Hacker News new | ask | show | jobs
Show HN: co.vu Free Domain Name with easy dns setup and more. Invite code - hn (co.vu)
18 points by arunkk 5537 days ago
13 comments
MeProtozoan 5537 days ago
Bugs I've found:

Fix the user input for domainnames: I'm able to enter non ascii chars

XSS: http://www.co.vu/search?domain=<marquee>; http://www.co.vu/dnssettings/createrecord?domain=%3E%3Cmarqu...

Full path disclosure (and maybe even SQL injections possible): http://www.co.vu/dnssettings?domain=

Access other users DNS (even without login): http://www.co.vu/dnssettings/dnsrecords?domain=notmydomain

OpenDir (showing server software used): http://www.co.vu/img/posterous/

link
arunkk 5537 days ago
Thanks will do it
link
mike-cardwell 5537 days ago
Learn what CSRF is. Your form for resetting passwords is trivially exploitable to change other peoples account passwords. Anyone can just create a form in a hidden iframe on their own site which auto-submits a POST to http://www.co.vu/account/account_password with password_new_password and password_retype_new_password params set.

Not only should you fix the CSRF via normal CSRF protection methods, but you should also add a second layer of protection for resetting passwords in that you require their existing password to be submitted as well.

link
arunkk 5537 days ago
Thanks Will look in to it
link
arunkk 5537 days ago
http://www.co.vu/invite

invite code - hn

It is a simple app where you get a free domain like yourname.co.vu with full dns support.

You can very easily configure the dns settings for tumblr, posterous, blogger and much more..

It is not ready to launch yet need your early feedback

link
rplacd 5537 days ago
Looks interesting - snagged dis.co.vu, now I just need a startup for it or something.

Just two minor issues, though: the option to remove a domain seems to be missing, and it's not clear that the free domain limit is 2. But everything else's peachy.

link
xtacy 5537 days ago
redis.co.vu :-)

Here are other words for grabs:

    {"alcove", "alcoves", "covalent", "covalently", "covariance", \
    "covariances", "cove", "coven", "covenant", "covenanted", \
     "covenanting", "covenants", "covens", "cover", "coverage", \
     "coverages", "coverall", "coveralls", "covered", "covering", \
     "coverings", "coverlet", "coverlets", "covers", "coversheet", \
     "covert", "covertly", "covertness", "coverts", "coves", "covet", \
     "coveted", "coveting", "covetous", "covetously", "covetousness", \
     "covets", "covey", "coveys", "discover", "discoverable", \
     "discovered", "discoverer", "discoverers", "discoveries", \
     "discovering", "discovers", "discovery", "dustcover", "hardcover", \
     "hardcovers", "irrecoverable", "irrecoverably", "Muscovite", \
     "Muscovy", "nonrecoverable", "recover", "recoverable", "recovered", \
     "recoveries", "recovering", "recovers", "recovery", "rediscover", \
     "rediscovered", "rediscoveries", "rediscovering", "rediscovers", \
     "rediscovery", "slipcover", "slipcovers", "softcover", "uncover", \
     "uncovered", "uncovering", "uncovers", "undercover", "undiscovered", \
     "unrecoverable"}
link
mike-cardwell 5537 days ago
This is going to be massively abused. The one good thing about making people pay for domains is that you can generally link their registration to a credit/debit card.
link
devicenull 5537 days ago
So, is this actually a domain name (Can I take it and switch to another registrar, as an example), or is this just a subdomain? On a related note, do I actually own the domain?

I don't see any TOS/AUP, so if you object to my domain, is it going to be taken away?

link
mike-cardwell 5537 days ago
In the account settings, you should automatically determine the language, country and timezone. You should not even ask for gender or d-o-b as it's none of your business. Why "First Name", "Last Name" and "Full Name" ?
link
arunkk 5537 days ago
I just added as most of the registers ask these details. Will in to this look in to this based an all your feedback
link
DizzyDoo 5537 days ago
Just given this a go and I can see that the domain name is given an expiry date. How do expiries work? Is there an email that comes around in one years time to keep it open, or something similar?
link
arunkk 5537 days ago
Currently it is one year. Based on how active you are your account will be automatically renewed. If you just register it for parked domain or just you are blocking it you need to pay.
link
blntechie 5537 days ago
Wordpress.com - the world's largest blog hoster not supported in auto option? Any idea how do i configure dns for a wordpress.com hosted site?
link
arunkk 5537 days ago
I am about to integrate the wordpress soon.. For now you can edit the dns record to configure to wordpress
link
joshzayin 5537 days ago
You should really get that site copy-edited. "Favorate" on your homepage should be "Favorite".
link
arunkk 5537 days ago
Thanks. Have fixed it. Will do a spell check site wide
link
wsxiaoys 5537 days ago
After registration, it displays the wrong email address in notification of checking inbox.
link
arunkk 5537 days ago
I guess it is a bug we did a prototype. I things it is not removed. I will check it an fix it soon. Thanks for reporting it
link
leif 5537 days ago
font looks an absolute mess on my machine: http://imgur.com/fXTur

linux, chrome 11

link
arunkk 5537 days ago
Used cufon font for rendering. I checked in most of the browsers. Will check it
link
MeProtozoan 5537 days ago
www.co.vu is 'available for registration' ;-)
link
arunkk 5537 days ago
I am working on the restricted list of domains. Just wanted to validate the app. Before fixing few things
link
0xdeadc0de 5537 days ago
Any rough date on when it's gonna get Nameserver support?
link
arunkk 5537 days ago
Very Soon. First will fix most of the security issues and roll out the new features. Will notify you.

Thanks

link