Paper Lantern for cPanel accounts is being retired this year. Find out more »
cPanel & WHM Version 102 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!
This object is in archive! 

Holding period for cancelled account domains

Andy Fletcher shared this idea 8 years ago
Open Discussion

When an account is terminated and a domain remains actively registered and with the same authoritative nameservers, there is nothing stopping other users on same server or DNS cluster from parking this domain onto their account, thus obtaining the ability to put up their own site and control emails for this domain.

A classic example of this is where a business ceases trading, their hosting account falls into arrears and is cancelled (terminated). This would open up the possibility that an imposter with an account in the same DNS trust could park the domain and take control of the business website and email, leading to many avenues of abuse taking place.

I propose a holding period option, where terminated domains are not available for addon/parking *through cPanel* until the period has elapsed. This would minimise the opportunity for such abuse. The checking of such a period would need to be implemented across the DNS trust in order to be useful.

Replies (1)


Another interesting part to this would be the ability to when an account is deleted have it go to a kind of recycle bin where the accounts is "deleted" but can be restored if it was an accident and after x days they automatically get purged.

This will allow to retain deleted accounts and their data for X amount of days to A) be restored in case of an accident B) when an account is in the recycle bin any domains, etc associated with that account cannot be parked or re-registered until it is purged.

The only down fall to this which would require manual intervention is where a user cancels their account and then decides to open one up again before the deleted account is purged. In this case the system should not allow registration of that account with the same domain but instead inform the client to contact the host to request that the domain either be restored or permanently deleted so they can re-register the same domain.

Leave a Comment
Attach a file