
Why abandoned domain names are so dangerous - Maragux
https://www.csoonline.com/article/3300164/dont-abandon-that-domain-name.html
======
geek_at
I recently found a car parts shop and noticed they link to a abandoned domain
that hosted a Piwik (now Matamo) script.

I bought the domain and now every customer was running scripts from my server.
Being a good sports I notified them but they didn't react. I even visited them
in the shop and they accused me of hacking so I let it be.

After a year I saw them promoting their site (that was still running code from
my server) on facebook and I wrote them and they accused me again and
threatened me with a lawyer.

Issue only got resolved because I found out a facebook friend of mine knows
the owner and he dropped everything after they intervened.

I worte it in detail on my blog (which they also tried to make me take down):
[https://blog.haschek.at/2019/threat-vector-legacy-static-
web...](https://blog.haschek.at/2019/threat-vector-legacy-static-
websites.html)

------
DeltaTree
I was concerned for a moment, but this seems more like an issue for big
companies, not individuals.

~~~
jamil7
Years ago a friend of mine demoed an exploit of another mutual friend who'd
let a domain lapse that was used as the reset email for a yahoo account. We
let him know obviously.

