FB PagesCleaner

Delete Your Page Posts

Pages Unliker

Unlike All FB Pages

Handy FB Scripts

Free FB Extensions

Social Media Scripts

G+,LinkedIn & Other

Spam/Scamming Domains by Proxy Company and the Security Risk Behind

In this article iam explaining the security risk behind Private Registration via domain by proxy company, hopefully they patch this vulnerability ASAP. 

 

 

Article Index:


. Intro

. Spam/Scam Vulnerability

. Security Risk

 

Intro (Wikipedia):

Domains by Proxy (DBP) is an Internet company owned by GoDaddy founder Bob Parsons. It offers domain privacy services through partner domain registrars such as Go Daddy and Wild West Domains.

Subscribers list Domains by Proxy as their administrative and technical contacts in the Internet's WHOIS database, thereby delegating responsibility for managing unsolicited contacts from third parties and keeping the domains owners' personal information secret.

Over 9,850,000 domain names currently use the Domains by Proxy service.

 

Checking information about ownership of a domain name

 

WHOIS is a query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system, but is also used for a wider range of other information.

 

Spam/Scam Vulnerability

 

Note: For security purposes I will not write how to exploit this vulnerability in wide range, the example will be on my own website khalil-shreateh.com

 

Domains by Proxy (DBP) offers keeping domains admins personal information secret, and this includes their emails. However many admins buy this service because they don’t want to disclose their emails.  

DBP has big clients such as (GoDaddy.com, bluerazor.com and wildwestdomains.com).
More: https://uk.godaddy.com/domainaddon/private-registration.aspx

 

When buying Private Registration your personal info will be hidden from WHOIS queries, including your email address, but this is not as what you think, Spam/Scammers can still email you, their emails will received directly to your email inbox folder, interesting hmmm.

 

 So how Spammers/Scammers can email me while they don’t know my email address?

 

When you buy Private Registration your domain will be under domainsbyproxy.com despite that you registered it from Godaddy or any other company.

Spam/Scammers can use an email redirect vulnerability in domainsbyproxy.com to send you an email, and to do that simply they add your website as a user name (This email address is being protected from spambots. You need JavaScript enabled to view it.). Once they fire an email it will be directly forwarded to your email inbox folder. You can see in the email headers and subject field that it comes from domainsbyproxy.com, however for many users they will not give much interests soon as they start reading the email message.

 

I did a Google search and I was able to harvest thousands of emails registered under Private Registration.

 

Security Risk

 

Talking bout security risk here is an open field, We can place questions to make the security risk here gives a different meaning than just sending Spam/Scam emails:

-       Why this vulnerability is good for Spammers/Scammers?

-       Why i should hide my email address from being disclose to public?

-       What if many people got my private email address?

-       Do you use your email address to register in online payments websites such as Paypal.com?

-       How much your website is secure against vulnerabilities?

 

After giving answers to the above questions you can know how much the security risk we are talking here about this Private Registration email vulnerability.

 

Scenario

 

Using one of public known free CMS on a website, installed several plugins.

One of those plugins is vulnerable to Cross Site Scripting (XSS) attack. And as we know this exploit could be used to steal admin cookies and so the attacker can login to the website admin panel and take a full control over the website.

 

The attacker or the hacker simply can user the Private Registration vulnerability to forward his XSS attack to the victim.

 

At the end of this article our conclusion is a question: Why anyone can email me while I paid for a private registration?

I hope this vulnerability could be Patched ASAP as iam forwarding this article to Godaddy company. 

 

 

Print Email

Copyright © 2016 Twitter/shreateh

How to Claim bet365 Bonus step by step.