Has my domain been hacked?

[Jake Hoffman]

Any help for this problem I'm facing would be greatly appreciated.

This happened to my mom yesterday.

When trying to go to the website for her business, she just got a generic landing page instead of her site.

When she told me I immediately checked the whois information for her domain and found it is now owned by a random person in Estonia instead of the company who manages her website in South Africa. And it's now available for sale as a premium domain for $4000!

I've been reading and following discussions on namepros for about a year now, deciding whether to start buying and selling domains, and have heard of some scam tactics for tricking you into transfer of ownership, but is it also possible for your domain ownership to be "hacked" and transferred? Or perhaps for the company managing the website to have been hit by some virus?

Sorry I'm still pretty new to this, and still learning terminology, and what sort of threats exist in the domain industry. Any advice on what might have happened, what to research, questions to ask the company website company or perhaps a better forum for these questions would be so much appreciated!

Thanks for your time
Dr Jake

TLDR: My mother's business website is now magically just a generic landing page, owned by a random person in Estonia, and for sale for $4000. What happened?? Please help!

 

[weblord]

i remember i forgot to renew one of my best kept domain and one of the members here helped me by renewing them for me and charging it afterwards, at least here we know that we are one big family.

 

[urlurl]

most likely the case, always best to manage your own names.

 

[Kate]

The domain was created on 04 March apparently:
http://co.za/cgi-bin/whois.sh?Domain=lymphatictherapy.co.za+&Enter=Enter
It could have been deleted the very same day, and registered shortly after by a dropcatcher.

What I can tell from an old zone file on my end is that the domain did already exist in 2014:

lymphatictherapy.co.za.    86400    IN    NS    ns887.websitewelcome.com.
lymphatictherapy.co.za.    86400    IN    NS    ns888.websitewelcome.com.

Was it hosted at Godaddy by any chance ? Is this where you registered the name?

It's hard to tell what could have happened. Your mother should have a paper trail in the form of invoices, renewal confirmations, credit card statements etc. She should be able to tell when the name was due for renewal.
But the domain probably had been non functioning for weeks when it was deleted.
.co.za domains take a long time to delete, and notifications are sent to multiple contacts.
The schedule is published here: http://www.coza.net.za/schedule.shtml
Somebody(ies) must have been asleep at the wheel...

Maybe the webhost dropped the ball and did not renew the domain in time, so it lapsed. Suggesting it was 'stolen' sounds familiar and looks like a poor excuse to cover up for some clerical blunder. Then they need to provide full details and timeline of events.
Lesson #1: register and maintain domains yourself, do not delegate this to a webhost, reseller or webdesign guy EVER. And don't use the same company for domain names and hosting.

If you contact Uniforum, they should have all the details but quite frankly this will not get you the domain back. The domain was deleted at some point, and this is a new registration.
A theft looks very improbable, that would mean somebody, somehow forced an early deletion of the domain to re-register it. That's not how domains are usually stolen. A thief takes over the registrar account (either by phishing or compromise of the admin E-mail address) and then transfers the domain away. The original creation date is not altered as a result.

 

[BlueprintMedia]

Hi,
Did your mom forget to pay the yearly renewal fee on the domain?
Just recently I purchased a domain that had expired (5letter.com).
The previous owner failed to respond to Godaddy's renewal emails and the domain expired.
Well, she contacted me furious as she seen her domain on my landing page with a FOR SALE price tag of $3,000 dollars.
Long story short, after some negotiating, she had no choice to purchase "her" domain back from me.

To me, this sounds like a similar situation that your mom might be in..

If that's not the case and you strongly feel that your mom paid the yearly renewal fee, then the best way is to contact the registrar that your mom was using to host her domain with.
The former registrar can provide more in depth details as to:
-Did the domain expire?
-Was it transferred maliciously?
-Were the NameServers changed without her consent?
If the former registrar finds that fraud was involved in the transfer of the domain, then the registrar can ask for the domain to be returned.
If she failed to renew the name and let the domain expire, then your mom will have to negotiate with the new owner to obtain her old domain back.

Regards,
Jaime

 

[Name Trader]

most likely the case, always best to manage your own names.

Even that can also be a problem if you go into a sudden coma for x months or years.

 

[Jake Hoffman]

Dear weblord. Just so we are all on the same page, the website is managed entirely by a third party company, and is my mother's website, not mine. I'm posting on her behalf.

I'm still in government practice and thus don't have a need for a personal website currently.

I haven't updated this thread yet as we have still not heard anything from the company managing the site, but suspecting they may have let renewal lapse.

I will post an update as soon as I have more information.

In the meantime you can be assured that blood, sweat and tears are going into the management of my patients.

Kindly,
Dr J

 

[weblord]

forgot to renew the domain and then it dropped. as simple as that. someone from here registered it on my favor.

 

[Jake Hoffman]

Solved! I think / hope.

I used an internal authorization code which the seller suggested I try and now it's processing the transfer.

Whew! I've certainly realised there's only so much you can learn from reading about domain name buying/selling/transferring. The actual process can be quite cumbersome for newcomers. I'll definitely be trying out some other registrars who hopefully have a more stream-lined process.

Thanks again everyone, feeling relieved to almost have the domain back under control.

