IT.COM

Domain Theft Scare

Spaceship Spaceship
Watch

Ategy

Arif M, NameCult.com TheDomainSocial.comTop Member
Impact
17,389
MODS: "... I'm still not sure if it's a GD issue or an Afternic issue (why I didn't post this as a review) as it seems like a problem between both companies (so I see it more as potential industry problem as opposed to being specific to a single company."


So I was out giving little Steamie a nice Winter walk .. then i return home to check my emails and get the following eMail:

One or more domains you're monitoring were Unlocked.

Domain status notification.

We received a request that the status be changed to:


Unlocked


The request includes the following domain names:

______________.com



Immediately followed by:

Action required: Authorize your domain listings.

Authorize your participation in Afternic.

Thanks for choosing GoDaddy as your Afternic Premium Network registrar.

Before your domain name(s) can be listed for sale on GoDaddy and other Afternic resellers, you must authorize your participation in the Afternic program.

Authorize Now

The following domain names have been requested for sale through the Afternic Premium Network:

___________.com



Obviously I'm writing all this because I didn't initiate or authorise either option.

So immediately I log in to my account to see if the domain is still there .. It's NOT !!!

So I decide to call GoDaddy first as I'm still not sure if it's a GD issue or an Afternic issue (why I didn't post this as a review) as it seems like a problem between both companies (so I see it more as potential industry problem as opposed to being specific to a single company)..

(I'm still on hold after 53 minutes .. which even I have to admit is unusual).


I then try to access my transaction history and records .. but of course that hasn't been working FOR MONTHS as all I get from links to "Order History" is:

This page isn’t working
If the problem continues, contact the site owner.

HTTP ERROR 431


Incidentally, this is what I get on the account settings page:

Yikes
Something went wrong and we're working feverishly to fix the issue.
Please wait a bit and try again.



So now I can't even check if it's actually my domain, if possibly it never entered my account when I acquired it through GD auctions .. or if maybe I let it expire and someone else picked it up yet somehow my WhoIs info wasn't changed.


Finally I open my own Excel inventory and the domain isn't there and wasn't one of the ones I moved over to my dropped sheet (I had missed putting a few there, so I still am not 100%).


It isn't a particularly strong domain (it's a 16 year old website builder call to action), so I'm thinking I likely let it drop. Also doing a quick search of my emails I don't see a email receipt for the domain that includes with a recent renewal (although it could very well be I never actually received the domain I paid for).


I do seem to have the proper number of my domains in my account ~+/- 1% .. and there are domains SIGNIFICANTLY more valuable, so at this point I don't think it's an actual hack/theft, although not 100% sure.


Just wondering if anyone else has received this sort of message combination.


PS .. Still on hold with GoDaddy (53 minutes now).


The worst part is .. this isn't even my close to being my most serious security concern with them! I hate to always be saying GoDaddy's platform is total garbage .. but I don't complain for nothing .. I'm also the first to say fixing a platform of that size and scale to a secure and usable level is a serious challenge and nowhere easy as people think .. but it has to be said that their integrity of their platform is a COLOSSAL FAIL .. @Joe Styler and @Paul Nicks .. I'm sorry for being so critical .. but there is something seriously wrong on multiple fronts with GoDaddy and/or Afternic.


If anyone has any ideas on what's going on, please let me know


ADDED: Forgot to mention the WhoIs is still all my information
 
Last edited:
3
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
One or more domains you're monitoring were Unlocked.

This looks to me just like an alert of a domain you are monitoring.

ADDED: Forgot to mention the WhoIs is still all my information

So it looks that the domain is still yours :)

You should see it in your account then.
 
Last edited:
1
•••
So I decide to call GoDaddy first as I'm still not sure if it's a GD issue or an Afternic issue (why I didn't post this as a review) as it seems like a problem between both companies (so I see it more as potential industry problem as opposed to being specific to a single company)..

What I don't like about the Fast Transfer Network, is that once you have clicked on the "approve email", then no domain lock, and no auth code will be worth nothing for a domain transfer. Your domain will disappear from your account instantly and you just have to hope that Afternic will notice you about the sale and domain ownership change.
 
Last edited:
0
•••
Good luck getting the issue resolved. At least little Steamie is safe and secure.
 
