My domain 6462.com has been stolen

[DnEbook]

Not going to get into a long conversation about this other than to say the domain name 6462.com has been stolen and is now at ename.com .......merry F****KING XMAS TO ME

 

[DnEbook]

Any update Rod?

Well Godaddy stepped up to the plate and got the name back! I am very grateful to them for backing their customers and acting on their behalf, I am aware of at least one other person who only a week ago also had their stolen names returned to Godaddy. Of course now I have to consider better security options for this name and others but it is locked for the moment and will just enjoy a few ales and be happy that this was a win, so yes friend the stolen domain was today returned to my account (different) after a long two week wait that allowed ename to to appeal Verisign's decision to return the domain to godaddy. At this point I also wish to thank DomainGang for being so vocal about the rash of thefts! I am sure their input has helped bring this situation to the attention of the people who should be told, DomainSherpa have also been proactive in helping people avoid this happening to them, and as well as Domain Gang have provided options and solutions for domainers to increase their security in regards to domain names. If I have missed anyone ..please excuse me, regards all!

 

[Paul]

Hackers of this type--if they can be called that--go for the low hanging fruit. They don't put in extra effort to deal with difficult targets: they go straight for the routine victims who they can automatically hijack, simply because it's more efficient, and they get more results. They're not going to chase you down or hack your e-mail account. They'll take the most predictable course, and if you don't fall for it, they don't care, because thousands of other people will.

The e-mails that they send out are usually identical to the e-mails that registrars send except for one link. To throw you off, the they may make the text of the link appear legitimate (http://godaddy.com/...), but then alter the actual destination of the link to point to a phishing website. To get hijacked, you have to click the link. I haven't seen any other significant attack vectors exploited on a large scale in this context, and I doubt I will anytime soon.

Here's the catch: If you get one of the legitimate e-mails, you have to click the link in order to keep your domain. If you don't click the link, you lose your domain. So, here's what you have to do:

1. You need to be using a modern browser. This means Internet Explorer 11 or later, Chrome 39 or later, Firefox 34 or later, or Opera 26 or later. ISP-distributed browsers are not acceptable. If you are using an old browser, you will definitely be vulnerable to common tricks and vulnerabilities that hijackers use to render this checklist useless. Also, your computer needs to be completely up-to-date. On Windows, this means opting to automatically install all Windows Updates within hours--at most, two days--of their release. On Mac, this means manually checking for OS updates daily, depending on your version (this has been improved in recent versions, and is mostly automatic as of Yosemite, similar to Windows). You must be using a version of you operating system that still receives support. That means you must not be using XP or Vista. If you are using XP, there are known vulnerabilities that affect you. This needs to be emphasized even more for old versions of Mac, which have severe SSL/TLS vulnerabilities that were only recently patched (2014). Prior to the patches, a typo in Mac's codebase allowed SSL/TLS to be essentially bypassed, without the user's knowledge. (This is up there with Heartbleed in severity, but not quite the same.)
2. Hover over the link. A tooltip should come up near your mouse or in the bottom corner of your window describing the real-ish destination of the link. This can also be deceiving, but make sure it's what you expect. It should be yourregistrar.com or something.yourregistrar.com, not yourregistrar.com.pw, yourregistrar.com/asdfasdf/asdfasdf/asdfasdf/[email protected], or yourregistrar-service.com.
3. If it checks out, click the link. Make sure the domain is still what you expect. If it is now xn--something.com or otherwise contains xn--, leave and mark the message as spam.
4. Make sure you're connected with a valid HTTPS connection. This is useless if you're using an old browser, because all versions of SSL have been broken. Only TLS--the successor to SSL--is secure. Any browser that supports SSL at all--even if it also supports TLS--is vulnerable to a man-in-the-middle attack, even when using HTTPS. NamePros supports only TLS and explicitly disables SSL compatibility for this reason.
5. Make sure your browser automatically fills out the login form. You should have saved your username and password in your browser. If the site is illegitimate, your browser will most likely know and won't fill out the form.

Additionally, you should use a registrar that has a full DMARC implementation, and an e-mail provider that supports DMARC. This will prevent spoofed e-mails appearing to be from your registrar.