Certainly a lesson in why you should always manage your own domains! I'm just thankful it wasn't too harsh a lesson in the end, as I also think the seller could certainly have pushed up the price knowing that he was negotiating with the original owners. Although all's well that ends well!

Thanks again for the support and advice along the way, I really appreciate it. This is such a great forum for anyone remotely interested in the ins and outs of the domain industry, and just glad it exists!

Have a good night/day/morning/afternoon wherever you are!
Dr J

 

[soidav]

You should contact your registrar right now and report this issue.

If you would provide us with the name, we could tell you better what exactly happened.

Possibly she didn't renewed the domain name.

 

[weblord]

i guess the doc forgot to renew the domain, forgot to update this thread and I hope doc will not forget his patients.

 

[Jake Hoffman]

i remember i forgot to renew one of my best kept domain and one of the members here helped me by renewing them for me and charging it afterwards, at least here we know that we are one big family.

Thank you, yes, agreed 100% that one should manage their own domains. That's why I've been learning about it before I make my own site. Unfortunately my mom is not quite as tech-savvy and so has needed to hire someone to manage this for her!

And yes, the namepros community is by far the most helpful I've come across so far! So thank you to everyone for the advice

Kindly,
Dr J

 

[weblord]

good question. im not sharing account with friends, i have my own account.
when something happen, the blame's on me of course.

im just telling a story where i forgot to renew one of my domain and it's my name domain and one of the member here renewed it expecting nothing in return, of course as long as i pay it or that member is not expecting something since i can always say no, but he risked his registration fee to renew it.

 

[Kenny]

Hello Dr. J,

If you would share the domain name with us, NamePros has some very good investigators who I'm sure would take a cursory look and at the very least tell you whether it had dropped because it failed to renew.

Good luck.

Peace,
Kenny

 

[Name Trader]

Transferring to GoDaddy is one of the more tricky transfers to do. You need GoDaddy's Transaction ID and Security Code, and you will also need the Auth (EPP) Code from the losing Registrar. It's kinda overkill. If you have any problems related to the transfer (which it seems you don't), just provide this information to GoDaddy's Transfer Concierge, and they will do it for you. But they will need all 3 pieces of information.

I would expect your relationship with your previous webhost/developer is in tatters. And I would definitely not recommend you use them again. But you should at least try to get from them the latest copy of the website they have from them, before you terminate that relationship.

Since the domain will be registered at GoDaddy. I would definitely recommend that you do not use GoDaddy for hosting the domain. As @Kate has also recommended above. So you would need to find an alternative host.

Glad to see this has almost worked itself out. Mostly these things don't work out so well.

PS: I just remembered. You should check the registration details in your GoDaddy Control Panel after you have received the domain. To make sure you agree with them. GoDaddy have had a nasty habit of retaining the ownership details from the previous owner. The reason for which I cannot understand when you have purchased the domain from the previous owner.

 

[weblord]

yes it was hacked or domain hijacked. report it at once.

pm'd you some links where to report it.

 

[weblord]

i think it all started when you click on an unrecognized link in your email instead of going to the website itself.
and you fell for it and did the transfer yourself.

I've been reading and following discussions on namepros for about a year now, deciding whether to start buying and selling domains, and have heard of some scam tactics for tricking you into transfer of ownership, but is it also possible for your domain ownership to be "hacked" and transferred? Or perhaps for the company managing the website to have been hit by some virus?

 

[golan]

More likely no renewal in time; less possibly something was hacked. But post the domain here or send it to anyone of us in private.

 

[weblord]

yes we're here to help you out, just give the domain or direct message it to one of us so we can investigate accurately or we're running out of speculation that fast.

Any help for this problem I'm facing would be greatly appreciated.

This happened to my mom yesterday.

When trying to go to the website for her business, she just got a generic landing page instead of her site.

When she told me I immediately checked the whois information for her domain and found it is now owned by a random person in Estonia instead of the company who manages her website in South Africa. And it's now available for sale as a premium domain for $4000!

I've been reading and following discussions on namepros for about a year now, deciding whether to start buying and selling domains, and have heard of some scam tactics for tricking you into transfer of ownership, but is it also possible for your domain ownership to be "hacked" and transferred? Or perhaps for the company managing the website to have been hit by some virus?

Sorry I'm still pretty new to this, and still learning terminology, and what sort of threats exist in the domain industry. Any advice on what might have happened, what to research, questions to ask the company website company or perhaps a better forum for these questions would be so much appreciated!

Thanks for your time
Dr Jake

TLDR: My mother's business website is now magically just a generic landing page, owned by a random person in Estonia, and for sale for $4000. What happened?? Please help!

 

[creataweb]

Expired probably.

 

[weblord]

silence means yes?

Expired probably.

 

[LarryDomain]

*fakenews*

 

[Jake Hoffman]

Thank you for all your replies. I have passed on the info and waiting to here back from the company managing the website whether they let the domain expire. Will update when I know more!

 

[Monarchies]

Refer to the replies above, hope she gets it back man!

 

[weblord]

Doc, i know in your profession you are a busy man, let someone handle it for you. You can take me as your assistant in the future.

i hope you regain it back

Thank you for all your replies. I have passed on the info and waiting to here back from the company managing the website whether they let the domain expire. Will update when I know more!