3
•••
I get occasional random request to sell name at Afternic.

Honestly? See it as interest in the domain. (Though never Afternic-listed)

But they never went far to change "lock" status, Scary, indeed,.. Thanks for sharing.

Samer
 
Last edited:
2
•••
I feel for you. Good luck getting this sorted out.

As you wait on hold for the 2nd hour, just remember - this is by design. They could have more staff members, they could have better systems in place, they could tell us the truth when things go wrong, they could sort things out on the first contact instead of requiring weeks of back and forth.

They choose not to.
 
Last edited:
0
•••
Strange situation and stressful until you are sure what is happening @Ategy. It sounds possibly like Whois was not changed after an expiry, but surely that is not possible?

Hope you get rapid resolution. Please do update this when you find out what is going on.

Bob
 
3
•••
I am sorry to hear that and also that you had a long wait on hold. Our hold time goals are sub 5 minutes and usually under 2. What phone number were you calling and at what time? I'd like to have someone look into that.

It is hard to say without the domain name. But it does sound like a domain you were monitoring. If you have a backorder on the domain it will also monitor the domain and tell you things like the lock status changing. The monitor is there to let you know when there are updates that may help you get the domain you want. Like a change of ownership, expiration, if it is for sale at auction and many other things.

That is a guess from the subject you posted. One or more of the domains you were monitoring. It could also be a WHOIS in your name. Without the domain it is hard to say for sure.

If you send me the domain I can look into it.
 
5
•••
Strange situation and stressful until you are sure what is happening @Ategy.

Stressful AF, if you ask me.

stressfulaf.png


Good luck with getting to the bottom it, @Ategy
 
1
•••
Thanks for the reply @Joe Styler .. I just got a message from my rep (Jonathan) confirming what the person on the phone last night (Jeff) and I figured was the most likely case.

In the end I waited 1 hour 22 minutes before Jeff was able to answer the phone. Aside from that, as usual, the actual support itself was great .. he was very helpful and went over as much as possible considering the aftermarket team was already finished for the day. I called at 6:56pm Eastern (I think 4:56pm Arizona Time). When the premier team's phones are backed up that long, you might want to look into kicking the excess over to regular customer service.

Seems it likely was a perfect storm ...

1) I did own and renew the domain once, and then apparently I did transfer it out of my account. A couple years ago I did 3-4 mini-portfolio auctions and one batch of wholesale domains, which is why I didn't recall selling the specific domain.

2) I know back then I'd get bugs when I tried to push while selecting the Change WhoIS to new account contact info option. So that's likely the reason the whois was still the same.

3) As mentioned above, for several months I can't access my transaction history. So tracking down the info was a challenge. This effectively more than anything else was the root of the problem. If I had seen I didn't renew the domain the previous year, I would have simply assumed it expired and there would have been no need to panic.


Last night with Jeff we were at least able to establish the domain left my account a couple years ago .. so the panic was pretty much resolved at that point.

Jonathan knows the domain, all that's left is just make sure the current owner switches their WhoIs. Although it should be noted that the last time I gave someone a domain, changing the WhoIs again proved to be very buggy. (In fact, I just checked and the WhoIs indeed didn't change on my last one despite a couple of attempts. I hate being such a downer, because I know the GoDaddy platform is a monster and fixing things is nowhere near as easy as easy as people think .. but many of these issues are going on for months and even years in some cases. It's very frustrating.
 
Last edited:
6
•••
My day job is in the cybersecurity industry, so I'm acutely aware that many websites in the domain investing space are very insecure. I wrote an article and even did a podcast to outline steps to help you secure your domains - feel free to check it out. I can't post a link here as that's typically discouraged, but it's solid information if you're not already familiar with them.
 
0
•••
I sell domains regularly to end users who accept the domain at GoDaddy. Sometimes they don’t change the WhoIs. Other times they create a new GoDaddy account using my email address and just leave it like that, with my email on this new GD account. Then, due to these “imperfect” transfers that retain some of my contact info, over the years I get notifications that the domain will auto renew or is about to expire, and so on.

