Duke

Warren Weitzman's worst nightmare has just come true. He has been in the domain game since 1994 but Weitzman has never seen anything like this. Somehow over a dozen domains have been stolen from his Enom account and he thinks the break-in may have occurred as high as the registry level. Even worse, the thefts may not have stopped yet:
Major Domain Hijacking Alert: Industry Pioneer Warren Weitzman Has Over a Dozen Domains Stolen From his Enom Account

__________________
DNJournal.com - The Industry News Magazine
NameNewbie.com - The Beginner's Guide to Making Money with Domain Names

Ramblr

This is really scary news.

-REECE-

I know another domainer who had domains mysteriously vanish from his eNom account last year - seemingly without reason. Scary news indeed.

mis_chiff

Isin't there a way to find out the info of the scammer
through Fastpark.net?
You'd think they'd bend over backwards to help.

Ms Domainer

*

Enom has a lot of explaining to do.

They either have a thief on their staff, or security gaps as wide as North America and a whole lot of incompetence.

In any case, it's getting scary out there.

*

__________________
Food for Thought So live that you wouldn't be ashamed to sell the family parrot to the town gossip.

bmugford

I never felt comfortable with domains at Enom myself, security being one of many reasons. I want to hear Enom explain exactly how this happened.

Brad

__________________
DataCube.com - Buy and Sell Premium Domains

trendicator

i think warren may have some key-logging virus on his computer...

__________________
120 LLLL.COMs for sale now!

matt_bodis

NameDrive could probably help him out since it is parked with them.

I'd be interested in knowing the ip addresses of the perpetrator(s).

gemstar

This could only be done from the top level.Inside job.
Best thing to do is ask for records of confirmed transfer by owner.If there is none then the registrar should be at blame

snoop

You can just about bet that his email account has been hacked vis soical engineering/keylogging etc (I've never really heard of names being stolen in any other way than due to a compromised email account), and the names gradually stolen. I don't see any reason why it would involve Verisign. Enom generally has only average security. He probably needs to be with Moniker or Fabulous.
????: NamePros.com http://www.namepros.com/industry-news/598026-hijacking-alert-industry-pioneer-has-muliple.html

The reason is still shows in his enom account is likely because it is recently transferred out. I would suggest he look very carefully at what sort of security his email provider has, somebody has probably added a redirect or something like that. He probably needs to hire an expert ASAP if name are stil being stolen, it will potentially be costing him more and more every day as some of those names are probably being bought by 3rd parties. Richard Lau would be my suggestion.

SpareDomains

There is a register sync issue which I have experienced at enom and moniker over the years where I transfer a name out to a new register and it still shows at the old register as well for a few weeks before it disappears, in a case like this if using enom or moniker your domain could be stolen for weeks before noticing the theft as it appears in both accounts, I currently have 1 domain I transfered from moniker to godaddy 1 week ago and it still shows in my moniker account as well, I wish enom & moniker if possible would fix that sync issue as I don't experience this at godaddy or fabulous and if a name is gone it should disappear in real time as it would tip someone off sooner to a possible theft as seeing a domain disappear from your account weeks after the fact is a lot of time for a thief to bounce it through a few registrars.

Auraka

No this is an Enom issue....not a Verisign issue until proven otherwise....I hate speculation and the clear issue here is the domain owner and enom

---------- Post added at 12:19 AM ---------- Previous post was at 12:02 AM ----------


????: NamePros.com http://www.namepros.com/showthread.php?t=598026
This is an issue with many registrars showing domains in your account that may have been transferred out, however this doesn't show how the "hack" happened as your issue is a known issue. There are a few registrars that are very good at identifying domains that are no longer are in your account; godadaddy, dynadot, etc.

Vrytek

I'll second that.

Interesting read below
Is Your PC Part of a Botnet?

__________________
v05.com | CellCafe.com | MetabolismBlog.com | OnlineSecurityThreats.com | MutualFundsNews.com | ChemotherapyRecovery.com
ManhattanMap.net | Cervicitis.net | KaraokeMicrophone.net | ViaticalInsurance.net | LagerBeer.net | VhsPlayer.net for sale. PM me

networkmsia

or maybe if he was using a Wi-Fi, his neighbor could be sniffing the packets, and thus easily steal the passwords.

__________________
Do you need some motivation ? Do you need a healing ?
Malaysian Webmaster
Website Development Malaysia

snoop

Yes, he probably deleted or redirected the email.

---------- Post added at 04:23 AM ---------- Previous post was at 04:23 AM ----------

Very unlikely.

D-K

Same here Brad

All my most valued domain's are at Moniker and Fabulous.

I will be moving every domain I own to Fabulous within these next few weeks you can't beat there security and service.

labrocca

Can I please give some advice to domainers?

Use an email forward for your registration email. This protects you in two ways.

One...the hacker doesn't know your actual email address.
Two...you can't hack into a forward because it's not a pop box.
Three...use for the forward email address a domain you own.

An example setup.

