“On Sep 5, I discovered an Open Redirect vulnerability while logged into my account at Namesilo. I immediately reached out to their support to inquire about a bug bounty program. Their response was that they would consider a bounty "once confirmed by their IT team, including the severity of the issue."
I reported the vulnerability the same day, and after several days of silence, on Sep 10, they replied saying their IT team "couldn't reproduce the issue." To assist, I provided a video proof-of-concept (POC).
Finally, on Sep 25, I received a dismissive response claiming "they don't consider this to be an issue," despite the fact that they had already silently fixed the vulnerability.
It’s incredibly frustrating and dishonest to see them fix the issue but refuse to acknowledge or reward the effort put into reporting it. Namesilo's handling of security reports is unprofessional, and their bug bounty program cannot be trusted. Avoid Namesilo if you are a security researcher—they do not take reports seriously, nor do they provide fair recognition.”
“I have been with Namesilo since 2013 and have registered over 80 domain names (both mine and that of clients) with them. so far, the platform works for us and their tech support is top-notched.”