Has my domain been hacked?

[Jake Hoffman]

Any help for this problem I'm facing would be greatly appreciated.

This happened to my mom yesterday.

When trying to go to the website for her business, she just got a generic landing page instead of her site.

When she told me I immediately checked the whois information for her domain and found it is now owned by a random person in Estonia instead of the company who manages her website in South Africa. And it's now available for sale as a premium domain for $4000!

I've been reading and following discussions on namepros for about a year now, deciding whether to start buying and selling domains, and have heard of some scam tactics for tricking you into transfer of ownership, but is it also possible for your domain ownership to be "hacked" and transferred? Or perhaps for the company managing the website to have been hit by some virus?

Sorry I'm still pretty new to this, and still learning terminology, and what sort of threats exist in the domain industry. Any advice on what might have happened, what to research, questions to ask the company website company or perhaps a better forum for these questions would be so much appreciated!

Thanks for your time
Dr Jake

TLDR: My mother's business website is now magically just a generic landing page, owned by a random person in Estonia, and for sale for $4000. What happened?? Please help!

 

[IMEZI]

i forgot to renew it, someone's been monitoring. i think it's williamrnabaza.com or the other one without the initial. and he said he renewed it for me. to make long story short i still got the other one without the initial.

still confused with words/terminology you used...
RENEW mean renewal or extending domain lifetime through the very same register company account, how do another people could access your account for renewing your domain?

Buying it, or dropcatch or bidding or registering the dropped domain could be done without the originated account. Are you sure still standing on the word RENEW?

 

[weblord]

forgot to renew the domain and then it dropped. as simple as that. someone from here registered it on my favor.

 

[Jake Hoffman]

Hi everyone, apologies for the delay in update, the people managing the site were not responding to emails and not answering phone calls, rather worrying to say the least.

My mom spoke to them today and they are still claiming someone "stole" the domain who they are trying to contact with no success. Also there is some confusion about the issue of renewal. She was notified by the company managing the site about payment for renewal of their agreement, which she says was paid although was 5 days late (given 1 week notice instead of the usual month they give). I don't know their terms of service or liability in these matters, but was wondering what the normal recourse is for these issues? Note that I'm writing from South Africa.

It strikes me as odd that someone bought an expiring/dropped domain and wouldn't respond to requests about it as I thought they would be trying to offload the domain for profit as is usually the case with picking up unrenewed domains. Either way i feel like the company managing the site is hiding something and not being truly transparent around the issue of renewal / non-renewal of the site.

Any further advice or suggestions would be appreciated. My mom has lost and continues to lose important business as a result

I'll keep updating as I learn more.

Thanks again for the support and advice.

Kindly,
Dr J

 

[Kenny]

Hello Dr. J,

If you would share the domain name with us, NamePros has some very good investigators who I'm sure would take a cursory look and at the very least tell you whether it had dropped because it failed to renew.

Good luck.

Peace,
Kenny

 

[Jake Hoffman]

Hello Dr. J,

If you would share the domain name with us, NamePros has some very good investigators who I'm sure would take a cursory look and at the very least tell you whether it had dropped because it failed to renew.

Good luck.

Peace,
Kenny

That would be much appreciated, thank you.

The domain is lymphatictherapy.co.za

 

[Kate]

The domain was created on 04 March apparently:
http://co.za/cgi-bin/whois.sh?Domain=lymphatictherapy.co.za+&Enter=Enter
It could have been deleted the very same day, and registered shortly after by a dropcatcher.

What I can tell from an old zone file on my end is that the domain did already exist in 2014:

lymphatictherapy.co.za.    86400    IN    NS    ns887.websitewelcome.com.
lymphatictherapy.co.za.    86400    IN    NS    ns888.websitewelcome.com.

Was it hosted at Godaddy by any chance ? Is this where you registered the name?

It's hard to tell what could have happened. Your mother should have a paper trail in the form of invoices, renewal confirmations, credit card statements etc. She should be able to tell when the name was due for renewal.
But the domain probably had been non functioning for weeks when it was deleted.
.co.za domains take a long time to delete, and notifications are sent to multiple contacts.
The schedule is published here: http://www.coza.net.za/schedule.shtml
Somebody(ies) must have been asleep at the wheel...

Maybe the webhost dropped the ball and did not renew the domain in time, so it lapsed. Suggesting it was 'stolen' sounds familiar and looks like a poor excuse to cover up for some clerical blunder. Then they need to provide full details and timeline of events.
Lesson #1: register and maintain domains yourself, do not delegate this to a webhost, reseller or webdesign guy EVER. And don't use the same company for domain names and hosting.

If you contact Uniforum, they should have all the details but quite frankly this will not get you the domain back. The domain was deleted at some point, and this is a new registration.
A theft looks very improbable, that would mean somebody, somehow forced an early deletion of the domain to re-register it. That's not how domains are usually stolen. A thief takes over the registrar account (either by phishing or compromise of the admin E-mail address) and then transfers the domain away. The original creation date is not altered as a result.

 

[golan]

the people managing the site were not responding to emails and not answering phone calls

As i replied you in PM, do you / your mom have a contract with those "people"? If yes, sue them. If not, don't complain.

It strikes me as odd that someone bought an expiring/dropped domain and wouldn't respond to requests about it as I thought they would be trying to offload the domain for profit as is usually the case with picking up unrenewed domains.

This domain can hold some value only for a bunch of therapist in ZA, including your mom. So, no high profit expecting. However, did you contact them via this form https://uniregistry.com/market/2/domain/lymphatictherapy.co.za ?

