Three of domain names stolen...
 

Earlier on today I had to find out that some motherfucker has stolen 3 domain names that were registered to me till July 2004, November and January 2005 respectively.

The 3 domains in question are: AdultWebmastersOnline.com , FetishCrawler.com and FreeFetish4U.com .
I had the LinkAdmin script running on the last 2.

The guy somehow got hold of the password of my account admin at my registrar, introduced his own email address and transferred away the domains...

Have any of you had a similar bad experience? What would you recommend me to do in order to recuperate my domains? Any tips or suggestions are more than welcome...

By the way, for those of you who run a link directory, I had some free and avs sites on freefetish4u.com, but their urls are all redirecting to the main domain url now. As you will understand, that was not my intention nor am I able to change it right now

sorry this has happened to you - it really sux - hope you can get your domains back man

Re: Three of domain names stolen...
 

Have you contacted your registrar yet? Better yet, do you have a lawyer? Get your lawyer to contact the registrar and threaten civil action unless the domains are returned to you. That would be were I'd start anyway...

Who is the registrar anyway?

If it's godaddy I'm moving my domains right away, have heard to many bad stories about them already

I didn't want to take a guess, but..... :D

Well, I had them with 2 different ones: AllDomains.com and GoDaddy.com. That´s what makes me worry even more...
The fact is that I had the same password for both of them, but not the same login.

I would like to do so, but my laywer doesn´t even speak english...
I phoned GoDaddy and they said that there was nothing they could do about it. They recommended me to report the case to ICANN.

Why is it that whenever shit like this happens it is almost always GoDaddy?

This is total bullshit. It is absolutely the registrars' fault.

If someone hacked into my online banking and withdrew my savings to their account, I'd take my bank to the cleaners! But registrars are obviously above the law.

I hope someone here can help you.

Am I right about this...I just checked the whois and the nameservers are for www.cyberwurx.com

If this is right, can't we contact cyberwurx and find out who this fucker is?

Someone tried to do that to me at Network Solutions about 5 years ago. (And a bunch of other sites as well at the same time.)

They only got as far as changing the contacts. When I saw the changes go through I contacted NetSol ASAP and after 3 days and about 15 hours on the phone, I got it all straight. The DNS never got switched, so I never fully lost control of the website.
It pissed me off to no end and it was a long 3 days of bullshit.

Network Solutions changed their security since then and I've had no problems.

I've heard nothing but bad things from GoDaddy as well. I have no domains there.

Be careful about threatening a lawsuit. I have read in other threads that some registrars phone people are told to hang up on people if a lawsuit is mentioned.
I would have a lawyer call them directly.

Why are you still there?

Do you guys think that changing u/p at your cpanel frequently should help preventing such problems ?

Changing your password will certainly help, but remembering a new password every month might be kind of a pain :)

Locking you domain is the easiest and best way to protect it from theft.

That was the second thing I did for all the other domains. The first one was changing the pw of my account admin.

By the way, I phoned GoDaddy to explain my case and see what they could do about it. This was their reply: "We can´t do anything to change that. The domain names in question are registered by another person, and as such his property is protected by the law..." lol
So, does the law protect thieves? According to GoDaddy it does!

My other registrar, AllDomains.com, can only be reached Mo-Fri 08.00 am to 05.00 pm. Sounds like another joke.

This makes me proceed to step 3 move all my domains to another registrar. Any suggestions? I have read some good comments about DirectNic.

Another question: I am not sure, but it might be that someone hacked into my email software to obtain registrar login info. Can any of you recommend me a good and cheap (if possible free) firewall software?

And finally, to MrMaryLou, I had 2 copies of the LinkAdmin script installed on 2 of those stolen domains. Would it be possible to get those moved to a couple of my other domains?

bulkregister.com

A little more expensive than some, but has nice security features, easy interfaces, and they support their customers.

http://www.domaindiscover.com/ is where I have been for years. They notify several times when a domain is about to expire. Starting about 90 days prior.

You can do bulk changes to all your domains with a couple clicks, including locking them. I think they are competitively priced, but I really don't know as I said I've been with them for a while.

Sorry to hear about your domains. Hope everything gets fixed but until then if your looking for a good registrar I would go with DirectNi. They may be a little higher than the cheaper domain companies but its worth the money not have these types of problems.

Good Luck

dubb

I knew it was gonna be godaddy - those people are the fucking pits - hell story after hell story - i really hope you get it sorted out xxxtreme


A great registrar is www.domainnamesystems.com - been with them for years.

I love these threads

I had 17 names hacked, hijacked and stolen from GoDaddy about 18 months ago maybe, they claim they were not at fault and that more then likely I was keylogged. Two firewalls up, I doubt it. Alot of the names were with me, I belive before they had their lock system, in which I didnt even no about it, the hacker, changed the email to a hotmail email, so I would never even get the notice saying my names were being transferred. The only thing GoDaddy had to say was dispute it with ICANN, at what $1500 a pop x17 = $25,500? All lawyers I contacted wanted about the same, then the fucking hacker tried to get $7000 out of me after I found him myself, through google cache, and about 10 alias'. I found personal web pages, ICQ numbers, cell phone numbers, alternative emails, ebay accounts, over 40 pages of printed material pointing to him. With all that shit in paper, I contact, many government organizations, for cyber crime, local DA, and AZ DA (where GoDaddy is lcoated.) None of which helped me, the PA cyber crime unit was a joke, I out talked them and lost them in conversation 1 sentence in. Well to make a long story short, FUCK GoDaddy, and I just took the loss.

