IT.COM

Moniker is Done

Spaceship Spaceship
Watch
As many know the registrar Moniker was sold to a new company at the beginning of the summer. Before this sale it was my main registrar for hundreds of domains. I had good security and decent support during a 10 year period as one of their first customers back when Monte ran the show and started the company. It was sold to Snapnames at some point but not many changes were made that were a detriment.

However this recent sale has imho destroyed the registrar completely. It took me a few months to get all domains moved but it was vital I did so. Security has gone to hell. My account was compromised multiple times and they seemingly refuse to explain. I get replies about how my emails or password must be compromised which is IMPOSSIBLE. I'm 100% secure on my end. I tried multiple times in detail to explain this fact to them but no dice. Apparently extra users were added to my account and somehow people are logging in even as recent as this week. Yet my password and emails are definitely secure.

Sean Love is suppose to be their support rep supervisor and even though I requested multiple times to speak directly with him, the best I got was a rather generic email from him about how it appears my email was compromised and I need to reset it to regain my account. Total and utter nonsense.

I've wasted countless hours since the sale and had my main sites redirected after DNS changes I did not authorize even though I have portfolio maxlock. They couldn't explain any of it but what's worse is they just didn't bother investigating fully. So my confidence in their security is zero and all my domains are now at different registrars with modern security features like 2FA as well as better customer support.

I'm done with Moniker forever. I suggest those who use them now consider a move unless you don't value your domains. If you're thinking about using Moniker to register new domains. Please reconsider. No one with an ounce of sense should be using this company any more.
 
4
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Snapnames were hacked a while ago, along with other registrars. And even back in the days of Monte they were storing passwords in plain text... I think this registrar has always been overrated by domainers from a security POV.
 
2
•••
I've also been leaving Monkier - it is not worth the hassle and risk being there - I have under 5 domains still to exit.
 
0
•••
If you have an account with Moniker contact me immediately.
 
0
•••
4
•••
Yes - I had the exact same reaction when I saw that message this AM - plaintext, with my account and new password, without my requesting it. WTG, Moniker!!!

Oh and somehow I now have THREE logins with 3 different passwords, even though I have ONE account?

Spent some time this AM doing transfers. When I'm done the only thing left in there will be a few straggler .us names that I'm still debating where to relocate. They've totally jumped the shark.
 
1
•••
Check your IP logs - bottom left column of your account - for any suspicious logins around 9/23/2014
 
2
•••
Oh and somehow I now have THREE logins with 3 different passwords, even though I have ONE account?
I have 2 accounts and one has 1 domain, the other has 2. I found the email odd as it did land in spam, sent from [email protected] and it seemed "off". Thought it was a scam.

The new password for your account XXXXXXX is as follows XXXXXXXXXXXXXXX. <- Don't know what that is

Please find below passwords for the sub accounts that we found in your settings:

XXXXXX XXXXXXXXXXXXXXXXXXX <- 6 digit, with the 1 domain
(I moved all my domains out but 3 that I couldn't because of transfer locks when Moniker decided to give up my privacy info while I was on vacay, checking if I can now)

Edit: Looks like Moniker created a new account and the account I had is now a sub account (been a while since my last login). The sub accounts that they changed passwords for, can't change passwords on. So, anybody can login to those? The main account you can change a password on. However, what can a sub account do? O.o
 
Last edited:
0
•••
Check your IP logs - bottom left column of your account - for any suspicious logins around 9/23/2014

Nothing unusual - nothing around that date except for my login on 9/29.
 
0
•••
My new password isn't working.

When getting a new one, they ask for - Current password

Is that the one you've been using, or the new one they sent in the email?
 
0
•••
@JB Lions , the passwords in my email worked. Except I was confused as the "sub account" was my main account last time I checked Moniker. I left them a long time ago and just forgot to transfer these others out since it's a pain.
 
