Nameservers Changed Issues on Sav.com

[xmarthost]

My nameservers for all domains have been changed to ns1.all-harmless.domains and ns2.all-harmless.domains, and I am unable to change the DNS again. What could be the issue?

Also, a friend of mine is facing the same problem with over 600 domains. What's going on with sav.com?

 

[Future Sensors]

Thread is now over 10k views.

 

[alcy]

Today I conducted another experiment. From Account 1, I successfully pushed the domain to the new Account 3. The domain is still present in Account 2 (the actual owner), so at least it can't be stolen, unless it's transferred elsewhere using the authorization code. However, now in Account 3, the creation and expiration dates have updated, so there are basically two identical listings in both Account 2 and Account 3.

so u got like how many sav accounts now?

 

[Future Sensors]

It is now well documented how passive and nonchalant registrar Sav.com is in all areas. Both on X, here on the forum, as well as with the inadequate handling of reported system security issues and abuse issues.

Sav has outsourced the entire registrar abuse handling to CleanDNS, Inc. with mediocre results as measured by organizations that objectively keep track of this.

Mostly due to this passivity and inaction, registrar Sav.com, which can still be considered a relatively small registrar considering the number of domains under management (DUM), has continued to score sky-high in lists of bad registrars on the Internet for years. As @dirk previously noted, Sav remains a magnet for bad actors.

 

[Nick R]

@Gabriele Thank you very much for bringing this to our attention! We have fixed the root issue and have affected the expired/deleted domains being moved to the correct status as we speak. It looks like the root cause was some domains with a duplicate entry in our database caused by a piece of deprecated code that ran about a year ago. We do have a bug bounty program and we would love to issue a reward for bringing this to our attention. Just submit the report here with proof attached that you are @Gabriele from NP and ill keep an eye out for it. https://help.sav.com/hc/en-us/articles/26129438833819-Bug-Bounty-Program

 

[scithe]

Today I conducted another experiment. From Account 1, I successfully pushed the domain to the new Account 3. The domain is still present in Account 2 (the actual owner), so at least it can't be stolen, unless it's transferred elsewhere using the authorization code. However, now in Account 3, the creation and expiration dates have updated, so there are basically two identical listings in both Account 2 and Account 3.

It would be interesting to see if all 3 e-mails get fast transfer pending from Afternic. Hopefully Sav's new fix for this will help prevent it from being an issue.

 

[alcy]

@Gabriele Thank you very much for bringing this to our attention! We have fixed the root issue and have affected the expired/deleted domains being moved to the correct status as we speak. It looks like the root cause was some domains with a duplicate entry in our database caused by a piece of deprecated code that ran about a year ago. We do have a bug bounty program and we would love to issue a reward for bringing this to our attention. Just submit the report here with proof attached that you are @Gabriele from NP and ill keep an eye out for it. https://help.sav.com/hc/en-us/articles/26129438833819-Bug-Bounty-Program

wow wait a minute I've reported tons of bugs over years. what do I win?

 

[Nick R]

wow wait a minute I've reported tons of bugs over years. what do I win?

We have had this program live for about 2 months now. Feel free to note that any submissions since then came from you.

 

[alcy]

We have had this program live for about 2 months now. Feel free to note that any submissions since then came from you.

u had bugs for years and people took timeto report them for years... and u fix many or most thanks to those folks.. but u only open rewards so recently. well it is somewhat rude. but yes I did report a.thing or two in last 2 months.. probably in chat. I'll double check... can u say how the rewards for this program.work? tnx

 

[Nick R]

u had bugs for years and people took timeto report them for years... and u fix many or most thanks to those folks.. but u only open rewards so recently. well it is somewhat rude. but yes I did report a.thing or two in last 2 months.. probably in chat. I'll double check... can u say how the rewards for this program.work? tnx

If you want to re-submit the report via the process in the bug bounty FAQ, we would be happy to take a look and reply back directly.

