Mark Anderson / Domain Thief

[AcidMaX]

Anyone know this guy? Somehow this asshole within minutes took my domain gaypervs.com from Go Daddy (yes I know I will be transferring the rest of my domains over the next few days).

Anyhow here is the information on this turd on the new whois.
anderson, mark
mrjervay16@yahoo.com
2129 rhine st apt 3b
pittsburgh, Pennsylvania 15212
United States
3127764438

I called Go Daddy who said I needed a court order to stop this guy, so I called my attorney. Funny thing is I am driving to PA on Friday night just outside Pittsburgh so this guy might get a visit from me.

If you have any info please let me know I will be calling a family relative who works for an attorney in PA as well to see about criminal prosecution of this guy.

Anyone with information please email me at andy@stressmedia.com and let me know. Also if you are submitting to Gay Pervs you might as well stop as it looks like the site is already gone and not much is going to happen for a while to get it back.

[Greenguy]

Yet another reason to NOT use GoDaddy

[AcidMaX]

I am transferring all my domains right now.

[Bill]

That's a shame Andy. I was wondering what had been happening with your site.

It's probably fake whois info, domain theives rarely use real info, just info that looks real.

go-fucking-daddy, the registrar that warms the hearts of theives the world over...

[DangerDave]

Why is this GoDaddy's fault?

Lets get the whole story?

Andy HOW did this guy get your domain?
It doesnt just happen by accident?

DD

[Ramster]

That's what I don't understand. Everyone seems to jump on GoDaddy but when I bought a domain recently the email that is registered with GoDaddy gets an email to confirm the desire to allow the transfer of the domain. If you didn't change your own email within GoDaddy how can the transfer go through?

Seriously, I want to know.

[AcidMaX]

DD I have no idea how the hell he got the domain. I was sitting here and I happened to look at my email when I seen a request come in to UNLOCK my domain.

I quickly logged into godaddy to see what the fuck was going on. When I logged in I saw a message showing "Changing Accounts In Progress".

So I jumped on the phone to Godaddy support. The first women I spoke to said there was nothing they could do. I asked for a supervisor and when I spoke to "Bobby" who is a supervisor he said the only way I could stop this guy is with a court order and that the whois information had already updated on whois.godaddy.com. I got the information from there and I called my attorney. He said it would be a federal matter because it was across state lines and that the best thing for me to do would be to contact the Prosecutor in Pittsburgh, PA.

I have an aunt that works for an attorney and I just happen to be on the way to PA this weekend so I will run by the address listed (which does exist in PA, wether its really his address I dont know).

Basically Dave, I have no idea who this guy is and no one, not even my wife had ever accessed my godaddy acct. So either he brute forced my acct password or got it from within godaddy or someone withing godaddy fucked up. Those are the only options. I quickly changed my acct passwords and even spent the money to transfer my domains to another registrar. Obviously I am not the only one this has happened to.

So to answer your question DD.

1. It IS GoDaddys fault because they transferred a domain to another acct without my authorization at all.

2. I am not sure how he got the domain but it was one of the 3 ways I mentioned above, all my domains were LOCKED in my acct as they always are.

I think the only thing that saved me is that I had my domains scattered across 3 GoDaddy accts and that was the only good one in that bunch or I would have really been fucked.

If you are looking for further proof let me know I have screenshots from my acct and screen shot of it saying the words I stated above, invoices for the domain purchase (the original one), a printout of the whois info, people I spoke to within GoDaddy etc. IMHO this is clearly GoDaddys fault, they did NO authorization before transferring the domain to another acct.

[AcidMaX]

Quote:

Originally posted by Ramster
That's what I don't understand. Everyone seems to jump on GoDaddy but when I bought a domain recently the email that is registered with GoDaddy gets an email to confirm the desire to allow the transfer of the domain. If you didn't change your own email within GoDaddy how can the transfer go through?

Seriously, I want to know.

Ramster, thats the thing, the only thing I can think of is he got into my acct and transferred. My email in my go daddy acct was not changed, yet when this happened all I saw was an "Unlock notice"

Quote:

Dear Valued Go Daddy Customer,

This notification is generated automatically as a service to you.
. . . . . . . . . . . . . . . . . . . . . . .

We have received a request that the status be changed to:

Unlocked

for the following name(s):

GAYPERVS.COM

I never touched that domain and quickly went in to look at the domain when I saw it was being transferred. I never got 1 email to confirm this move at all.

[Bill]

Well. I was just joking Dave; admittedly a callous joke. But, when one hears about domain theft, godaddy is the registrar more often than not.

I've never heard of a domain theft from my registrar.

I would be interested in hearing more also. I assumed Acidmax was careless with his password or his password choice. Thats usually what it boils down to.

Doesn't godaddy have a locking function that requires an email confirmation? Most good registrars do. I have a few names there and I believe I have them locked.

[AcidMaX]

Quote:

Originally posted by Bill
Well. I was just joking Dave; admittedly a callous joke. But, when one hears about domain theft, godaddy is the registrar more often than not.

