Vesta Control Panel - Forum

Community Forum

Skip to content

Advanced search
  • Quick links
    • Main site
    • Github repo
    • Google Search
  • FAQ
  • Login
  • Register
  • Board index Main Section General Discussion
  • Search

Subdomains Registered By Different Users

General questions about VestaCP
Post Reply
  • Print view
Advanced search
2 posts • Page 1 of 1
cdg
Posts: 48
Joined: Sun Aug 16, 2015 3:11 am
Contact:
Contact cdg
Website

Os: Ubuntu 15x
Web: apache + nginx
Subdomains Registered By Different Users
  • Quote

Post by cdg » Sun Mar 13, 2016 2:17 am

I just noticed that if one domain is set to VestaCP's nameservers, any user could register a subdomain to that domain.

For example, user 1 has domain.com registered to their account, user 2 could register sub.domain.com without any protection / authentication. This then means that a customer to a site could visit the trusted site, but could then visit an untrusted subdomain, owned by a different user.

Is their any protection available such as locking domain to a single account or anything of the sort?
Top

WAS
Posts: 10
Joined: Thu Feb 12, 2015 7:55 pm

Re: Subdomains Registered By Different Users
  • Quote

Post by WAS » Sat Mar 26, 2016 5:00 pm

This is needed security. Domains added by a account, should only be available for said account. Any other user would need to add a domain, or use a IP.

Also, some domain registers don't allow subdomains without extra support. For example I have a couple .oil domains which I cannot make subdomains on unless I pay for the domain (it's currently free), but I could force subdomains via CNAME, but that would be in violation of my ToS with my domains host. So anyone on my system that could make a domain, could get me into legal trouble.

And subsequently, involving VestaCP in unneeded legal trouble, as here in the United States the definition of a User Account is a secure, and private platform.

A further example is the CDT's Data Protection Regulation which will soon be going into effect in the European Union and specifically protects users personal data and assets such as TLD and FQDN, where this too would be in violation of the Data Protection Regulation.
Top


Post Reply
  • Print view

2 posts • Page 1 of 1

Return to “General Discussion”



  • Board index
  • All times are UTC
  • Delete all board cookies
  • The team
Powered by phpBB® Forum Software © phpBB Limited
*Original Author: Brad Veryard
*Updated to 3.2 by MannixMD
 

 

Login  •  Register

I forgot my password