 

[Jake Hoffman]

Thank you for your responses, I am going to try and get paper trail details and see what comes of that. Thanks again

 

[Jake Hoffman]

Hi all, thanks again for the support and advice. After much discussion, it appears both my mom and the hosting company were at fault, but the paper trail is lost as they don't keep backups of all invoices past a few months it seems. Allegedly they sent an invoice to renew the domain which was only paid after the domain expired. The exact dates are difficult to pin down. However it seems they have reached an agreement of how to proceed, registered a new domain and uploaded an older version of the site to the new domain address.

The new owner has contacted me however, and is offering to sell the domain back for $180, which he said would be "the bottom. It's a little bit steep in my opinion, but I also understand this is how some domainers make their living. I'm willing to buy back the domain, but wondering if it's worth trying negotiate a lower price?

He's also recommending doing a transfer via PayPal payment. I was just wondering if PayPal is a reliably secure method of paying and receiving the domain back or if I should rather use escrow? I have only registered my own domains before and haven't done any transfers!

Thanks again for all the help, it's really appreciated.

Kindly,
Dr Jake

 

[anf]

The new owner has contacted me however, and is offering to sell the domain back for $180

Hell, this is VERY cheap, if it would be me i would ask something like $2000, so Buy it RIGHT NOW.

He's also recommending doing a transfer via PayPal payment.

It's secure for you, you always can open a dispute (even if you get the domain)

 

[golan]

If he says this is the bottom, then it's the bottom. From another hand, he knows he would not sell this domain to anyone but you, ever. So if you tell him "my best bid is $50, ant that's it", then he might sell it to you. Eventually. But here it's another question: would you be needing this domain in a half year, for example. If you want it now, to re-launch the site on the original domain, then i'm afraid he will use the time factor against you.

Re Paypal: this is very small sum to bother with escrow services. But let him send you paypal invoice: with sum, and note "payment for domain xxxxx". And if he insists you send payment without invoice, also make this note "payment for domain xxxxx". Then you are covered by paypal for a case he doesn't deliver.

Good luck!

 

[Jake Hoffman]

Hi everyone, one more, almost, final update (hopefully)!

It seems like everything has gone well with payment and transfer of the domain, however having a small problem with Godaddy accepting authorization for the transfer.

After making payment through PayPal, I went to my account on Godaddy and bought a domain transfer for the domain. I wasn't prompted to provide an authorization code throughout the payment process or at all, but afterwards received an "initial authorization for domain transfer" email from them saying my authorization is required as I'm listed as the Registered Name Holder for the domain and gave me a transaction ID and a security code. Told me to log in and follow instructions, which were not very helpful. I simply cannot find anywhere where I should submit these authorization codes, yet on domain manager it just says the domain is pending transfer in and authorization still required.

I feel like this is the final hurdle!

Any ideas how to finally finalize the transfer and get across the line? Am I just missing something staring at me in the face?

Thanks again,
Dr J

 

[Jake Hoffman]

Hi again, I tried authorizing the transfer in but it liste dthe authorization code as "N/A" and when I tried to proceed I got a message saying the authorization for transfer failed. I'm guessing because I haven't received an authorization code for the transfer from the current owner? Oddly though my email address is listed as the admin email for the domain already. What am I missing here? First time trying to do a transfer and Godaddy isn't proving to be all too user-friendly. Should I cancel the transfer and start again trying to transfer the domain into Godaddy? Or should I be worried that the current owner might not transfer the domain? Any advice would be appreciated!

 

[creataweb]

^ This is one reason I prefer places like Epik and Namesilo over GD.

 

[Jake Hoffman]

Solved! I think / hope.

I used an internal authorization code which the seller suggested I try and now it's processing the transfer.

Whew! I've certainly realised there's only so much you can learn from reading about domain name buying/selling/transferring. The actual process can be quite cumbersome for newcomers. I'll definitely be trying out some other registrars who hopefully have a more stream-lined process.

Thanks again everyone, feeling relieved to almost have the domain back under control.

Certainly a lesson in why you should always manage your own domains! I'm just thankful it wasn't too harsh a lesson in the end, as I also think the seller could certainly have pushed up the price knowing that he was negotiating with the original owners. Although all's well that ends well!

Thanks again for the support and advice along the way, I really appreciate it. This is such a great forum for anyone remotely interested in the ins and outs of the domain industry, and just glad it exists!

Have a good night/day/morning/afternoon wherever you are!
Dr J

 

[Name Trader]

Transferring to GoDaddy is one of the more tricky transfers to do. You need GoDaddy's Transaction ID and Security Code, and you will also need the Auth (EPP) Code from the losing Registrar. It's kinda overkill. If you have any problems related to the transfer (which it seems you don't), just provide this information to GoDaddy's Transfer Concierge, and they will do it for you. But they will need all 3 pieces of information.

I would expect your relationship with your previous webhost/developer is in tatters. And I would definitely not recommend you use them again. But you should at least try to get from them the latest copy of the website they have from them, before you terminate that relationship.

Since the domain will be registered at GoDaddy. I would definitely recommend that you do not use GoDaddy for hosting the domain. As @Kate has also recommended above. So you would need to find an alternative host.

Glad to see this has almost worked itself out. Mostly these things don't work out so well.

PS: I just remembered. You should check the registration details in your GoDaddy Control Panel after you have received the domain. To make sure you agree with them. GoDaddy have had a nasty habit of retaining the ownership details from the previous owner. The reason for which I cannot understand when you have purchased the domain from the previous owner.

 

[DnEbook]

Is Dr J related to Dr Phil ?

 

[golan]

GoDaddy have had a nasty habit of retaining the ownership details from the previous owner.

Right. I'm still getting tons of emails from them re domains i sold there years ago. Annoying as fuck.