.
Furthermore, WHC displays the AUTH code rather than only sending it by email to the registrant email. So presumably a person that could change the nameservers could also retrieve the auth code - and boom - your domain is gone.
Displaying the auth code inline is convenient and should in theory be secure assuming the account itself is secure. But this incident is suggesting that their accounts may not be so secure, or their system architecture allows for something like this to happen if it is some misconfiguration issue on their end, or their support people screwed up and it was the result of a social engineering hack, or ??? There must be some explanation. WHC certainly owes you that.
Please report back as to what the explanation is.
Sounds like a good time for me to go round up any stray TBR domains and consolidate them back to my main registrar... Much easier to keep tabs on everything that way.
Updated Date: 2025-03-26T21:11:47Z
Creation Date: 2023-08-30T19:00:05Z
Registry Expiry Date: 2025-08-30T19:00:05Z
Good thought, but wrong guess. The domain was with Namecheap.com prior to dropping in 2023, so it does not sound like a previous WHC customer account conflict unless it was from even prior to that. The domain was previously regged from 2014-2023.
So for a nearly 2 year old domain, the fact that someone other than the owner could change nameservers, well that's pretty messed on and sounds like a huge security flaw.
Furthermore, WHC displays the AUTH code rather than only sending it by email to the registrant email. So presumably a person that could change the nameservers could also retrieve the auth code - and boom - your domain is gone.
Displaying the auth code inline is convenient and should in theory be secure assuming the account itself is secure. But this incident is suggesting that their accounts may not be so secure, or their system architecture allows for something like this to happen if it is some misconfiguration issue on their end, or their support people screwed up and it was the result of a social engineering hack, or ??? There must be some explanation. WHC certainly owes you that.
Please report back as to what the explanation is.
Sounds like a good time for me to go round up any stray TBR domains and consolidate them back to my main registrar... Much easier to keep tabs on everything that way.
Sponsors who contribute to keep dn.ca free.
 |
 |
 |
 |
 |
 |