0
•••
@JB Lions , the passwords in my email worked. Except I was confused as the "sub account" was my main account last time I checked Moniker. I left them a long time ago and just forgot to transfer these others out since it's a pain.

The passwords they sent to me worked as well. But after I login, you're supposed to get new passwords. When I tried logging back in with the new password I chose, it didn't work.

"Please reset your passwords to one of your own choosing that meets the new password requirements at your earliest convenience."

Which I did, now I can't get back in. Was wondering if it was because of this:

"Current password

Is that the one you've been using, or the new one they sent in the email?"

Not sure of they mean the one I've been using or the new one they sent in mail. Not sure if that has anything to do with not being able to login now.

I think I'm with a lot of people and only have a Moniker account because of auctions that send domains over there. Can't imagine why anybody would use them besides that, especially today.

Then the accounts and sub-accounts stuff. They're a mess.
 
Last edited:
0
•••
So far several people report the same IP accessing their accounts on 9/23. This indicates a large list of customer credentials was put to use in order to validate the credentials.
 
0
•••
I have had 2 separate phone calls already today with moniker.

Received the email. Went immediately to start the process of seeing if I could login. I was able to, but none of my domains were there. I was logging into this phantom account created when they launched their new system.

So I called. They sent a new email. I was not able to login with the account and pass next to my customer id. But I was able to login using the details lower in the email for one of the sub accounts. But after logging in using sub account details, it does not allow a change in the password. It gives the error that only main account user is allowed to do that.

Called again. They supposedly sent another email to reset. I never got it. I also am now not getting any transfer code emails or renewal duration changed emails.

No transfers will be taking place for while...
 
0
•••
Last edited:
0
•••
SMH.

Sorry to see some of you experiencing needless headaches with Moniker. Goes to show anything can change, some for the worse.
 
0
•••
$hit....someone logged into my account on 09/23/14.

Here is the IP address: 88.150.178.59
 
0
•••
And they sent the user names and passwords in plain unencrypted text! I can laugh because I moved all of my names out except those I wanted to drop over a year ago. (And I'm even regretting leaving those in there.) Hard to believe there was a time when Moniker was a top registrar. Harder to believe a registrar can be managed so abysmally.
 
0
•••
0
•••
Who is that crazy keeping such domains like BIT.COM on Moniker?
 
2
•••
I tried to warn Moniker. The disrespect they showed my warning is indicative of the type of company they now are. You can see from my original post how adamant I was that my account from my end was 100% secure. They dismissed me. A supervisor never called me to investigate further my claims. These people are IDIOTS and I hope that Moniker falls into the abyss like RegisterFly.

I don't think this is Shellshock because I was reporting this problem long before that bug was discovered and released. They're just too stupid to do forensics and fix their bugs. But if I was to tell them that they wouldn't believe it again either so what's the point. These people are inept.

For those with suspicious logins. Check to see if any extra user accounts were created. That's what they did with my account and I suspect that's the origin of the exploit. For all I know they can use tamper data to alter the input of adding an extra user onto any account simply with a uid change to the input. Tried to point them in the right direction on this.

After I left I told Moniker to delete my account. Glad I did so.

If anyone plans a class-action against Moniker LMK. I'm in. You should see by my own contacts with them that a security breach had occurred and they REFUSED to do anything about it. That's negligence. It's cost us all time and money and for me it's caused personal anguish and suffering. These mother F'n clowns should be put down and suffer just as much as we have. The hatred I now feel for this company is off the charts.

Looks like I got out just in time.

Edit: Looks like Moniker created a new account and the account I had is now a sub account (been a while since my last login). The sub accounts that they changed passwords for, can't change passwords on.

That's what I told them.That a new account I did not create existed. That account somehow was able to get added and bypass their portfolio maxlock. I warned them explicitely of this but they did ZERO investigation into it. I can prove NEGLIGENCE just on the contacts I sent them.

