My domain 6462.com has been stolen

[DnEbook]

Not going to get into a long conversation about this other than to say the domain name 6462.com has been stolen and is now at ename.com .......merry F****KING XMAS TO ME

 

[NameOmnia]

The point is that, even though the above is a horrible circumstance, we have to see things for what they are.
IF the email has been hacked ( and that might have happened everywhere on the internet ) THEN we can't blame GoDaddy for it.

Presumably GD sent out AUTOMATED email like they do EVERY TIME and the fact you didn't receive it can't be on GD but on the hackers that found a way to access your email address.
So statements like "Gd is not safe" " lack of security " etc are something very close to empty.

If you use gmail I am surprised you didn't receive an email from them stating someone was accessing your account from an unusual location. You can also set up a phone verification with them too; which is probably the moste effective way to prevent email account hacking

I would suggest GD, though, to put into place a system that warns people if someone is trying to access their account from an unusual location as well. But maybe those emails would be filtered too.

 

[Key]

I read topic title wrong and thought 6462 domains (a huge portfolio) has been stolen.

Hope you will get your domain back.

 

[discobull]

The point is that, even though the above is a horrible circumstance, we have to see things for what they are.
IF the email has been hacked ( and that might have happened everywhere on the internet ) THEN we can't blame GoDaddy for it.

Presumably GD sent out AUTOMATED email like they do EVERY TIME and the fact you didn't receive it can't be on GD but on the hackers that found a way to access your email address.
So statements like "Gd is not safe" " lack of security " etc are something very close to empty.

If you use gmail I am surprised you didn't receive an email from them stating someone was accessing your account from an unusual location. You can also set up a phone verification with them too; which is probably the moste effective way to prevent email account hacking

I would suggest GD, though, to put into place a system that warns people if someone is trying to access their account from an unusual location as well. But maybe those emails would be filtered too.

As far as I know, it's not even possible to transfer out a domain from GD without receiving an email because GD issues all their transfer authorization codes via email ( if someone knows of an alternative method to get the codes, please correct me ).

With respect to accessing accounts from unusual locations, it's pretty trivial to spoof a location using either proxy servers or browser plugins designed to do exactly that. That part of it is probably taught on day one of hacking101.

 

[DnEbook]

The point is that, even though the above is a horrible circumstance, we have to see things for what they are.
IF the email has been hacked ( and that might have happened everywhere on the internet ) THEN we can't blame GoDaddy for it.
.

Godaddy were warned two weeks before the theft, why didn't they offer me a two step verification?? Yes i do blame godaddy to a degree, they were well aware of the thefts of numeric domains from their registrar and they were informed about attempts on this particular domains account
~
So it's ok to charge me the same amount to register a name but not to offer the same level of security ??
especially when trouble was brewing? There many questions to answered at some stage, one of them is why did they offer the same level of security as other customers? Then consider that i have been with them for over five years and they did not even get a reply to email requesting the hacking/phishing attempt emails to be put on record

 

[DnEbook]

If it was me, I'd be very concerned about my email account. You said that you first realized there was a problem with GoDaddy because you could no longer get into your account. That suggests that the hackers gained access to your GD account by issuing a password reset for it. In order to do that, they would have to have had access to your emails. Once they have access to your email account, they're free to intercept the emails of interest and proceed with the transfer without your knowledge. I'd ask GD to provide you with a list of IP addresses that accessed your account as well as a log of all activity for the period in question. I'd request the same of my email provider. I'd also change my email password for sure ( in case you haven't done so already). Anyhow, good luck to you and I hope that your holiday season ends off better than it started.

Thanks for the input, yes this will be one of the questions that will be asked, password was changed on the day of becoming aware of the theft, important names were transferred out, although many remain.

 

[Dave_Z]

As far as I know, it's not even possible to transfer out a domain from GD without receiving an email because GD issues all their transfer authorization codes via email ( if someone knows of an alternative method to get the codes, please correct me ).

Unsure if GD emails auth codes, but they nonetheless send emails to the one on the domain name's record upon receiving a transfer request. If the email on record is compromised, however, then...you can imagine.

why didn't they offer me a two step verification??

AFAIK, GD has been offering two-step ever since. They're probably letting their customers decide whether or not to use it. Unsure also, but...I think their two-step is limited to users in North America or something?

As an aside, GMail has a section where a user can see when the account was accessed from where. Perhaps your email address on file, prior to the hijack, has a similar function?