I just did a quick scan, and these domains do not have fully-functioning DMARC records, meaning that anyone on the internet can send e-mail messages appearing to be from them:

• godaddy.com: Has a DMARC record that disables DMARC with pct=0. Stupid.
• enom.com: Missing
• dynadot.com: Missing
• 1and1.com: Missing
• uniregistry.com: Missing

But this awesome registrars do have DMARC records:

• namecheap.com

If you're looking for an e-mail provider that supports DMARC, I believe both Gmail and Outlook.com are fully compliant, with the exception of forensic reports, for privacy reasons. I'm fairly certain neither Yahoo's nor Go Daddy's e-mail services support DMARC.

And, of course, NamePros has a DMARC record; as long as you have a compatible e-mail provider, you won't be receiving spoofed e-mails appearing to be from us.

 

[Paul]

Every business has to account for unfair loss. They don't have to be happy about it, but they'd be fools to assume that they are above such things. Retail is the most obvious example: theft is simply a part of the game, and most large retail chains instruct their employees to let thieves go, without putting up a fight--it's just not worth the trouble and potential loss due to conflict.

Internet business is risky, just like retail. While you avoid the hassles of the physical world, you're also choosing to partake in a reality that nobody fully understands. In person, business is relatively predictable: we know people can't walk through walls, and it's pretty easy to tell if someone could reasonably break through any given window. Vulnerabilities aren't so apparent on the Internet. We'd be fools to assume that we're immune: as a professional, I can guarantee that every person reading this is vulnerable to a very wide variety of exploits at any given moment, including myself. The only perfectly secure approach is to unplug your computer and melt it down.

Blaming other systems isn't ideal, simply because your influence over them is so insignificant. Instead, you have to compensate with your own system. In many cases, that may mean opting to use a more expensive or less friendly product. As I showed previously, Namecheap has a DMARC implementation that likely would have prevented this type of scam. Sadly, my registrar of choice does not; however, I've started switching to Namecheap for this and similar reasons.

Multi-factor authentication is pretty nice, but it can be circumvented. It wouldn't necessarily have prevented this attack, and there are other methods that likely would have been more effective. Phishing is actually one of the easiest ways to bypass MFA: the phishing website can automatically read questions/queries from the real website, forward them to you, then proxy your answers back to the real servers until login is successful. It's certainly silly that Go Daddy only offers MFA in the US, but there are valid reasons why they might start by only offering it to one region. (Deployment complications/update schedules, rolling releases, laws relating to encryption and authentication, etc.)

In the end, there isn't much you can do, and it's probably not worth spending to much time on the matter. While it is still technically possible for you to recover the domain, your chances are slim. Notifying various entities that the domain has been stolen is probably only going to decrease its value in the event that you do get it back, and no amount of noise or opposition will convince ENAME et al to transfer it back to you, short of a successful lawsuit. You can tell by their would-be trademark that they couldn't care less about your property.

The two entities who really have power here are ICANN and the registry (not registrar). ICANN doesn't care. The registry might, though. You could try taking that route.

Edit: If you contact the registry, you need to appear cool and collected. Messages like the one you sent to Go Daddy won't fly. Exclamation marks, accusations, and demands will get your nowhere with such an organization.

 

[DnEbook]

Congratz EV1.
Glad it finally worked out, and kudos to the industry leaders that hekped bring focus to the problem.

Maybe you can get a tune out of this... lost and returned love kinda thang...


Peace,
Cy

Thanks Brother! I think will leave it a nice even 10,000 posts for now and just say be nice to each other!
~
As for tunes ...... well i'll leave you with my song titled Sweet Sunday ......seems appropriate, cheers
~

 

[discobull]

Thank you for the link. I think zfbot.com makes my case, rather than refutes it, because it shows 99.9% of the godaddy domains registered are under its control.

I clicked your link. Now, please click mine:

https://www.valuate.com/services-godaddy.com

Software automates the flag, when a godaddy domain is registered, which godaddy used to flag all those infringing registrations.

It is not the urdp wins, though Godaddy has dozens, at least. It is a cease and desist EMAIL, sent about five days after the registration, demanding the transfer.

That way, Verisgn and ICANN don't lose their fees, because the Registrant can't throws it back.