1. I own example.com.
2. All my domains are registered at owner@example.com
3. I redirect all owner@example.com emails to owner@gmail.com
????: NamePros.com http://www.namepros.com/showthread.php?t=598026

This offers stronger protection because the hacker can't actually break into owner@example.com no matter how hard he tries. At best he can get into the hosting account but since you still have registrar access you can just change DNS to a new email provider and the old host is useless and so is his access. This will give you time to fend off a thief.

You can also use Moniker or Fabulous as suggested. I prefer Moniker. It's moments like this that express very well the real dangers of stolen domains. I could care less about how great GD support is if they can't help you get a stolen domain back. I know this is Enom but their security is obviously just as flawed. Warren is going to now waste many hours and some money fighting this. I am sure some anxiety will also ensue.

This is a very real shame.

__________________
:$: Support Forum <-- My latest endeavor.:loveyou:
Debate Forums Free Online Sudoku My vBum Blog

networkmsia

Good tips.
Rep added

__________________
Do you need some motivation ? Do you need a healing ?
Malaysian Webmaster
Website Development Malaysia

snoop

If they can get into the secondary email account then getting into the registrar account is probably only a short matter of time. The above solution does sounds better than something isp hosted directly on the whois record though.

vacumer

years ago i lost a domain in enom,and they restored it to me in 3-4 days
while they can , why NOT?
i guess enom have a thief in staff that they didnt care about these domains.

Domagon

Keylogger comes to mind. And many of the loggers batch data, so looking at the modem data lights is no good.

eNom registry / registrar sync is pretty accurate, but delayed by too long. I've noticed that eNom syncs tend to lag by around a week or so. eNom needs to fix that.

Moniker, last I checked, was far worse - some domains never being synced until far after expiration. eNom at least tries.

Good suggestion by labrocca about using an email forwarding account. Not full-proof, if one has a keylogger in their computer, but can slow down the hacker long enough so the registrant has time to notice there's a problem and address it.

A very effective protection against domain hijacking is constant monitoring; never use whois privacy services - many times, especially for high profile domains, often someone will notice something is wrong and will try to contact the registrant, even that means using google, DomainTools, etc to find the original registrant contact info.
????: NamePros.com http://www.namepros.com/showthread.php?t=598026

Ron

__________________
Domagon - Website Management and Domain Name Sales

SpareDomains

????: NamePros.com http://www.namepros.com/showthread.php?t=598026
My point being whether it is a known issue or not is that it has been this way for years and with an increase in thefts it needs to be fixed and should not be considered acceptable. If a domain is no longer in your moniker, enom, etc... account it needs to not show in the account in real time so the domain owner has a quicker alert when domains are stolen. I consider it a scary thought that anyone that goes and looks at their domains at moniker and enom among others right now actually have no idea if those domains are really there without doing a manual one by one check because their systems don't sync with the registry correctly in real time. If fabulous and godaddy among others can sync up in real time then the rest need to as well. What good is finding out a domain you are staring at in your account has actually been stolen 2-3 weeks ago, little late of a notice I think.

Domagon

To digress a bit, but in follow-up to SpareDomains comments.

The registrar sync issue is just as messy with "thick" registries, such as .ORG. One would think that all .ORG registrars would simply update / use what's in the master .ORG registry, but some, including eNom, often don't...

I found that out the hard way awhile back when I sold a .ORG domain and pushed it to another user on eNom's platform ... push went through fine, and the buyer updated the whois info right away. However, when they tried transferring it out to another registrar, that new registrar queried (and in my view, correctly) the whois info stored in the master .org registry to determine who the registrant was...

Made for a confusing situation in which the new registrar thought I was the one who had requested the transfer, because that was the info stored in the master .ORG whois, while I was mystified for awhile as to why I was getting transfer-out notifications, since the domain was longer in my eNom account and eNom's whois showed the new owner. It took me awhile to realize that eNom sometimes updates the master .ORG and sometimes not - I've noticed some my other .ORG domains, and that other registrants, at eNom are mis-matched.
????: NamePros.com http://www.namepros.com/showthread.php?t=598026

Sync issues have existed since the introduction of multiple registrars in the late 90s, but one would expect that sync problems to be a thing of the past, but 10 years later and it's still happening. ICANN should require all registrars to follow a standard syncing procedure, but that's likely asking too much of ICANN

Ron

__________________
Domagon - Website Management and Domain Name Sales

gamingmaster

This is why I don't use enom. Its too expensive and risky at the same time.

labrocca

This is why you don't publish that email address anywhere. You only use it as a pop box to grab emails forwarded to it. They can't break into what they don't know exists.

If you have your mail client setup to grab email from the pop3 box then a keylogger is useless. Even a keylogger won't get them the pop box email address.
????: NamePros.com http://www.namepros.com/showthread.php?t=598026

For those worried about keyloggers...look into scramblers.

KeyScrambler Personal - Free software downloads and reviews - CNET Download.com

That's free too.

__________________
:$: Support Forum <-- My latest endeavor.:loveyou:
Debate Forums Free Online Sudoku My vBum Blog