As for credentials...Moniker used UIDs for their customer account numbers that were incremental. So account number 1000, 1001, 1002 could easily be checked. These are not based on random usernames. They are number uid's which any hacker can exploit a LOT easier to find login credentials.

88.150.178.59 is a datacenter probably VPN for anonymity. My logins were from Egypt and Lebanon. I could very well have been the first exploited account as I'm often a personal target of these things. Once I left though my guess is that exploit was sold in the blackhat community and use maliciously across multiple accounts.

But again...Moniker was warned. They were told. They were given an opportunity to investigate this and probably stop it. They IGNORED ME and the clear danger to all their customers.

Anyone who lost high profile expensive domains and needs me to testify I'll be very very very happy to do so. I can go to a lawyer and get an affidavit.

Punish these clowns people. Make an example of them to the Registrar community that security comes first and you don't ignore ANY possible breach. Yes, I'm mad and angry over this.

Looking over my contacts it appears on August 27 my account was stolen. I log into it weekly to make sure it's secure. One day my domains were redirected and I knew I had a problem at Moniker. I could still login which was nice. However upon checking I saw DNS changes to my domains and I'm like "WTF, I have portfolio maxlock and only with my 100% secure security questions can they do that". I call Moniker immediately. I was able to undo the DNS changes but HOW did they do that was the question. IP logs showed the login from Egypt and Lebanon. But then I finally saw the extra user account and I KNEW that was the breach.

I have the contacts still from Moniker. IMHO they are 100% proof of their serious negligence.

Anyone in media wishing to ask me questions please feel free to contact me via PM. Anyone going after Moniker legally should also contact me. I'll be super happy to help with what I know and my experience. This could have EASILY been prevented if they had simply not ignored my very clear warning about this exploit.

I gotta end this rant. I can go on all day. Sorry for the long read.
 
0
•••
Moniker have sent customers an email admitting domains were stolen but saying they have identified which ones.

We take all reasonable steps to ensure the protection of domain names managed on our platform and understand that the safety and security of your assets is of upmost importance. With that in mind, we constantly assess system vulnerabilities and work towards quick resolutions to known issues.

In the past several weeks, we have seen suspicious activity on our platform which included login attempts to various accounts from unknown sources. We have reason to believe credentials to the accounts in questions may have been obtained through exploitation of the Heartbleed Bug published earlier this year.

In addition to suspicious activity, there have been brute force attacks against Moniker accounts resulting in unauthorized domain name transfers. Our staff is working diligently to identify instances of unauthorized transfers and to revert them as soon as possible. To date, we have recovered any domain that was transferred without authorization.

More info and numbers for the Monkier exodus here https://www.namepros.com/threads/mo...ins-to-transfers-in-june.835719/#post-4713568

I was telling people to avoid Moniker years ago because they clearly had no interest in fixing reported bugs or improving their systems - I expected it to keep getting worse. It's ironic that they chose to make it truly worse by creating new systems.
 
Last edited:
0
•••
I never understood why domainers favored this Registrar to begin with, It was the "Domainer Registrar" with a interface that sucked, I had a hell of time transferring out ymy own domains, part of their "great security" con job, and support took it's sweet time getting back to me, And later when they got too big and partnered with Snapnames, you HAD to use them for any domains won at Snap auctions, and if you wanted to sell at TRAFFIC you had to move ALL the auction names there, otherwise pay an additional 5% commission... Moniker's way of "winning your business"
 
0
•••
At one point Moniker was run by competent people trying hard to offer security and support to professional domainers. Moniker was sold and support suffered. Moniker was sold again and now security has suffered. But there was a point when Moniker was one of the top choices. Obviously Moniker has lost their good reputation but for some years they did well.
 
0
•••
In 2004-2006 Moniker was impossible to transfer domains out of without a lot of hassle. It was a fort, ran by Monte. It was not my registrar of choice but for the small portfolio I kept there it was ok. Resold twice, Moniker has become a paradigm of what not to do as a domain registrar.
 
0
•••
Back