Sorry I offended anyone. I respect all of you, and didn't mean to come off disrespectful.

- Louise

That's an interesting argument except that it's based on the premise that 99.9% are controlled by GD. Once you remember that that figure is made up, your argument falls apart. I downloaded the list of domains that contained Godaddy at the front ( 2,022 domains ) and deleted every domain that was not using GD's nameservers ( it's possible that some that do use GD nameservers are not owned by GD, but let's say they all are for the sake of argument ). What was left were 312 domains. 312 means that 15% are not owned by GD which is a lot different than .1%. Additionally, I checked the whois on a random selection and found some that some were several years old. How does that square with your claim that GoDaddy actively chases after everyone that violates their TM?

I also did a UDRP search and only came up with 10 cases where GD went after people.

And btw, nobody is "offended" by your remarks. The problem we have with them is that you are making accusations in a public forum and that your accusations are based on nothing more than speculation. I can't speak for anyone else, but I personally find that irresponsible. I suspect that if you were the target of the kind of unsubstantiated accusations that you're making here yourself, that you'd probably understand why it's just plain wrong to do so.

 

[Acroplex]

Rod, this is splendid news.

Thank you for your kind words about DomainGang and the coverage approach of the incident that I recommended.

These days, unless you scream "Fire!" nobody listens while you're burning. Anyone that loses their domain assets to cybercriminals need advice, direction and assistance.

I commend you for thanking GoDaddy's efforts, despite the initial loss of the domain from them due to a phishing scheme, they work VERY hard to retrieve the domains. Think about all the damn hours spent on getting these domains back, hundreds of hours interfacing with a Chinese company that makes it hard, if not impossible, to retrieve them - unless Verisign steps in and orders the names out, or else.

 

[DnEbook]

Tracing it is the easy part getting it back it the hard part, no links have been clicked in any emails , kinda starting to wonder why they all disappear from gogaddy ?? Ename responding is like saying the tooth fairy exists. Just moved five domains from godaddy ....soon more, i just can't trust them and i have no faith in them to fix this
~
Dont think i'll say much more as last time i was here some mod accused me of post padding to reach 10,000 posts, hey maybe i got the chinese to steal my domain so i get more posts up, you might figure i'm a bit stale on the whole thing at the moment, merry xmas !! I still got my guitar !

 

[Paul]

I further explained that the nameservers were as they were in the hope that the theft would go unnoticed, i also stated the thief would not have an account at my hosting company. I am basically hoping the current crop of this happenings will be enough to stop the transfer, if i did not receive a transfer email surely that tells you something, yesterday i get a bill from escrow for a name i know nothing about (my email address stolen from my account here) The this morning i wake to find numerous hacking attempts at my wordpress sites, so i am off to update everything, only good news is ..... no hangover today

Your e-mail address was not stolen from your account here. You posted it publicly in several places, including various NamePros threads, and you have a handful of domains without WHOIS privacy. We obfuscate e-mails so that malicious bots can't easily extract them, but it's certainly possible for bots to deobfuscate them. However, your e-mail was most likely obtained from WHOIS data by bots that automatically scan such records and send out phishing e-mails in massive quantities.

It's worth noting, however, that WHOIS privacy does not provide protection against such attacks: e-mails sent to a generic privacy e-mail address will be forwarded to your account's primary e-mail address, as required by ICANN. The hacker doesn't need to know your real e-mail to launch an attack.

 

[Acroplex]

Ename is a laggard, abusive Chinese domain registrar assisting domain thieves, and ICANN should pull the plug on their accreditation indefinitely.

 

[Acroplex]

If Godaddy was not in cahoots with eName, the theft wouldn't have happened.

I hope you have some solid proof to justify this ridiculous claim.

 

[Banezer]

it that all you have to say? Fight to get it back mate

 

[DnEbook]

Of course i have sent email to [email protected] and phone support will only point me to that email support option, There is some Jd in the fridge and that's how i will send off the day, i have taken screenshots and contacted ename, at least my screenshots show the domain nameservers to my hosting and my hosting screenshot shows the redirect to flippa listing, it is not so much as 'is that all i am gonna do' it's more a case of 'all i currently can do'

 

[vdonline]

that's why my important domains are not in Godaddy anymore.