Ouch...that sucks XXXtreme :(

I've read some of these horror stories about godaddy for a while now...don't know how they stay in biz letting crap like this happen =/

You asked about DirectNic...they're certainly not the cheapest these days. But, I've been using them for over 3 years and several dozen domains without a hitch. Had a couple .biz domains that didn't register properly...a quick phone call and DirectNic staff got it fixed right away. Bottom line...I like em :)

xxxtreme,

That sucks big time mate;(

Anything we can do let us know.

DD

Moving my domains right now! Most of mine are at namecheap.com anyway thankfully.

Lux

AllDomains.com is just a godaddy reseller by the looks... I'm not 100% sure of the system these scammers use but believe they work by gaining control of your email account first in many cases..

Could that be your security hole?

Godaddy's "no responsibilty" attitude whilst providing a system they well know is open to compromise sucks.. I hope they fuck over the right politician soon and get some laws brought on to fix what seems to be turning into a bit of a cowboy industry.

I suspect that might have been the cause of all my trouble. In the meanwhile I have installed some extra protection on my machine: Kerio Firewall in combination with Webroot´s Privacy Master , which makes it possible to password protect and encode any directory on your PC (including your email dir). And I must admit, that so far I have been seeing some quite suspicious entries (i.e. failed attempts) in my logs.

I had Zone Alarm installed until recently, but since it was causing me quite some problems, I decided to remove it and didn´t replace it. My error...

Hi,

I had a domain registered with godaddy.com stolen from me. When I found out I called godaddy and told them. I even showed them my receipt. They took over from there and 2 days later I had the domain back in my name.

Terry

That's great news, rarely do we hear of a recovery! I wonder what makes your situation different than xxxtreme's hijacks?

Maybe, maybe not. I haven't used them so I don't know what their securtity setup is. But if it (the password) is sent unencrypted (non-SSL, etc), then each time you change it you risk that someone between your machine/network and their server/network is able to intercept it. This can happen with malicious operators or when a cracker/hacker has compromised a router etc. The same thing is true with standard POP email accounts or regular telnet (which is why SSH is used by many hosts - but what about the other services?) and FTP. If the password change is done securely, yes, go for it as often as you can.

Passwords. Make them good - eight characters with numbers and letters, mixed case. DO NOT USE THE SAME PASSWORD FOR OTHER THINGS. PASSWORDS SHOULD BE UNIQUE, especially among vital things.

Also, your machine's security is vital otherwise - no matter what you do remotely - if someone has a key logger on it, it will do no good. Virus and trojan scanners with updated definition files are vital along with some sort of firewall setup. But these aren't 100% either. If someone is very knowledgeable and targets you specifically, they can write custom stuff that will probably get around detection (virus scanners usually look for certain signatures/strings or ebhaviours). This is why people with a lot to lose (and many enemies) should actively take every reasonable precaution that they can - even the best protection known really is not enough with a creative adversary. Anyone who says otherwise probably does nto know what they are talking about.

Don't forget the normal steps the others talked about too - like locking the registrar. I use directnic and have no major complaints, they offer this.

added: also if you really do not want to see this happen again and would hate it, people are often able to circumvent security measures (like passwords) by going over the phone (social engineering). The service will then question them about other things - or some not even at all and will just believe it (!!!) - if someone knows what these questions will be and is able to answer them or convince the person providing the service enough, it will be trouble for you. It might be good to talk with your providers of services and tell them not to allow this in advance and establish how you will identify yourself. This would apply to hosts too - as it would be a pretty blatent denial of service attack if they convinced your host to pull the plug, wouldn't it?

Good luck.

Hopefully it is encrypting the directories with a good algorithm instead of just hooking to the system calls and trying to regulte access - I couldn't tell you though because I'm not familiar with it. I use something called PGPdisk (modified version of 6.5.8) and have a few encrypted disks which are encrypted with passphrases. This isn't the best either (a lot of holes and possibilities) - bit every bit helps.

domain registration
 

Sorry to hear about the domain theft too.
I use www.iaregistry.com for my domains and have found them to be reasonable in price and with a domain locking device to prevent unauthorized tampering with my domains. They also send me warnings whenever one of my domain names is about to expire. I mean right up to the last couple of days.

Sam Phifer

yikes , i have all my domains at godaddy, as far as i know, if i change something in my accound at my domains, i get an email from godaddy, telling me this and that has been change, if this is not right, take contact now. Didnt you get an email from them that something has changed?

Nope, no email... Even more, when I asked them the same question over the phone, they even admitted that they don´t send out any emails. Be warned

Last time i changed dsn at godaddy , i got an email that something was changed, i have all my domains locked there, if i unlock them i get an email, that the domains are unlocked, if not right i need to contact them..........very strange

I feel for you, but I also hope that you and others will learn from this experience. There is no reason why you should not have different complex passwords for things like your domain accounts. You access these things so rarely that it makes sense to make up some unique alphanumeric passwords and write them all on a piece of paper and file that paper away! Don't keep an electronic copy of this and you reduce your chance of password theft by 99%!!! If you do ever lose your list, most places will email your password or a reminder to the email address they have on file.

I wish you the best of luck getting your domains back.

cheers,
Luke

xxxtreme,

sorry to hear about your problems. I have used NatNames for over 5 years with no problems, you may want to take a look at their service. NatNames is an operation of NationalNet.

I get an email from godaddy everytime I change DNS or contact emails on my domains.

Yep, I get emails when changes are made.