I’ve never thought when receiving such notices that a domain was stolen from me. At worst I’ve been mildly concerned enough to make sure that the domain is no longer reflected in my GoDaddy account in any fashion such that I’m not charged any renewal fees. I don’t even bother to pass along the notices to the buyer of the domain - I figure he’s on top of it himself in some way.

I’m a little confused as to why this series of events would have led you to think that something was stolen from you or why you’d jump the gun to create a “domain theft” thread.
 
Last edited:
1
•••
I’m a little confused as to why this series of events would have led you to think that something was stolen from you or why you’d jump the gun to create a “domain theft” thread.

I'm guessing you didn't read the entire thread?

I stated a couple of times that I wasn't sure whether the domain was actually still/ever mine or not. Then because I got the "unlock" email, I thought it indeed was still mine.

More importantly .. I didn't put "domain theft" .. I said "Domain Theft Scare" .. which it was .. and not at all the same thing .. although even then .. at the moment I wrote the thread I thought there was a possibility someone had hacked my account.

I "jumped the gun" because I was on hold with GoDaddy for over 50 minutes .. with zero indication if they were ever going to answer the phone .. so I turned to NamePros to see if anyone else had experienced anything similar or if anyone could come up with a idea I didn't think of.
 
0
•••
Absolutely sick to the stomach when this stuff happens.
 
1
•••
Absolutely sick to the stomach when this stuff happens.

Yeah .. usually I'm actually fairly good at tracking things down and figuring it out. I'm likely aware of more GoDaddy bugs than most of their own employees.

However this was just the perfect storm. Usually I copy domains I've sold or let expire to it's own sheet .. but this was part of a small number of domains I seemed to have wholesaled about 2 years ago .. and for some reason I didn't copy the domain to my "Out" folder. Plus I did recognise the domain and knew I acquired it in the past .. but obviously couldn't find it anywhere since I didn't move the domain in my master list. Beyond that usually it's just a matter of going into my account history to see if indeed I really did purchase / renew it .. but obviously with GoDaddy's long-standing bug preventing me from accessing my transaction history, I thought this might have been a case where maybe the domain never even hit my account (which has also happened to me in the past) .. or my biggest fear was that there was a bug somewhere between Afternic and GoDaddy whereby someone tried to add it for sale, which triggered an unlock of my account (big issue if it sold via fast transfer).

It also certainly does not help that within the 2nd email (to accept to afternic) is the very misleading sentence "The following domain names have been requested for sale through the Afternic Premium Network:"

A statement which leads you to believe someone is currently actively interested in your domain (which I've later learned isn't the case at all) .. as I've said several times .. it's not just the GoDaddy platform that's a disaster, it's also their automated emails are and communications .. which are often unclear or flat out wrong as in the case here.

Also .. it would help if we were actually able to push domains between accounts and it actually work when we force a WhoIs change. I just checked my last push .. and it too has the same issue and is still under my whois info despite going through the process of changing it at the start and then again once after.
 
Last edited:
1
•••
Yeah .. usually I'm actually fairly good at tracking things down and figuring it out. I'm likely aware of more GoDaddy bugs than most of their own employees.
You sure are you have helped me before.
 
1
•••
You sure are you have helped me before.

Yeah .. I've reported so many issues to GoDaddy in the past that for a while I actually started my emails to my rep with things like "Really sorry, I'm having another technical issue" .. it's gotten to the point where I just gave up. I've participated in a couple of sessions with their dev team as well. But the problems with GoDaddy's platform are very deep and have a wide spread ...

Out of concern for security I make it a point not to discuss currently ongoing bugs .. but let me just tell you that if anyone thinks GoDaddy's platform is secure .. they're very very wrong. And that's beyond the multiple significant (but not absolutely critical) platform/communication bugs/issues that I've mentioned here.
 
Last edited:
1
•••
I read the thread. You wrote a book on a non-issue. It wasn’t even so much GoDaddy’s fault here as that the transferee in the past didn’t, as I mentioned, remove any trace of your info from the domain after he acquired it. I’m no GD fan but here other than the “long hold time” what changed about the status of the domain that had anything to do with GD before and after your inquiry? But, if this is the thought process you needed to go through to figure it out at least you won’t be startled next time.