I've never heard of a domain theft from my registrar.

I would be interested in hearing more also. I assumed Acidmax was careless with his password or his password choice. Thats usually what it boils down to.

Doesn't godaddy have a locking function that requires an email confirmation? Most good registrars do. I have a few names there and I believe I have them locked.

Granted my password was not super hard, but it was not super easy either. And my username was not something I ever used anywhere else.

Not to mention Go Daddy didnt confirm the change via email or anything or with a secret transfer password. Nothing, just let it go.

[MrMaryLou]

Looks like this is the same guy

http://www.greenguysboard.com/board/...&threadid=7933

[Bill]

Acidmax, can you think over your activities for the past few weeks and look for ways in which you might have been phished or keylogged?

Have you responded to any emails that from godaddy, for instance?

It would be interesting to see how godaddys login responds to brute force attacks. Do they force a 24 hour wait after 3 false entries, or do they just passively accept hundreds or thousands of login attempts? Anybody know?

I have heard it speculated that godaddys internal security has allowed hackers to steal id/passes in bulk. No evidence, just speculation, based on the frequency of thefts from godaddy.

Keylogging spyware also seems like a likely possibility.

[AcidMaX]

Quote:

Originally posted by Bill
Acidmax, can you think over your activities for the past few weeks and look for ways in which you might have been phished or keylogged?

Have you responded to any emails that from godaddy, for instance?

It would be interesting to see how godaddys login responds to brute force attacks. Do they force a 24 hour wait after 3 false entries, or do they just passively accept hundreds or thousands of login attempts? Anybody know?

I have heard it speculated that godaddys internal security has allowed hackers to steal id/passes in bulk. No evidence, just speculation, based on the frequency of thefts from godaddy.

Bill I have not even logged into godaddy for a few mos so I am not sure how he got in. Although according to some ICQ conversations this "Mark Anderson" has been used before for other domain hijackings and such as well so I am doing what I can to track the guy down. I use firewalls etc and up until a couple weeks ago I was even on dialup and satellite which there is no way the guy could have gotten into because the ip changed on my end every time I logged on just about.

[Greenguy]

Maybe it's no GoDaddy, but you have to admit, 90% of a the time that someone posts that their domain was stolen, it's registered at GoDaddy.

Plus, for them to say they need a court order from the original owner to stop the transfer when I doubt very heavily that they got a court order to transfer the domain IMHO stinks.

[DavidM]

It does seem as if a lot of these are occuring at GoDaddy... which is curious...

But it is sad. Again there are many ways your password, even if it was soemthing like "Ary7UxC8" could be obtained. One thing to really watch out for is using the same password that you use in other places (like partner accoutns, toplists, etc). Many people do this. But you can't trust everyone these days. Others: keyloggers, trojans, sniffing, server side security, fake emails directing you to a fake site set up to take your password, etc.

I personally won't use them (Go Daddy) though because of what they supposedly said to you: "get a court order or we can do nothing". Was that really all they basically said? Not even an investigation was promised?

Sorry to hear of your problems. Good luck.

[Surfn]

I predict that this is not the last time we hear something like this about GoDaddy

[Ms Naughty]

Well, shit.

I've seen the other threads, but I was placing my trust in the locking system. But if the support won't react to an owner saying to stop the transfer... that's not good.

Meanwhile, TotalNIC won't let me transfer my domain at all "to prevent fraud".

So... what other domain registrars offer $8 domains? And are trustworthy?

[Torn Rose]

Quote:

Originally posted by grandmascrotum
So... what other domain registrars offer $8 domains? And are trustworthy?

You get what you pay for.

$0.02

[Ms Naughty]

Here is the relevant bit from Godaddy's Uniform Domain Dispute Resolution Policy (as approved by ICANN)
https://www.godaddy.com/gdshop/legal...IFORM%5FDOMAIN

If it's a standard ICANN thing, then perhaps the same thing will happen at every registrar.

5. All other disputes and litigation

All other disputes between you and any party other than us regarding your domain name registration that are not brought pursuant to the mandatory administrative proceeding provisions of Paragraph 4 shall be resolved between you and such other party through any court, arbitration or other proceeding that may be available.

6. our involvement in disputes

We will not participate in any way in any dispute between you and any party other than us regarding the registration and use of your domain name. You shall not name us as a party or otherwise include us in any such proceeding. In the event that we are named as a party in any such proceeding, we reserve the right to raise any and all defenses deemed appropriate, and to take any other action necessary to defend ourselves.

i.e. they wash their hands of it.

Ideally this should not prevent them from taking action against a thief WHILE THE THEFT IS TAKING PLACE...?

I'm going to write to Godaddy and ask what their procedures are...

I'm also wondering if this page helps people to hack into passwords...
https://www.godaddy.com/gdshop/faq/f...Fts%5Fpassword

[Cleo]

I used GoDaddy to register some domains names that had no value where I just wanted cheap. I hated their admin with all the advertisements and non of the time saving features that I'm use to. Guess I'm spoiled by DirectNic's admin.