 

[DnEbook]

Well i have never seen the two verification offer in my account settings, i am on my account security settings page right now and there is no option for this offered anywhere??
~
If it was an option and i complained of attempted theft/hacking why wouldn't they alert me to the option, basically i am saying i tried to be prudent and proactive, if there was a better security option i wish they had informed me, to the point i would have thought they had a duty of care once alerted to possible problems with my account?
~
I am not going to argue with people in thread, for the helpful replies i am grateful, there have been some good points made, the purpose of this thread was to alert folk of the theft, thanks
~

 

[Dave_Z]

According to Go Daddy's support page/s, which I just searched:

https://support.godaddy.com/help/article/7502/enabling-two-step-authentication

NOTE: At this time, only U.S.-based numbers can receive validation codes.

If you're not based in the U.S., then the above probably explains why you weren't directly offered two-step. Unsatisfactory, of course.

Anyway, Go Daddy is at least working on your situation and trying to work things out with Ename while (hopefully) keeping you informed. Not enough for some people, but...the registrar is nonetheless doing something.

 

[shiftaction]

check your godaddy email to the top left, it has IP addresses that have accessed your webmail

 

[discobull]

check your godaddy email to the top left, it has IP addresses that have accessed your webmail

I think he uses outlook.com, not godaddy email.

I found this page with instructions on retrieving login history for outlook.com email accounts.

http://logintips.com/hotmail-sign-in/check-hotmail-login-history-outlook-com-recent-activity.php

Not sure if it works since I don't have an account with them myself, but hopefully it will yield some useful info.

 

[NameOmnia]

With respect to accessing accounts from unusual locations, it's pretty trivial to spoof a location using either proxy servers or browser plugins designed to do exactly that. That part of it is probably taught on day one of hacking101.

Yes, you are probably right. I am so naive sometimes.
If someone has some ideas on how to protect us that would be very much appreciated.

I do agree with you Evi about Godaddy treating non-us customers differently and that is not fair at all. I also agree with the fact that their support team is just a big yawn

 

[DnEbook]

Disco thanks for that link, i will be reading it either later today or tomorrow (that is a very handy link)
~
I am currently uploading 'Dear Santa' Video part two, and to cheer myself up i am going to forget about domain thieves for the rest of the day and dye my grey back to black, .... the gift of youth... how miss thee

 

[DnEbook]

As you can see because the name was in my hosting i am able to change the redirect and add a different page, all in the hope of adding weight to obvious situation of my my domain name theft

~

 

[nish20111]

Yeah its very unfortunate, and I know getting the domain from ename will be a struggle, good luck and I hope you get your name back, I am from the uk, so I don't have the option of using 2FA on godaddy either, but I don't keep any names significant value on godaddy, and make sure to transfer any good domains to a reputable to registrar such that offer 2FA when I acquire them.

 

[WalletControl]

If Godaddy was not in cahoots with eName, the theft wouldn't have happened.

 

[Acroplex]

If Godaddy was not in cahoots with eName, the theft wouldn't have happened.

I hope you have some solid proof to justify this ridiculous claim.

 

[WalletControl]

The proof is what evirtual1 said:

"I have stated a number of times that i have not clicked on anything sent to me."

Phishing attempt didn't cause this. You can't pin it on evirtual1's clicking a link which led to a form on a differnt server.

That's one reason.

 

[WalletControl]

What's ridulous is to think the domain industry wouldn't attract bad actors even among the Registrars, Verisign, and ICANN. It wasn't too long ago mafia members were sentenced to time for organized crime.
There is more $$ to be from parking revenue of established websites with backlinks, and selling valuable dot coms, than the slim margin Registrars like Godaddy and enom are left with.

@ Acro, is it ridiculous that bad actors INSIDE Verisign, ICANN, and the major Registrars would be tempted to steal established business websites and valuable dot com domain names? We have witnessed the rise of domain thefts with the rise of the internet.

I have been studying Godaddy's moves since my lawsuit against it in 2009. Godaddy has bullying attitude, which fits a pattern. Then I noticed that Verisign appears to be involved, and ICANN. There are high profile Godaddy thefts, like:
4chan
FamilyAlbum
p2p
and many, many smaller ones, each which weren't enough to generate the publicity on thier own . . .

You do a good work to publish the thefts. Please keep that up. Let's not block cumulative evidence, like the SEC did with Madoff, or the country with 911.

 

[discobull]

What's ridulous is to think the domain industry wouldn't attract bad actors even among the Registrars, Verisign, and ICANN. It wasn't too long ago mafia members were sentenced to time for organized crime.
There is more $$ to be from parking revenue of established websites with backlinks, and selling valuable dot coms, than the slim margin Registrars like Godaddy and enom are left with.

@ Acro, is it ridiculous that bad actors INSIDE Verisign, ICANN, and the major Registrars would be tempted to steal established business websites and valuable dot com domain names? We have witnessed the rise of domain thefts with the rise of the internet.

