New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
LOL.. DomFlow/SeFlow requests ID card for changing the Control Panel password! :))
Hello, i've had a funny thing going on today. I've requested a new password, on DomFlow. I've tried generate one myself, didn't worked, their platform gave me a bogus link. Ok, i've asked on the livechat to get a new password, i got the answer to email at [email protected] for a new password. I got an awkward reponse.. to give them a copy of my id card. LOL.. WTF.. for a simple password change ? Not to say, that for almost half a year i got emails from their automate system every hour about the fact that i had in the account only 1.11 euros.. every hour emais.. And no possibility to stop that.
All this happend with @matteob
Comments
The ID card is probably to make sure it is really you who is requesting the password change. Otherwise one could cause a password change for random unsuspecting persons.
Though they should probably fix their automated password reset link if it's really broken.
^^ This. If they did not check properly and it was not you then the thread would be about their lack of security. Can't win sometimes.
@rds100 , mate, i've paid the bills from the same email, i've made the account on the same email.. etc What is suspect on that?
That your email account may have been compromised.
Yes, it's shit that you can't request an auto password reset, but I'd be fucking livid if a host reset my password from a single email requesting it.
@W1V_Lee i could make the account and payments, and the 3 domains i've registered with them.. on that name from the account, and my real name from the id card could be.. John Doe, right ? It is my right online to have what ever nickname/"real name" i want. As long i pay the bills with it.. Anyhow my name is the same in any cases.
@Nekki agree with you.. then.. why in the hell they don't make their panel to be automatic.. so when i push the button "generate a new password" should actually work. Maybe i am ugly as hell and i don't want strange people to see me.
Not really, no.
Some online businesses still practice this 1999 approach towards their customers. Some may ask you to send a physical letter (Online.net), others may require your ID for a simple password change or profile update.
This type of approach doesn't have a place in a civilized world; it simply indicates despair from their ignorant flamboyant owners.
I'd recommend you to move away from anyone this retarded.
Spor!
Have you previously heard of mail address spoofing?
Have you heard of proper exim/postfix configuration?
I had the same thing, I did not mind, shows they give a shit about you to be honest.
Would you open a thread if someone managed to spoof as you and got your password, access to your servers and domains, would you open a thread saying "SEFlow did their best but sometimes bad things happen?"
Honestly a host cant win these days:
to secure, not secure
don't send password by email, charge back because no root password sent by email
I am paying more than your special offers for the same package, don't spam me with special offers.
TERMS should be clear, sorry can I have a refund I did not read your terms.
Everyone needs to stop and think about things from both perspectives before publicly shitting on a host, we literally cannot win when no common sense is applied as a whole.
Not really, this is why people have anti-fraud systems.
After my morning so far +1.
@AnthonySmith I agree with you, are TOS that i've read. I didn't see the line where i need to sent them my id card. And if it were like you said, about the "hacked box" thing, and the positive reaction of the staff, i would be writting a good review. But, now isn't the point. This thread it was made to be funny, because in 2014 we have a lot of security checks without having to sent an email with id cards copy.
@Catalin our panel had a full recover password solution and i not see any request password recover from your account
and why you contacted domain department for login problems?
@matteob i've used the forgotten password from.. https://cp.domflow.eu/users/password/new
I've told you about the problem. I gave you the username. Did not say anything about some domain. I didn't had problems with the domains. I had problems with CloudFlow Control Panel.. as i've told you twice.
@matteob you told me on livechat to send an email to [email protected], and i've told you all the problem i had.
would never trust a provider who does such a thing, they could actively steal your identity etc.
and since it's a company based in italy i would take extra care. and not send such personal info
Really, and is that because its in Italy or EU?
@Catalin you not talked to me, i join in office 5 minutes ago. This is the onapp password, you can't access directly, and you shouldn't go to it, login access to the dashboard and to onapp are different. You can access to onapp from dashboard as shown in welcome mail (there is a video that explain how). Go to My Services -> CloudFlow Virtual Datacenter -> Manage CloudFlow
@TarZZ92 we're based on Italy inside EU community and are well know in this community. We're not an off shore anonymous company. We're esthablished from 10 years now. We had two headquarters and own more than 5000 customers.... You really think that we ask to verify a customer identity to steal personal information that you already give us during subscription?
italy. but in general any hosting company that asks for such thing leave..
i said could not would
the email asks for ID. which is usually more personal than an address and email.
Yes, if a customer not join into dashboard from weeks and we receive a mail that request to change password and we not found any previous password changes request from our dashboard, what you expect we do? Just a way to keep customer account safe and i'm little afraid that a customer is angry because we try to be as safe as possible.
Next time i will write here their password and no id verify will be needed :-)
lol
that's just utter stupidity..
An IP check. would help.
but even still asking for ID's like that is not right.
http://en.wikipedia.org/wiki/Sarcasm
You know most customer had dynamic ip?
This.
"most customer"
depends on ISP. for example one of my ISP's Virgin media offers dynamic IP's however mine hasnt changed in 3 years. as does sky on MER
Please.. just stop. You are embarrassing yourself.
what because i care about other people?
italy itself is very high in crime (Mainly OC). and although this host "may" be trustworthy here nothing stopping them stealing identify.
no webhost should ever ask for such information