I would never use GoDaddy for domain names that I care about after all the horror stories that I've heard.

[AcidMaX]

Yes they really said get a court order. I called within minutes of it being transferred from my account. I gave the women my domain and she said "Is your name mark anderson?" I said no and gave her my account number. She then said there was nothing she could do once it was in the other persons account (which is also with godaddy). You would think that they could see my acct and it just moved, or maybe confirm ips? I mean this happened and they didn't lift a finger. The supervisor "Bobby" even said, you need a court order. When I asked for the guys information he said "Wait for the whois information..." (like that is always accurate.)

I want any information on this guy I can get. And as i was sitting here thinking about people acting like its my fault for a possible lax password, thats bullshit. Theft is theft. This guy should burn and so should Go Daddy for fucking their paying customers out of their domains. The people getting fucked just get kicked while they are down.

Andy

[AcidMaX]

Is fetishcrawler.com still taken by this guy? I have some more inside information on this dude and I am looking for affiliate programs to check out some of the sites this guy has hijacked and to provide me with details if they can (All done anonymously of course.) I already have a few other aliases this guy uses as well as email addresses. I am working on getting details about this guys accounts he pays with. If those of us who have gotten screwed by this guy work together I think we can get him.

If fetishcrawler.com is owned by this guy and the design there is his, then I think he reads this board and knows us. Just look around his sites and you can see some unique things. Just observations, but this dude pissed me off. Now its all about principle. Dude is gonna pay the piper, and I hope there are some honest affiliate programs out there who are willing to lend a hand. If we can hit him in the pocket, he might come out of the woordwork, cause if he is scamming webmasters no doubt he is scamming programs too.

[Bill]

Andy, if it seems that we were holding you at fault, I can see how you might feel that way, but nobodies faulting you, it's more like we are wondering out loud what we can do to protect ourselves from the crime that happened to you.

You have my apologies if I sounded as if I blamed you, that wasn't my intention. I was trying to be fair, and not overly blame godaddy. (altho my personal opinion about godaddy is not good)

I think it's an excellent idea to try to get this guy. I'm sure a lot of people feel the same way.

[doublep]

Quote:

Originally posted by Bill
I assumed Acidmax was careless with his password or his password choice. Thats usually what it boils down to.

99 times out of 100 this is case.

When you are choosing passwords make sure they are at least 8 characters long - with #s and symbols like $ ! & (if supported) plus letters in upper and lower case

Don't make it easy to guess - don't make it a variation of a password already in use - don't make it related to your name, your business, date of birth, pets name, hobby, address... etc... Use a password generator!! Change your passwords a couple times per year

If you write your passwords down store them in a secure location (a locked safe for example) away from the computer.. if you store them on your computer use an encryption utility..


Hope you get your domain back Acidmax - best of luck to you :-)

[Ms Naughty]

I sent an email to Godaddy today asking for reassurance in the matter of domain theft.

Here is their reply:

Response from IAN H.
06/10/2004 10:11 PM

I will answer your questions in the order you posed them:

1. What are Godaddy's procedures for dealing with a complaint of fraudulent domain transfer or domain theft while it is happening? For example, if I found that an unauthorized person had unlocked my domain with the intent to change the registrant details, and I immediately rang and requested Godaddy to stop or reverse the changes, what procedures would be followed?

In this case a Go Daddy representative would assist you as the customer with logging into your account, making the neccesary changes to the domain and changing the password.

2. What documentation does Godaddy accept as proof of domain ownership e.g. invoices?

The registrant listed in the Who Is database must match one of the following:

Goverment issued photo identification

or if a company is listed under Registrant:

A copy of business license
Tax certificate (number alone is not acceptable)
"Doing Business As” documentation
Fictitious Name documentation
Articles of Incorporation

3. What action is Godaddy taking to ensure that their site remains secure from hackers and password thieves?

Go Daddy servers are monitored on a twenty four hour basis. We consistently update our site and software with the latest technology in an effort to thwart any attacks of that nature. Also Go Daddy maintains a SSL certificate, based on virtually unbreakable 128-bit encryption, we also are the Certificate Authority for the SSL certificate.

4. Will Godaddy implement a 24 hour waiting period between the unlocking of a domain and any further action on that domain name?

At this point I am not aware of any plans to implement this waiting period. However I will present it to our developers for consideration.

5. Will Godaddy consider allowing users to add a secondary, hidden email address, to circumvent thieves from changing the primary email and therefore preventing warnings from getting through?

I am not aware of plans to implement this. However I will present it to our developers for consideration.

Please let us know if we can help you in any other way.

Protect Your Privacy!

Sincerely,
Ian H.

GoDaddy.com
Customer Service Supervisor

General Support: 480-505-8877
Billing: 480-505-8855

---------

The first answer is what SHOULD have happened with AcidMax. The fact that it didn't happen means this answer doesn't reassure me much.

Perhaps those of us who still have Godaddy domains should also send emails expressing concerns about security. It may well make a difference.