And what should one could do to solve this issue -.
Transfer ~100 domains out of their hands into another registrar for at least ~1000$ ?!..
GoDaddy.com has over 33M domains listed there. There are another 3M+ with Wild Wild Domains.
It would take the next 8 registrars combined (Enom, Tucows, NetSol, 1&1, Melbourne IT, Moniker, Register.com, ResellerClub.com) to equal the amount of domains held by GoDaddy.com.
I am not saying GoDaddy.com has the best security, but with the sheer number of domains there are bound to be more issues.
There's a world of difference between security lapses at the registrar level and security lapses at the user level.
Most registrars are damn secure. The problem is, people don't practice good PC hygiene and after a few months of browsing Asian porn without a firewall, without antivirus and without bothering to run a cleaner, eventually, your personal data is being covertly broadcasted to bad people. Most of these security lapses aren't being caused at the registrar level, nor do they result from goblins power-hacking passwords. They're happening because account holders don't undertake best practices for account security, or they're just slovenly with their PC cleanliness in general.
The big issue with godaddy seems to be the "not our problem" fashion in which they handle clear-cut issues of breaches and theft. They immediately pass the buck off to ICANN, which is bullshit. The entire Godaddy philosophy about domain names is generally dirty- they believe your names really belong to them... That entire company is run on the pawnbroker philosophy of "shear the sheep" , as opposed to the more upright business model of "Provide quality services and the customers will come".
I have a few very solid names with Godaddy that are coming out very shortly, not because I believe Godaddy is somehow "more at risk" of breach than another registrar, but because of the way they handle it when it does occur. Aggressive registrar level participation is absolutely essential for ultimate recovery of a stolen name. Other registrars move heaven and earth to recover the names in clear-cut instances of theft. Godaddy doesn't seem to care about their reputation in this regard; that's what bothers me most about them...
When someone follows procedure as far as transfers go,.
Godaddy won't even know about it till it hits the fan.
The security issues are seemingly with email companies and hosts, yet no.
Threads on gmail or dreamhost breech - the two clearly named in that thread!..
Great post, Dongsman. This is clearly how I feel about Godaddy!..
Spot-on. Exactly, much the security problems have nothing to with GoDaddy, but rather poor security on the user's computer / email / hosting account.
Ie. the recent thread regarding the 100+ domains "stolen" - it turns out the person was using a freebie hotmail account in whois, which they did not regularly check.
However, that doesn't let GoDaddy off the hook, since it's very easy for one's computer to get rooted - even little things, such as having Adobe PDF reader set to open automatically in one's web browser (often the default setting) can potentially let exploits through on both MSIE and Firefox...
Securing one's computer / home network is very challenging - GoDaddy needs to be more proactive (ie. using IP checks / fraud screening of unusual requests) and supportive in recovering "stolen" domains. Telling customers to complain to ICANN is not acceptable - GoDaddy needs to step up and address such issues themselves to the best of their ability.
I'm just gonna create a thread asking my question...
I have a Godaddy account like most domainers here. When I sign-out and come back to sign-in again I see the username and password area pre filled. I just click the sign in button without entering anything.
These days I'm having a website build for me by a web development agency. I showed them this Godaddy feature and asked the same to be integrated to my website. They strongly objected and told me it would create serious security risks as people access websites from other computers than their own.
So there you have it. Any average programmer can tell you the login system at Godaddy is flawed...
Just to add this up, this feature is not just part of the system but sometimes a browser option as well..
If it's done through programming, the username and password is most probably saved in a cookie, it's entirely optional and is a feature of convenience and is entirely up to the user if he wants to have his/her account saved so that they dont need to type it again...
That must be your browser that remembered the login credentials...
There are two different versions of this. Godaddy does the incorrect version. Let me give you an example:.
You login to the site and use it. Then close your computer and come back tomorrow again. You open the site and you find yourself logged in. This can continue like that forever and this is standard browser behaviour. There is no problem here. Your browser remembers your log-in.
But, what godaddy does is something else.
You login to the site and use it. Then you logout. The next time you come to the site you should be asked to login again. But it doesn't ask you. It fills the username and the password for you. You just press the ok button.
Take namepros.com as a correct example. I have logged in to namepros months ago and I never need to login again because it keeps me logged in. This is all that is needed. But the moment I press logout I need to type my login info. I can not login again without typing my password. Again namepros does the correct thing here...
@erdinc with all due respect you should check your browser. I simply don't have that problem with godaddy or any other site.
A site pre-populating the password in the form after the user has logged out? If that were the case, I would imagine there would be thousands of breaches daily...
Erdinc, that is a browser setting not a GoDaddy.com issue. I use Firefox with "remember passwords" turned off and GoDaddy does not save the login info.
I am not sure what browser you are using but it sounds like you have remember passwords turned on.
Moral of The Story don't watch Asian pron sites...