 

[CleanDNS]

Is it okay to disable my whole portfolio of 244 domains just because of one domain? I have requested to check my records that I have never used any of the domain for abuse purposes nor I have violated any terms and conditions of sav.
Also, if you have decided to close my account, I should have the right to transfer away my domains which were not in abuse report.
Whatever tools you guys developed have messed up whole a lot of businesses. You are just assuming that if one domain is being reported, whole account should be closed.
This is abuse of power and theft. I have built up my portfolio in 3 years. My account was 3 years old and you guys never warned me before closing my account.

The account in question was evidenced to have multiple counts of engaging in phishing, spam, malware, and other forms of DNS abuse and online harms, and was found to be in violation of Sav’s terms of service. The account in question was also evidenced to be against the standards and principles set forth by industry standards demonstrated in the DNS Abuse Framework and the ICANN DNS Abuse Amendment obligations.

The DNS Abuse Framework defines DNS abuse as “five broad categories of harmful activity insofar as they intersect with the DNS: malware, botnets, phishing, pharming, and spam.”

The ICANN DNS Abuse Amendments outline the need for readily available, actionable evidence, as well as clear reasoning as to actions taken and timely review and response of abuse reports.

For reference:
DNS Abuse Framework: https://dnsabuseframework.org
ICANN RA/RAA DNS Abuse Amendments: https://www.icann.org/resources/pages/advisory-compliance-dns-abuse-obligations-raa-ra-2024-02-05-en

 

[Future Sensors]

Thanks @Nick R.

It's good to see you active again here on the forum, with the intention of getting the situation at Sav back on track.

Be sure to also check out the other things written in this thread.

You don't have to comment on every single post, but it would be nice if it appears that Sav has learned some lessons and can convincingly indicate how things will improve in the future on key elements as discussed in this thread.

Cheers.

 

[dirk]

If you want to re-submit the report via the process in the bug bounty FAQ, we would be happy to take a look and reply back directly.

What's the link?? There are plenty.

 

[zotix]

If you want to re-submit the report via the process in the bug bounty FAQ, we would be happy to take a look and reply back directly.

Super, one high-risk potential issue was fixed (support level "highest").
Since you seem to be online right now, can we quickly go through the points that have been discovered, findings, and worries of users in the last eight pages?
If you want, I can (of course for free), write you an Exec-Summary.
Would be good to tackle the main issue we have currently as well; but nevertheless, thanks for responding

MQ

 

[zotix]

Thanks @Nick R.

It's good to see you active again here on the forum, with the intention of getting the situation at Sav back on track.

Be sure to also check out the other things written in this thread.

You don't have to comment on every single post, but it would be nice if it appears that Sav has learned some lessons and can convincingly indicate how things will improve in the future on key elements as discussed in this thread.

Cheers.

Your Future Sensors seem to read other brains

 

[Future Sensors]

Your Future Sensors seem to read other brains

That's our job.

 

[dirk]

Would like to add @CleanDNS appears to be legit.

Only thing I find troublesome is their domains are registered at sav. Reg date about the same time sav became a known registrar?

Not just their .com.

Edit: @CleanDNS why keep your domains at one of your clients? Knowing their trackrecord it seems like a security issue.

 

[zotix]

Would like to add @CleanDNS appears to be legit.

Only thing I find troublesome is their domains are registered at sav. Reg date about the same time sav became a known registrar?

Not just their .com.

Edit: @CleanDNS why keep your domains at one of your clients? Known their trackrecord it seems like a security issue.

From the perspective of German law, this would be a conflict of interest.

 

[CleanDNS]

Would like to add @CleanDNS appears to be legit.

Only thing I find troublesome is their domains are registered at sav. Reg date about the same time sav became a known registrar?

Not just their .com.

Edit: @CleanDNS why keep your domains at one of your clients? Known their trackrecord it seems like a security issue.

We like them. We do have domains in other places. I don't agree with the assessment of it being a security issue.

 

[Future Sensors]

We like them. We do have domains in other places. I don't agree with the assessment of it being a security issue.

Great that you are also going to actively participate in this thread. I hope for something more substantive than just this post.

 

[CleanDNS]

They're pending moderator approval.