I've been hacked.

[Ali]

My Accounts have been hacked. Do not respond until I clearly confirm. My accounts are still hacked

 

[Goncalo]

One possible vulnerability vector used by the hacker might have come from the analysis of screenshots you showed on the tutorial you made in the domainsherpa - me thinks.

 

[Megist]

Take care of yourself. I hope, nobody wil have such this problem. it is very bad.

Good luck

 

[Daniel Mac Sweeney]

I hope you catch the f**ker,

The Domain community is the best I've dealt with, everyone is so nice and understanding, easygoing and friendly.

It's assholes like this that drive me mad. But if we all stand together, listen to the advise from others and work together we can stand against vermin like this.

I hope all your assets are safe & secure.

Let us know if you catch him or her!.
Dan

 

[Domaingel]

Also check if your router is infected. It's a new trend to infect routers to gain a backdoor.

Don't use wifi too, use lan instead. Wifi can be snooped and cracked within minutes.

I use wifi only for my phones. My systems are on LAN only - the network is separated.

Even then it is good to use a encrypted vpn always so no one can gain by snooping your lan or wifi.

I am very paranoid after one of my domain was stolen long time ago.

SmartPhones are easily hackable. They are less secure than your pc. My phone was hacked and I found that the software to do it sells for about $60 on the internet. Also watchout for using wifi on your phone/tablet too.

 

[bcola]

That's why you seperate them from the main network. Cheap phones come with malware pre-installed.

 

[sahhilberi]

@Ali Zandi

Is Your domain for sale at Flippa ?? i.e. Lengthy.com

If it hacker then go to flippa

 

[Ali]

@Ali Zandi

Is Your domain for sale at Flippa ?? i.e. Lengthy.com

If it hacker then go to flippa

Yes, all of our domains are back in our control. Lengthy.com is indeed for sale on Flippa - no reserve, ends today.

 

[Ali]

Again, thank you all for the support. I appreciate it! Our accounts are back in our hands and many, many measures have been taken to ensure their security. I will be writing a post over the next few days about the experience and actions taken to ensure we are all secure.

 

[freety85]

I'm glad Ali everything has solved. I like people who don't have creativity to build but destroy.
And be careful everyone, especially new investors another appraisal scam going around in the name of 123-reg Uk. Same sh*t...

 

[prepster23]

My Accounts have been hacked. Do not respond until I clearly confirm. My accounts are still hacked

my advice: your devices are the weak link. check for malware because even if you change your email etc the malware could still be there. also use whois privacy obviously the hacker knew your email was connected to the domain names.

immediately change your paypal password and email password on a different device. the hacker most likely checked to see if your email was still in use too so check your recent correspondences.

if possible protect your paypal immediately along with your credit card information and do not post updates on what you are doing. if the hacker is on this forum then he will be reading these posts. settle everything then post updates as to what you did AFTER everything

also create a separate email for business that is not connected to paypal etc. contact the major domain selling auction sites and let them know about the problem.

 

[Ali]

my advice: your devices are the weak link. check for malware because even if you change your email etc the malware could still be there. also use whois privacy obviously the hacker knew your email was connected to the domain names.

immediately change your paypal password and email password on a different device. the hacker most likely checked to see if your email was still in use too so check your recent correspondences.

if possible protect your paypal immediately along with your credit card information and do not post updates on what you are doing. if the hacker is on this forum then he will be reading these posts. settle everything then post updates as to what you did AFTER everything

also create a separate email for business that is not connected to paypal etc. contact the major domain selling auction sites and let them know about the problem.

Thanks. Everything has already been done and taken care care of. Many measures have been taken and will not be disclosed until the matter is resolved.

 

[prepster23]

ok great, best of luck to you

 

[TSB]

Good that you got everything back under control.. All the best and Happy domaining..

 

[Ali]

Good that you got everything back under control.. All the best and Happy domaining..

Thank you!

 

[168]

check out protonmail

 

[krx]

as someone mentioned about thieves stealing login details with a Google Chrome/Browser extensions and that's scary!

Can you elaborate on this? What is the issue/vulnerability here, with Chrome/Browser extensions?

As of right now we are not 100% certain where it began. It could have been through browser malware of sorts from the looks of it. Only someone with access to my browser could have accessed the amount of information he did. Hence why I will never be storing anything in my browsers again.

