Not found ?
Not found ?
Comme j’ai bidouillé et lamentablement !#&*% pas de souci pour le
C’est fait !
Bonjour @Aleks ,
quelqu’un peut supprimer homerc.nohost.me SVP?
merci de supprimer les domaines :
Sorry pour le délai, c’est fait !
skaldenhoven.nohost.me can be removed
allcomputersarebroken.noho.st is no longer needed. Can you please remove it?
est-il possible de désactiver kairos.nohost.me et ethos.nohost.me (en vu de faire une réinstallation)
(ne sachant où poster, un message identique à été communiquer à Aleks)
ce n’est plus la peine car après avoir crée un nouveau domaine, j’ai pu utiliser de nouveau kairos.nohost.me via l’interface admin …
Encore merci et désolé
Sorry if this has already been brought up but is this practice of removing any address anyone asks for really safe? Couldn’t someone impersonate me if they came here and asked for my domain address to be removed and then used it for their own malicious server? Or do you check that there’s actually not already anything on the address that someone asks to be removed? Some of the links on here appear to never have been clicked (justanothertrial.nohost.me for example). I really wish there would be a way to prove a subdomain is yours.
Of course I could just pay up and use a domain name of my own I just feel obliged to point out a potential security risk.
In fact, yes, it’s really not secure We trust our community for instance. And I don’t see any reason why a person would want to impersonate another person just to remove it’s domain.
However I agree totally with you. We normally will improve this system in a near future.
The attacker would then create a new Yunohost installation and register that domain name. The server administrator themselves could smell something fishy but if there were other users, the attacker might make use of their trust in the domain name. The users could believe a message such as “I apologize but the server has just crashed. Please recreate your Nextcloud account and sync up your files once again”. Then the attacker will just see all kinds of sensitive data roll in.
I don’t think this attack is likely to succeed. First of all, the server administrator will probably notice it and stop it. Second, the users would have to be very gullible to fall for something like that. Third, as I understand it, Yunohost seems mostly targeted at those just hosting themselves. So I’m probably just being overly paranoid.
yes. I completely understand your fear as Yunohost is moreover more and more open to companies, hosting providers… and if we want to have dyndns as “official service” we must improve the way the user can delete the domain (encrypted key exchange for example). However, it’s still a lot of work.
The situation you provided is possible. But it’s the same if you have a mail server, a forum…
cf: @Aleks post : Nohost domain recovery - Suppression de domaine en nohost.me, noho.st et ynh.fr
Well that’s still a security risk anyway so you are right to have those concerns. Nevertheless, this is a free service and, as the GNU licence like to state, “provided ‘as is’ and without guarantee of any kind”. That doesn’t dispense us for thinking about security though, but as frju points out, most of issues boils down to “somebody needs to have the skill and time to sit down in front of a computer and design and implement this, considering that there are easily a thousand of other similar, small tasks related to UX, security and other important things”
Hello,can you remove (yotapatate.noho.st / patate.ynh.fr) domain’s names please…
Thank you in advance. And thank you for all this work !
Thanks for your hard work
Is it a possibility to remove pono.noho.st and ponono.noho.st ?
Pouvez-vous supprimer yunobox.nohost.me rendu inutilisable après une réinstallation