You don’t keep a spreadsheet or some kind of record of every domain you’ve ever sold? It takes me literally a second to search the name of a domain on any of my computers and if it’s been sold, inquired on, price quoted or - does not belong to me, I can determine that instantly. I don’t even need to search necessarily any spreadsheet directly - a Spotlight search of my computer’s hard drive is enough.
 
Last edited:
2
•••
You don’t keep a spreadsheet or some kind of record of every domain you’ve ever sold?

lol .. yeah .. but this is one that somehow slipped through the cracks .. it was a wholesale package deal of 3 domains that for some reason I didn't move over to my "out" sheet (the first thing I checked after checking if it was actually still in my portfolio). And because it was a wholesale sale .. I actually don't even remember selling it. Which led me to think maybe the domain was never even originally moved to my account after I got it at expired auction or closeout (something that has happened to me in the past a couple of times at least).

Once GoDaddy answered the phone (1.5 hours later), the rep was able to tell me the domain left my account 2 years previously .. so I was no longer in immediate concern .. and actually assumed I let it drop ..

Again .. perfect storm ... if it didn't take 1.5 hours for GD to answer the phone, this thread would have admittedly been quite different.

I know I should have kept better track of things .. but still doesn't change the fact that there were 3 separate GoDaddy issues/bugs that led to this problem.

1) Afternic email stating actual current interest in the specific domain (giving impression time was urgent)
2) Inability to change WhoIs on GD>GD pushes (for months/years now?)
3) Transaction History giving me a 431 error (for months now)
 
Last edited:
2
•••
I feel like I should just say here that I think @Ategy concern wasn't unreasonable given the circumstances. When you combine unexpected, confusing emails, with an admitted mistake in tracking with a bug that prevents access to transaction history, and combine that with Godaddy support an unreasonably long hold time I could see the cause for concern initially.

That said I am glad all is well, but it is a good reminder to be vigilant with security. It's why I use a really long randomly generated password on all my accounts, to the point where I will run into sites that tell me my chosen password is too long, and I use aa prper password manager to store them with a good strong master password and a Yubikey to access. Plus I put 2 factor on all accounts that support it, using my Yubikey where supported or an authenticator app code where its not. And I regularly change my passwords too. Hopefully this will serve as a reminder to all to use good security on not only your registrar account but all online accounts.
 
0
•••
Actually .. given the specific domain and the fact the number of domains in my account was more or less as expected (always fluctuating a bit), my first thought was not of my account necessarily being hacked, but of there being an Afternic bug that possibly grabbed the domain from my account after unlocking it. But honestly .. my mind raced through a multitude of possible scenarios .. but the sad truth giving the history at GoDaddy, the most likely is usually some kind of bug. In this case it wasn't actually a bug .. but in getting to the root of the problem there were two bugs and one flat out incorrect and misleading email.

As my hold time got longer I actually thought it was because there was potentially a huge security causing tons of people to call in. But again .. for that .. my delay was because my calls get pushed to premier services .. although I have no idea how long I would have waited otherwise? I have to admit usually it doesn't take too long for GD to answer the phone.

In the end you can have the strongest passwords in the world .. but if the platform itself is full of bugs and not actually secure, then a good password is pretty meaningless.
 
0
•••
Not the same issue, but I regularly get other people trying to add my names to Afternic fast transfer. Every time I contact Afternic to complain about fraudster and remove it. They have taken care of it every time. I don’t blame you for being very worried. There are some real nefarious characters in this business like in most.
 
0
•••
I regularly get other people trying to add my names to Afternic fast transfer.

Yeah .. so do I .. but in this case I got that email coupled by an email saying my domain had been unlocked.

I know the language says a domain you've been watching .. but that's the default language when we unlock our own domains. Again .. GoDaddy's automated emails are a disaster .. and a part of their problems.
 
0
•••
Be careful with links in the email... Sometimes the emails themselves were fake!
 
0
•••
Exactly what I thought occurred - you sold it and the new owner didn't change your WHOIS info - this happens to me all the time, from unlocks to renewal messages to transfers. This week I got a renewal notice from GoDaddy then later an invoice from an auto-renew.

I have a pretty good memory for this stuff, but just to be sure, I look at the "SOLD" area in my database and make sure it's a previous sale.
 
1
•••
Back