Is this the same issue? Are you referring to password storage in your browser? This browser thing is a vulnerability I wasn't aware of.

So glad you were able to get this all resolved. What a nightmare.

 

[sanket777]

@Ali Zandi you are always our inspiration !! we are glad you managed to sort it out. We need to take extra safety now !!

 

[DomainGist]

Deleted

 

[AndyM]

Truth. Good thing the only thing "Windows" I have in my house is my Xbox

Sorry to hear about you getting hacked bro. Hook me up with your xb gamertag and we'll get online.......when/if you have the time

 

[Tytus]

Yup, my email address was hacked first. Then I was shut out of everything else. They tried to sell my domain names. I have multiple security features, so all they are (hopefully) able to do is ruin my mood for a few hours. So far, no domains have been stolen but a lot of auctions were tampered with, all my accounts have been hacked and they are trying their pathetic little hearts out to steal my domains.

Install yourself keepass. I've used it on linux for years and now on windows. Use different passwords everywhere. I got hacked before and almost lost everything, haven't been hacked since i started using different passwords for everything.

 

[Adriaanh]

goodluck....

 

[Kenny]

Glad you got everything sorted and the only loss was time and grief, Ali.

Just a heads up to anyone that thinks PMs are a cure-all....
Password managers can be cracked.
It isnt easy, but it can be done by someone with the access skills and enough inclination (think ROI).

Peace,
Cyberian

 

[Ali]

Glad you got everything sorted and the only loss was time and grief, Ali.

Just a heads up to anyone that thinks PMs are a cure-all....
Password managers can be cracked.
It isnt easy, but it can be done by someone with the access skills and enough inclination (think ROI).

Peace,
Cyberian

Thank you!

Yup, I agree... anything can be cracked by the right person. The idea is to take as many, many steps as you can to make it as difficult, time consuming and expensive as you can to deter them That's about the most any non-hacker can do.

 

[Paul]

Glad you got everything sorted and the only loss was time and grief, Ali.

Just a heads up to anyone that thinks PMs are a cure-all....
Password managers can be cracked.
It isnt easy, but it can be done by someone with the access skills and enough inclination (think ROI).

Peace,
Cyberian

If they can get malware on your computer, a password manager is useless: they can just log whatever password you enter to unlock your password manager, then upload the unencrypted data. A good password manager would need 2FA, and even then, there are caveats. Ultimately, without taking the time to learn about common traps and how to avoid being caught by them, any security measures you take are useless. You have to dedicate time to learn about what you're up against if you want to stay secure; there's no way around it. Relying on software to do all the work for you is foolish.

Common misconception: if you have anit-malware (anti-virus) software, you're safe. Today's malware can easily get past all of that. Also, malware developers often combine their malware with legitimate software, then threaten to sue anti-virus developers if they block the software. As a result, anti-virus companies deliberately avoid detecting all sorts of modern threats.

 

[Kenny]

check out protonmail

Are you a user? Were you affected by the DDos attacks a couple weeks ago?
I see they state they are still in beta. Have you had any problems?

Not trying to hijack your thread, Ali.... but this looks interesting.

If they can get malware on your computer, a password manager is useless: they can just log whatever password you enter to unlock your password manager, then upload the unencrypted data. A good password manager would need 2FA, and even then, there are caveats. Ultimately, without taking the time to learn about common traps and how to avoid being caught by them, any security measures you take are useless. You have to dedicate time to learn about what you're up against if you want to stay secure; there's no way around it. Relying on software to do all the work for you is foolish.

Common misconception: if you have anit-malware (anti-virus) software, you're safe. Today's malware can easily get past all of that. Also, malware developers often combine their malware with legitimate software, then threaten to sue anti-virus developers if they block the software. As a result, anti-virus companies deliberately avoid detecting all sorts of modern threats.

Eggs-Actly

Keeping your box stripped down as much as possible helps.
Turning off unused proggys and services in the o/s, knowing that installed proggys are built by trusted sources, and limiting the clutter give the boys less chance at access, and you can better "feel" when something isnt right.
But still.... there are just too many ways in, and all the due dilligence in the world wont stop a determend intrusion.
Well, unless you unplug.

Peace,
Cyberian