25 LLLL.COM domains was stolen.

[aaron123]

25 LLLL.COM domains was stolen.

The domains were transferred out of my GoDaddy account and were moved to a namesilo.com and 22.cn.

The following list of domains was stolen and is currently in the process of being reclaimed:

CJQP.COM
GKJM.COM
JHGS.COM
KBXM.COM
KGRQ.COM
KQLD.COM
KQMP.COM
KRNX.COM
KRPZ.COM
KSWN.COM
KWMZ.COM
KXDP.COM
KZGF.COM
KZTQ.COM
MTYN.COM
RZJB.COM
SXDF.COM
DRQW.COM
RQCQ.COM
PQKT.COM
QFPW.COM
GYLZ.COM
GGYL.COM
GYLG.COM
GYLN.COM

Please don't buy those domains.

 

[aaron123]

Download ATF Cleaner and use it.
Also..
Right click your C: drive hit properties "Clean disk" select all OK
(Assuming Windows O.S)

No this problem.

 

[discobull]

I use two browsers to test.The result is the same.I have modified the password in a browser, and the other browser can still operate the domain name management

Changing browsers is not enough.

 

[aaron123]

Changing browsers is not enough.

I mean, I logged in to GoDaddy with two browsers, one of which was out of the browser, and the other was to be synchronized.Two browsers like two computers

 

[discobull]

I mean, I logged in to GoDaddy with two browsers, one of which was out of the browser, and the other was to be synchronized.Two browsers like two computers

I don't understand what you mean but if you're still typing on the same computer as before and there's a key logger on that computer then everything you type is recorded and sent to a hacker.

The problem is not GoDaddy. If someone found a way to bypass account passwords they would be going after bigger accounts than yours and you would hear many people saying their domains were stolen today.

 

[aaron123]

My computer has been installed on the new system.

 

[aaron123]

I don't understand what you mean but if you're still typing on the same computer as before and there's a key logger on that computer then everything you type is recorded and sent to a hacker.

The problem is not GoDaddy. If someone found a way to bypass account passwords they would be going after bigger accounts than yours and you would hear many people saying their domains were stolen today.

I mean, when I change or reset the password, the hacker should be log out on godaddy.

 

[discobull]

My computer has been installed on the new system.

The problem is most likely something on your end, but I can't say for sure where the problem is without being there. Maybe you should turn on 2FA again until you figure out where the problem is? Even if you have trouble accessing your account, at least you'll have secured your account until you figure out how to solve the problem.

 

[SirDrago]

I would definitely call GD and LOCK/RETIRE that entire account and have them create and push to a new one.

 

[discobull]

I mean, when I change or reset the password, the hacker should be log out on godaddy.

If the computer you use now is compromised, it doesn't matter how many times you change the password because the hackers will always know your new password.

Like I said to you before, create a new email address using a different computer. Then log into Godaddy and change both the email and password.

 

[aaron123]

If the computer you use now is compromised, it doesn't matter how many times you change the password because the hackers will always know your new password.

Like I said to you before, create a new email address using a different computer. Then log into Godaddy and change both the email and password.

You think about hackers have logged in to your account. You have found it and immediately changed the password, but hackers can still operate your account.Hackers don't need to know what your new password is.
Most of the time we will feel that after the modification or reset the password, hackers can not operate our account

 

[discobull]

You think about hackers have logged in to your account. You have found it and immediately changed the password, but hackers can still operate your account.Hackers don't need to know what your new password is.

I'm sorry but there's a language problem and I'm having trouble understanding you.

The last thing I would suggest is to change the name in the whois contact information for ALL your domains. That will prevent anyone being able to transfer the domains out for 60 days. Make sure you change the NAME, because changing the address, email address, and phone number won't do anything. Good luck.

 

[aaron123]

I would definitely call GD and LOCK/RETIRE that entire account and have them create and push to a new one.

You are right.

 

[Joe Styler]

How many of us have more than 200 domains and/or annual spending with more than US$5k / US$10k?

This should be offered to all accounts, at least in an automated SMS/phone way. No need to waste manpower to call us. I wonder what's the volume of transfer GoDaddy handles each day, but investing in such a system should make good sense in the long term.

HiChina is one registrar that requires SMS verification before they allow domain push or request of auth code. It frustrates me few days ago (must be their week long holidays) when I'm not receiving their SMSes, but it's working fine now. At least I know it's secured.

We do not offer it on a transfer level we offer it on an account level. If you cannot get into the account you cannot unlock the domain name and get the authorization code or approve the expedited transfer away. You need to be in the account to be able to do that. Even a normal customer service rep at Godaddy would not be able to push your name away, so the thief would have to have access to the main account which is why it is important to add 2fa to the main account.

 

[Joe Styler]

You are right.

When Godaddy returns stolen domains it is standard procedure for us to make you have a new account and then move the names to that new account. I would also change the email address on your main account to one you know is secure, there are several email providers that offer 2fa on your email accounts as well such as gmail which is an added layer of security.
I also think it is a good idea to use a different email address on your Domain accounts than you use on your whois addresses. This is key because many thieves use the whois to phish people for their domains pretending to be a registrar etc. If you know that the whois email is not one that you would be receiving account related emails on and one that is difficult for thieves to figure out it is another helpful step in preventing things like this.

 

[Joe Styler]

Wait WHAT??? How's that possible @Joe Styler ?

Please aaron123 let us know if Namesilo will act as professionals or not. I am all for deleting untrustworthy registrars from my list of potential ones.

Not sure how someone can operate your account if you changed the pw unless they have access to your account email still or if they have a key logger or similar malware etc where they can follow along with your updates.

 

[SirDrago]

My vote is key logger or infected bios.

 

[Joe Styler]

My vote is key logger or infected bios.

It may be something like that, which is why I would besides doing checks to clean things up also enable two factor auth as the thieves would still need to get a hold of your phone to continue to log into your accounts. Also if there is malware found I would be dilligent about changing your login info on other sites such as your bank and email etc.

 

[SirDrago]

It may be something like that, which is why I would besides doing checks to clean things up also enable two factor auth as the thieves would still need to get a hold of your phone to continue to log into your accounts. Also if there is malware found I would be dilligent about changing your login info on other sites such as your bank and email etc.

Agreed 100%

 

[discobull]

I also think it is a good idea to use a different email address on your Domain accounts

I agree with this and this is what I do, but it frustrates me that GoDaddy is set up to undermine this basic security measure. Using a different email address for an account is only effective if the email address is kept secret. Unfortunately, anytime a domain is pushed into a GD account ( this happens anytime I win an expired domain auction ) the whois email address is set to be the account address even when the whois defaults are set to something else.

I always have to rush to remember to change the email address before anyone sees it, but I expect that I'll at some point forget to do that so I wish this problem would be corrected.

 

[NameOmnia]

I agree with this and this is what I do, but it frustrates me that GoDaddy is set up to undermine this basic security measure. Using a different email address for an account is only effective if the email address is kept secret. Unfortunately, anytime a domain is pushed into a GD account ( this happens anytime I win an expired domain auction ) the whois email address is set to be the account address even when the whois defaults are set to something else.

I always have to rush to remember to change the email address before anyone sees it, but I expect that I'll at some point forget to do that so I wish this problem would be corrected.

AGREED.

The only solutions we are left with is privacy protection ( paid service at GD ) which is quite counterproductive if you want to sell the name OR a second bridge-account kept empty and only used for transferring, pushing, winning auctions etc. But then again when you push to your other account your email will be seen...


In addition as the majority of thefts seem to occur with GD acounts it would be a good idea to forbid people to expedite transfers IMO. At least give your customers the option to choose if they want the ability to expedite transfers or not.

It is time to become a more secure registrar GoDaddy

 

[discobull]

AGREED.

The only solutions we are left with is privacy protection ( paid service at GD ) which is quite counterproductive if you want to sell the name OR a second bridge-account kept empty and only used for transferring, pushing, winning auctions etc. But then again when you push to your other account your email will be seen...


In addition as the majority of thefts seem to occur with GD acounts it would be a good idea to forbid people to expedite transfers IMO. At least give your customers the option to choose if they want the ability to expedite transfers or not.

It is time to become a more secure registrar GoDaddy

I'm not sure that even privacy would help because I think it can't be turned on until after the domain is already in your account.

 

[Skyvisum]

Thanks I hope GoDaddy can help me get back my domains

Sorry Aaron.Very Painful To Hear Of Your Experience.I pray you recover everything.

 

[NameOmnia]

I'm not sure that even privacy would help because I think it can't be turned on until after the domain is already in your account.

Then I think the best way is : bridge account + privacy enabled for all the other names in the primary account.

As we said, though, if they hack your computer or you click on a fake email then there is nothing there to protect you UNLESS @Joe Styler & GD will finally decide to forbid expedite transfers and/or to give customers the options to set it up at account level.
Another solution would be to introduce a 2factor transfer process : the email code + let's say a PIN number that only the owner of the domain knows. This way the issue would be easily solved.

The 2fa is a good and a bad thing at the same time considering how difficult is to get the messages outside the US so maybe GoDaddy has to move on? Personally I think I will use them less and less and transfer all the names I want to keep to a better and more secure registrar.

 

[discobull]

The 2fa is a good and a bad thing at the same time considering how difficult is to get the messages outside the US so maybe GoDaddy has to move on? Personally I think I will use them less and less and transfer all the names I want to keep to a better and more secure registrar.

Note that there are services that provide virtual numbers that will receive sms so if security is worth it to you can get a USA phone number and use it for 2FA.

 

[Nile Patel]

Sorry Aaron. Hopefully you will recover your names, keep checking whois on the name or check on namebios if it is sold or on estibot to check it is already for sale again by someone.

I m not sure but i have notice when someone push the name from one account to other all the data is still staying on previous owner's name, so may be that owner can get it back if they want or why godaddy do not change it automatically I do not know why, but it is lots of work for me to go each name and change data everytime when i buy names. And yes godaddy do not allow to change all the data as bulk you will get error I even talk with Tech Support they say you have to do manually each name no bulk update allowed.