I have been studying Godaddy's moves since my lawsuit against it in 2009. Godaddy has bullying attitude, which fits a pattern. Then I noticed that Verisign appears to be involved, and ICANN. There are high profile Godaddy thefts, like:
4chan
FamilyAlbum
p2p
and many, many smaller ones, each which weren't enough to generate the publicity on thier own . . .

You do a good work to publish the thefts. Please keep that up. Let's not block cumulative evidence, like the SEC did with Madoff, or the country with 911.

So... you went from "ev didn't click on a link" to GD must be in on it? That doesn't sound like a bit of a leap to you? Your entire argument can be summarized as "I know GD is behind this, because I find it imaginable". Actual proof = 0.

 

[Paul]

Hackers of this type--if they can be called that--go for the low hanging fruit. They don't put in extra effort to deal with difficult targets: they go straight for the routine victims who they can automatically hijack, simply because it's more efficient, and they get more results. They're not going to chase you down or hack your e-mail account. They'll take the most predictable course, and if you don't fall for it, they don't care, because thousands of other people will.

The e-mails that they send out are usually identical to the e-mails that registrars send except for one link. To throw you off, the they may make the text of the link appear legitimate (http://godaddy.com/...), but then alter the actual destination of the link to point to a phishing website. To get hijacked, you have to click the link. I haven't seen any other significant attack vectors exploited on a large scale in this context, and I doubt I will anytime soon.

Here's the catch: If you get one of the legitimate e-mails, you have to click the link in order to keep your domain. If you don't click the link, you lose your domain. So, here's what you have to do:

1. You need to be using a modern browser. This means Internet Explorer 11 or later, Chrome 39 or later, Firefox 34 or later, or Opera 26 or later. ISP-distributed browsers are not acceptable. If you are using an old browser, you will definitely be vulnerable to common tricks and vulnerabilities that hijackers use to render this checklist useless. Also, your computer needs to be completely up-to-date. On Windows, this means opting to automatically install all Windows Updates within hours--at most, two days--of their release. On Mac, this means manually checking for OS updates daily, depending on your version (this has been improved in recent versions, and is mostly automatic as of Yosemite, similar to Windows). You must be using a version of you operating system that still receives support. That means you must not be using XP or Vista. If you are using XP, there are known vulnerabilities that affect you. This needs to be emphasized even more for old versions of Mac, which have severe SSL/TLS vulnerabilities that were only recently patched (2014). Prior to the patches, a typo in Mac's codebase allowed SSL/TLS to be essentially bypassed, without the user's knowledge. (This is up there with Heartbleed in severity, but not quite the same.)
2. Hover over the link. A tooltip should come up near your mouse or in the bottom corner of your window describing the real-ish destination of the link. This can also be deceiving, but make sure it's what you expect. It should be yourregistrar.com or something.yourregistrar.com, not yourregistrar.com.pw, yourregistrar.com/asdfasdf/asdfasdf/asdfasdf/[email protected], or yourregistrar-service.com.
3. If it checks out, click the link. Make sure the domain is still what you expect. If it is now xn--something.com or otherwise contains xn--, leave and mark the message as spam.
4. Make sure you're connected with a valid HTTPS connection. This is useless if you're using an old browser, because all versions of SSL have been broken. Only TLS--the successor to SSL--is secure. Any browser that supports SSL at all--even if it also supports TLS--is vulnerable to a man-in-the-middle attack, even when using HTTPS. NamePros supports only TLS and explicitly disables SSL compatibility for this reason.
5. Make sure your browser automatically fills out the login form. You should have saved your username and password in your browser. If the site is illegitimate, your browser will most likely know and won't fill out the form.

Additionally, you should use a registrar that has a full DMARC implementation, and an e-mail provider that supports DMARC. This will prevent spoofed e-mails appearing to be from your registrar.

I just did a quick scan, and these domains do not have fully-functioning DMARC records, meaning that anyone on the internet can send e-mail messages appearing to be from them:

• godaddy.com: Has a DMARC record that disables DMARC with pct=0. Stupid.
• enom.com: Missing
• dynadot.com: Missing
• 1and1.com: Missing
• uniregistry.com: Missing

But this awesome registrars do have DMARC records:

• namecheap.com

If you're looking for an e-mail provider that supports DMARC, I believe both Gmail and Outlook.com are fully compliant, with the exception of forensic reports, for privacy reasons. I'm fairly certain neither Yahoo's nor Go Daddy's e-mail services support DMARC.

And, of course, NamePros has a DMARC record; as long as you have a compatible e-mail provider, you won't be receiving spoofed e-mails appearing to be from us.

 

[WalletControl]

Acro, thanx for your patience. