But what if...

[rupert]

Okay, basically, a friend of mine was recently hacked. The hacker managed to get onto their Hotmail account and change all of her details, (security question, password etc). She can't get it back.

Thankfully she says this paticular hotmail account wasn't used for anything too important, (just membership on youtube and a couple of other things), but this has got me thinking...

What if the email WAS used for important things such as registeration on Whiz.in, GoDaddy.com etc etc? What if it was the email address used in your whois info?

How could you stop the hacker from getting away with your domains?

 

[bobdigital]

you could change the administrative email address for your domains.

 

[rupert]

can you elaborate?..
I don't understand.

 

[nielsencl]

If someone has access to your email acccount and you are using it for things like domains, Paypal, etc, then the only thing you can do is go to your accounts and change the emails that are used. Most accounts will allow you to request that your password be sent to you, so if the hacker has your email account, or can get into it, they can get into most other things that you have.

For example, if a hacker got into your Godaddy account, they could transfer your domains into another Godaddy account if they wanted to. Since it would look like YOU transfered the domains, you would have a really tough time getting them back, I think. Although Godaddy might accept your story and help you... maybe.

So, if this happens you need to change the email account, BUT you ALSO need to change your password, because you will not know if or when they have gotten that information as well. You could change the email account and if they have the password they could just go in when they want to and mess with your account and change the email address again...

It's a great topic and I'd like to hear from others what they suggest you use for password security? In the past I heard that if you use a password that is 11 characters long it makes it much harder to be "broken". That, plus using upper and lower-case letters, some numbers, and characters like "!" and "-" help to make it more secure. Example: prO-DN!es28

Another security risk is to use the same password at more than one place. If someone finds your login information they might try the same thing on other sites. I have actually done this with great success.

We have a classified ad site and scammers have to register to post scam messages. When I find a scam ad for cell phones or other junk, I disable the account and note the email, username, and password the scammer uses. I then take some of their text from their ad and search for it in Google. I can always find some ads, so then I go to the sites, use their information to log into their account, and change their passwords, email address, and delete their ads. Or at least I could...

 

[rupert]

Thanks for that.

This bit interests me especially-

For example, if a hacker got into your Godaddy account, they could transfer your domains into another Godaddy account if they wanted to. Since it would look like YOU transfered the domains, you would have a really tough time getting them back, I think. Although Godaddy might accept your story and help you... maybe.

I'd be curious to hear if anyone has faced a situation like this, and what GoDaddy (or whichever registar they were using), actually did about it. I assume that there will be a way to get the domain/s back. Maybe by calling GoDaddy/etc from the same phone number that was in the whois before the hacker changed it to their own?

 

[phppoddotcom]

Thanks for that.

Maybe by calling GoDaddy/etc from the same phone number that was in the whois before the hacker changed it to their own?

If they keep track of it at all.

 

[nielsencl]

There was a member here that sold some domains to a person. He was paid via PayPal and then pushed the domains into the person's Godaddy account.

Then the charge was reversed. It turned out someone had used a stolen credit card. When the seller contacted Godaddy, they couldn't/wouldn't help. The money did not go through GD and the seller make the transfer himself, so any problems were between the two people and didn't really involve Godaddy in a way that they could take action. After all the seller could have been lying about it...

But if someone breaks into your account and does things, there would be log files to help determine what was going on, and I think/hope that Godaddy would help you get it fixed.