I bought a domain from them about 3 months ago (luckily for one year). I decided to choose them because there were good references regarding privacy. So I started to point my self-hosted services (with proper certications and stuff) which were solely used by myself and my family, to the domain and subdomains. So far, so good.
Suddenly, my domains stopped working. I went to the admin dashboard and tried to click on “Manage,” but the button wasn’t working. I checked the button code, and it was labeled as “disabled.” So I contacted support, and I won’t provide much more explanation; I will just paste their response.
Domains not working
open - created 15 hours ago
Whats going on with my domain and its subdomains ? i cant even access to manage them anymore, why?
Replies:
[Reply #1] from Njalla - 13 hours ago
Your account is suspended.
[Reply #2] from you - 8 hours ago
May i have a reason ? What kind of answer is that? If i cant use the service i want my money back
[Reply #3] from Njalla - an hour ago
We don’t refund services, and your domain has been suspended for violating our terms of service, for among other things, being flagged as malicious by various browsers.
[Reply #4] from you - now
What terms did I violate and how? Do you have evidence? You are not even providing a notification, nor a reason, nor any evidence. And you just go ahead and suspend my domain??? What kind of service are you providing? Are you self-hosting the servers? For the record, I was just self-hosting my own services and was doing nothing wrong. I don’t even understand why this is happening. And if you can’t give me a clear reason, I will go ahead and spread everywhere what you did, including the fact that you are not even refunding me.
Edit: adding their “profesional” response. I assumed they just stole my money and my domain. I’m not able to even enter to manage my domain. They just disabled the button … wtf
[Reply #5] from Njalla - 3 hours ago
Why was your domain flagged by security vendors as malicious?
Yes.
I made the mistake of naming my emby instance https://emby.example.com
On emby, if you don’t have a session cookie, it opens on an authentication page.
I’ve had Google label it as a mitm attack and get labeled malware three times. It gets fixed in a day or two upon review, but all major browsers block it during that time.
I have the vague idea it was because I named one of subdomains “linkding” , the bookmarks app, because was one of the last things I was doing on my services.
Just out of curiosity, was your services pointing out to the public Internet? If yes, wouldn’t it be better to use a vpn?
Yeah I would not be exposing stuff like Linkding to the public internet unless I really wanted to spend the time to isolate the server and networking, and really make sure it’s locked down.
Yep from my side I was too exposed. I didn’t thought having just some family services and access just by us would end up like this. Also I was doing so for a very short period, before I was using vpn. Seems more, delicate than I though
But why are random people visiting your instance?
They weren’t.
Google runs it’s own scans against domains.
That sounds problematic. Where do they detail this?
Wikipedia: