NameSilo

Epik and your plan

Labeled as information in Warnings and Alerts, started by johnn, Sep 15, 2021

Replies:
125
Views:
10,113

  1. Pairadice

    Pairadice Established Member

    Posts:
    266
    Likes Received:
    178
    I checked it out (again), but it seems that one needs a PhD in computer programming in order to add all these sites and set up the proper DNS configuration.. they expect you to know what CURL is and how to do programming.. why can't they make it easy and simple.. like EPIK's interface...
     
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. frank-germany

    frank-germany domainer since 2001 / musician VIP

    Posts:
    9,122
    Likes Received:
    13,720

    why don't you use their automated DNS detection?
     
  3. zenon

    zenon Established Member ★★★★★★★★★★

    Posts:
    63
    Likes Received:
    3
    Difficult to see. Always in motion is the future.
     
  4. Pairadice

    Pairadice Established Member

    Posts:
    266
    Likes Received:
    178
    I use that for individual domains, on occasion, but I would have thousands to upload for my entire portfolio they need a bulk uploader... otherwise I would be doing them one at a time... and it appears you have to use the API to do bulk
     
    Last edited: Sep 23, 2021
  5. eurorealtor

    eurorealtor okre.com VIP

    Posts:
    1,899
    Likes Received:
    1,863
    I used to have just one domain with Epik in the past - testing the registrar.
    I never closed the account and my EU home address and personal phone is most likely exposed to the public.
     
    Last edited: Sep 25, 2021
  6. poweredbyme

    poweredbyme Top Contributor VIP

    Posts:
    1,257
    Likes Received:
    851
    I always consider to create an account epik as their transfer fee is low and they are one of the few registrars who accept bitcoin. But I didn't have time for it. Although I am politically socialist and they are conservative, it's business.
     
    Last edited: Sep 25, 2021
  7. VadimK Iberica

    VadimK Iberica Established Member

    Posts:
    870
    Likes Received:
    1,533
    I'd rather post my opinion here (mainly general thoughts about Epik), rather on ''neighbors threads'' which for the most part is filled with hate, gloat, speculations, unproven info and just a bunch of bullshit. To me, it's best to divide the whole problem in three parts:

    1) How good Epik is as a platform
    2) How good is their security
    3) Rob's political and religious believes (simply because it's a huge ''thing'' for many, all of a sudden)

    1. Epik is an awesome platform to work with. Easy to manage names, comfortable import-export, lots of statistics (views, Who.is, Alexa, PageRanks etc), different parameters to check across and categorize. Then there are awesome landing pages that you create in minutes, there is a marketplace which you can use as your website basically, there are NameLiquidate auctions, appraisals (for those who need) and other features. I've been with 5 other registrars (still with some), but none of them come close in terms of ease and comfort of managing names. Their customer service is outstanding, even though I don't have to go to them a lot, soon you realize you know all these guys by names, chatting pretty much like with an old friend to many.
    Is the above said a reason for me to stay? Yes, absolutely.

    2. How good is (was) Epik's security? They got hacked, it's a fact. That can happen to anybody. Could they do better to prevent it? We don't know it in fact, but it's possible, and now it seems as an extremely obvious thing to me that the security measures will be raised to an absolute maximum for this not to happen again. And do we really know how other registrars keep their information, and what are the odds for leaks and hacks there? We assume just because we don't hear lots about them that their systems are secured well, but we have no idea about it in reality.
    So, emotions aside (''how could they....!!! Epik Fail....!!!), isn't Epik's ''lesson learned'' the reason to stay? My answer is again ''yes''.

    3. Rob Monster's beliefs. That's the most entertaining part for me, I personally wouldn't care less even if he preyed on Carl Marx, but for many folks his conservative views is a red rag to a bull here. There are clearly people that are against his views, others complain that he is mixing them with business.
    I only talked to Rob a couple of times (heard no ''Heil Hitler!''greetings, I swear!) and saw a few interviews, but it very much seems to me that he really and truly supports the idea that EVERYBODY has the right to be heard as long as it does not break the law. In other words, if someone is IamAnIdiot.com, and other registrars are like: ''he is an idiot, we don't want him'', he's point is ''hey, if you come to me, you can show you are an idiot from here, you have the right to do so''. But this position nowadays unfortunately makes you a target. It is a fundamental problem for our society (that becomes more and more totalitarian), which simply wants to silence certain views, while heavily promoting others, that way too many people/companies/groups are just being labeled (thus being ''cancelled'') for exposing different opinions.
    Staying for what you believe openly now is a revolutionary act, which only shows what kind of perverted world we are living in.
    To sum the third point up: do his beliefs affect my decision to keep domains with Epik? No, not a single bit. But on a personal level I like people who stand for what they believe is right, regarding conjuncture and pressure.

    So, 3-0 for me in favor of staying.
     
  8. asxforum

    asxforum Top Contributor VIP ★★★★★★★★★★

    Posts:
    3,637
    Likes Received:
    556
    Epik.com is still the best domain registrar on the internet regardless off being hacked it will just make the company stronger .

    Maybe a rebranding is due .
     
  9. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    14,166
    Likes Received:
    27,322
    Just a heads up, for people not staying updated...

     
  10. jhm

    jhm Glazed

    Posts:
    3,604
    Likes Received:
    4,976
    These hackers aren't libertarians, thinking about "the people", or being helpful ...they're cyber pests
     
  11. scithe

    scithe Upgraded Member Gold Account ★★★★★★★★★★

    Posts:
    334
    Likes Received:
    377
    I don't see it listed on TPB. I don't want to download 300GB but I'd like to snag a copy so I can see what information of mine they actually have. Wonder where it is being shared.
     