 

[frostify]

Make sure that your login to your domain registrar of choice is entirely different from any other passwords you use on any other site. Make sure it has upper case, lowercase, numbers and at least 1 symbol. Even though it can be annoying at times, and I can't stress this enough, DO use the 2 factor authentication through your phone, GoDaddy.com and Name.com both offer 2 factor authentication through your phone, I prefer Name.com's but both work. I'm sure you can find other popular registrars that offer this to. They send a code via text or through an app that is needed in addition to your password to sign in.

 

[Acroplex]

Almost 99.999% of all domains stolen from GoDaddy follow the same pattern:

1. Falling for a phishing email that poses as GoDaddy, asking you to click and verify your account; it takes you to a web page that looks like GD's. You enter your username/password and it's captured. Simple as that.

2. The thief logs into accounts that don't have two way authentication enabled, and only US customers can enable that feature currently.

3. The thief changes the contact info for the domain, and transfers it away, usually to Ename. The latter is a domain registrar in China that don't give a sh*t about transfer reversals. AFAIK, the only successful reversal was in the case of Lightly.com. Ename is the focus of at least one pending lawsuit related to being unreasonably unresponsive in order to return stolen domains.

Clearly, the reason of this huge jump in domain thefts in 2014 is ICANN's requirement for account verification by the registrars. Phishing emails have a very high rate of conversion.

ICANN is a bureaucratic organization unable and perhaps unwilling to resolve these matters, and yet added 470+ gTLDs to the zones this year. It will only get worse before it gets better.

 

[equity78]

Here ya go Rod

http://www.domaincrunch.com/domainer-posts-video-to-santa-about-his-stolen-nnnn-com-domain/

 

[tultseo]

This is one of the reasons why people are getting scammed:

"
Alright, just simply avoid downloading stuff from the internet. There is a lot of keyloggers and rats that can bypass your antivirus with a hacker program where you can crypt a file and the virus will be undectable to any anti-virus. This happens a lot on top major shared forums where people share stuff and some of them are really " reputable " members and they giveaway something in exchange for you to be injected by a Rat or Keylogger ( mustly are paid products) that people are looking for.

I recommend anyone to use malwarebytes, ccleaner and advanced systemcare and avoid downloading stuff from torrents, forums and sites.

Also always make sure the emails are from the godaddy official website, I received a few fake emails. Do not click on any links sent from godaddy emails, just make sure it is from godaddy. You can always contact godaddy from their official website or number if there is any issue about your account just don´t click the #links#"

Check out this video

 

[discobull]

check your godaddy email to the top left, it has IP addresses that have accessed your webmail

I think he uses outlook.com, not godaddy email.

I found this page with instructions on retrieving login history for outlook.com email accounts.

http://logintips.com/hotmail-sign-in/check-hotmail-login-history-outlook-com-recent-activity.php

Not sure if it works since I don't have an account with them myself, but hopefully it will yield some useful info.

 

[DnEbook]

As you can see because the name was in my hosting i am able to change the redirect and add a different page, all in the hope of adding weight to obvious situation of my my domain name theft

~

 

[mad409]

I haven't read the entire thread and maybe this has been mentioned but a simple auto email sent to the users email address when the account is logged into could alert people quicker.

I did this security feature on a site I launched a few years ago for additional security. Although you would get an email alert when you actually logged in to your account but if it was accessed by someone other than yourself, you'd know in real time.

It's really a great function too if you have email forwarding to your phone.. If GD had this feature the OP would have known as soon as his account was logged into and could have got on the phone ASAP to report the breach.

 

[Acroplex]

Louise, I want to have a logical discussion here but you're making it hard with this nonsense. It's your right to believe in conspiracies, just don't consider them 'evidence'.

 

[FX]

Any update Rod?

 

[GoWebnames.com]

Nice to hear you got your domain back, must have been pretty agonizing all this while.
Go out and party now!

 

[Kenny]

Congratz EV1.
Glad it finally worked out, and kudos to the industry leaders that hekped bring focus to the problem.

Maybe you can get a tune out of this... lost and returned love kinda thang...


Peace,
Cy