armstrong

I have a reseller account, and can create sub-accounts. I notice that I can also enter and manage any sub-account, even if the sub-account password has been changed. This is a serious security breach, as a dishonest reseller can enter his sub-accounts and basically do anything once inside.

I haven't actually tried doing any funny business in my sub-accounts, so I could be wrong in my assessment. Can anyone confirm this?

Regards,

Apollo

__________________

biggie

The purpose is to be able to update pricing or to assist in DNS management for your clients, if necessary.

Any parent account holder should be ethical to their child accounts.

It is good business to do so!

__________________
www.urlpick.com...Premium Domain Names
PMM.org * UMM.org * 96.net * 150.org * WPD.net * OPV.net * MrQ.net * 455.info * QN1.com * QG1.com * IZ1.com * OVL.net * VJ4.com * SVC.net * MVN.org * SOP.net * SVH.org * OPO.net * QFM.net * WEW.org * MFP.org * NEV.org * UCE.org * SXE.org

armstrong

Is this standard for other registrars? Can you also enter and do anything in the sub-accounts you create?

Something like this should be properly emphasized and explained by eNom. If at all, the parent account should only have 'read' access to sub-accounts; they should not be able to push, pull, or unlock domains at will. The need to handhold clients should be secondary to security. After all, handholding is only needed for the first few domains you register, while security (and peace of mind) is always needed.

__________________

yesonline

Yes, you may modify some tech info on your resellers accounts, however, you can't push any of their domains away, thus it still keeps their domains safe basically.

__________________
traffic.pro US$ 18,888

armstrong

I just tested this, using the ff steps:

1. logged in to reseller account A
2. created a new retail account B
3. pushed my domain to B
4. logged out
????: NamePros.com http://www.namepros.com/domain-name-discussion/11398-urgent-enom-security-question.html
5. logged in to B
6. changed password for B
7. logged out
8. logged in to A
9. entered B via auto-login
10. pushed my domain back to A

So you can in fact push domains away from your sub-accounts!

__________________

Jeff

Yeeps.

Thank Goodness I have an ethical and professional Enom "parent".
Good info here.

__________________

yesonline

I can't believe this!! Is there any record enom would have if someone did this to his sub-account? I mean can we get any evidence if this happened to us that we need the evidence to get it back?

__________________
traffic.pro US$ 18,888

Elefekt

wow that isnt good but I am sure that most will be professional to keep their business.

__________________
Standards Voice - Coming soon...

armstrong

Oh, most will be professional. Most of us will also return a lost wallet, but what about the 30% who won't?

yesonline, what made you say it couldn't be done in the first place? Something you read in eNom, or just something you assumed?

__________________

yesonline

I just tried to push some domain of my sub-account away and it returned the error message and just can't do so, but I did not enter the sub-account to try it out as you said.
Anyway, I just wrote this problem to enom.com asking if there were aware of it or not, and any solutions may be done on it? I hope they will give me a good answer or I might consider beginning to transfer my premium domains away.
Actually, I think I move my domains to MY OWN SUB-ACCOUNT is a good idea, that my parent reseller either can't log in nor even view the sub-account of his sub-account. Right?

__________________
traffic.pro US$ 18,888

RJ

This is one of the main differences between a retail and reseller account with eNom that most people overlook. If you have a retail account, your reseller still maintains complete management control over your domains.
????: NamePros.com http://www.namepros.com/showthread.php?t=11398

This is by design and for good reason. As a domain reseller, you need to be able to manage the domain names of your customers.

Companies like NameCheap and RegisterFly are eNom resellers just like you and I. Although they do not technically own the domains they sell to their customers, they still maintain power to make changes if neccessary.

Conversely, a sub-reseller account cannot have changes made to it. You can view the domains your subresellers own, but not make modifications.

__________________
@DomainBuyer facebook

yesonline

Thanks RJ, I tried what you said and it is true that I can't modify anything to my RESELLER sub-account. that makes me feel more comfortable now

__________________
traffic.pro US$ 18,888

Jeff

Agree.
Thanks for clarification, RJ.

__________________

Delete

I never knew that. Thanks for the info.

armstrong

Thanks, RJ. I've verified that this is so.

For my own paranoid protection, then, I created a new sub-reseller, and pushed my most valuable domains (as well as the adult ones) into that. My parent reseller can't auto-login to this new account at all.

__________________

aww

The answer to all this is beyond simple.

You go and make a free enom account from their main page which will then be directly under enom itself.

Then no matter what reseller or retail accounts you have, after a domain purchase you push them to the top level account.

theparrot

For those that want to be safe from this, I have a direct ETP account for enom, I would sell for the right price.

__________________
Need a break? Check out TheDamnBlog.com
Free $6.95 directi accounts at Directi Name Bin
Instant free $8.95 eNom accounts at Dncube.com