  12. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    14,166
    Likes Received:
    27,322
    I think the data would be very hard to go through for the average person, but these are reportedly full bootable disk images of the server. Unless some information has been removed, it is likely safe to assume whatever is on the server has been breached.

    One serious question is about the ID documents that Epik had. Were they stored on the breached server, or in a more secure location like cold storage?

    https://www.dailydot.com/debug/anonymous-new-epik-leak/

    WhiskeyNeon, a Texas-based hacker and cybersecurity expert who reviewed the file structure of the leak, told the Daily Dot how the disk images represented Epik’s entire server infrastructure.

    “Files are one thing, but a virtual machine disk image allows you to boot up the company’s entire server on your own,” he said. “We usually see breaches with database dumps, documents, configuration files, etc. In this case, we are talking about the entire server image, with all the programs and files required to host the application it is serving.”

    The data includes API keys and plaintext login credentials for not only Epik’s system but for Coinbase, PayPal, and the company’s Twitter account.
     
    Last edited: Sep 30, 2021
  13. Future Sensors

    Future Sensors 78% of human domainers will be replaced by robots Gold Account

    Posts:
    2,420
    Likes Received:
    8,252
    My quick conclusion is that you're not a security researcher :sneaky: My advice to anyone wanting to download a copy to play with, is to check the applicable laws in your country before you proceed. And remember this, ET may be able to phone home. Learn proper forensic procedures as well.
     
  14. frostify

    frostify Top Contributor VIP

    Posts:
    1,833
    Likes Received:
    974
    I prefer domain registrars that don't require me to sign up to credit monitoring agencies.
    Unfortunately, I was directly impacted by this security breach, had to cancel my debit card, and am actively involved with all the major credit reporting agencies to be on the lookout for fraud.

    Aside from the credit monitoring program, Epik has offered nothing to their customers as compensation for the incredible inconvenience this has caused. I think it would have been a gesture of goodwill for them to offer something to customers who were directly impacted while also laying out a roadmap for immediate and future steps they plan on taking regarding their security somewhere accessible from the homepage on Epik.com. It seems Epik is hesitant to publicly acknowledge the hack on their homepage, instead emailing existing customers.

    I think stepping up and 'owning' their mistakes is the right path forward.
    I suggest Rob write a detailed blog post + security road map and link to it from the header on Epik.com.
     
    Last edited: Oct 2, 2021
  15. frostify

    frostify Top Contributor VIP

    Posts:
    1,833
    Likes Received:
    974
    For anyone looking to see if they were impacted in this breach, rather than downloading 300GB of data that was illegitimately acquired, just go to HaveiBeenPwned.com and type your email in that was associated with your Epik account. They will let you know if your data was found in the breach (as well as other past breaches).
     
    Last edited: Oct 2, 2021
  16. Future Sensors

    Future Sensors 78% of human domainers will be replaced by robots Gold Account

    Posts:
    2,420
    Likes Received:
    8,252
    The data included there is only a subset, the data breach includes more data sets.
     
  17. Bob Hawkes

    Bob Hawkes Top Member NameTalent VIP Gold Account Trusted Blogger

    Posts:
    7,859
    Likes Received:
    26,862
    This morning Epik forced me to reset my pw on login. I had reset it shortly after the notification of breach a couple of weeks ago.

    Are others encountering that, or is it something on my account? I think forcing everyone to change pw is a good idea, just wondering if that is what they have now done.

    Bob
     
  18. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    12,097
    Likes Received:
    11,003
    No changes for me, I just logged in.
    Probably, because 2FA SMS is activated for my account.
     
  19. karmaco

    karmaco Top Contributor VIP

    Posts:
    3,233
    Likes Received:
    9,009

    It won’t force you if you enable two factor which everyone should have on.
     
  20. Mister Funsky

    Mister Funsky Top Contributor VIP

    Posts:
    5,638
    Likes Received:
    21,715
    I've change PIN, email address and password...more than once. I will continue to change the PIN and password on a regular basis until the site is rebuilt or repaired to prevent further breaches. I never received a forced reset...I assume it is because I've been changing my info.

    ADD: as karmaco and jurgen say above, it may be because I had 2FA...EVERYONE should have 2FA on EVERYTHING
     
    Last edited: Oct 5, 2021
  21. karmaco

    karmaco Top Contributor VIP

    Posts:
    3,233
    Likes Received:
    9,009
    Just so you guys know they are automatically changing our pins for safety. So know your current pin before you contact customer service. I assume this is a new security feature.
     
  22. eternaldomains

    eternaldomains Established Member

    Posts:
    490
    Likes Received:
    333
    I asked through their chat the other day, they say it's a one-time manual pin refresh for all accounts.
     
  23. NewDayBrand

    NewDayBrand Liquidating Domains Currently Gold Account

    Posts:
    1,390
    Likes Received:
    243
    My experience was that Epik's service was always top notch. Rob himself was very responsive when I needed to get in touch with him. I hope with all my heart that the storm will pass and I hope the best for epik.
    I will not transfer out my names.
    I'm sure they will find a way to secure everything.
     
    Last edited: Oct 10, 2021
  24. ixex

    ixex Final Product ★★★★★★★★★★

    Posts:
    884
    Likes Received:
    247
    I received that notice and and changed the PW, last week.
     
  25. SirDrago

    SirDrago NAME JEDI VIP ★★★★★★★★★★

    Posts:
    4,599
    Likes Received:
    9,874
    Changing your password now is equivalent to putting on a condom after she tells you she's pregnant.

    This morning hackers running bots tried to access my account.

    Screenshot_20211011-084303_Messages.jpg

    Two years ago I warned Rob that his 💩platform was vulnerable.

    Screenshot_20211011-093125_Chrome.jpg


    Nothing was done...
     

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
Topics / Tags:
biix
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice
Loading...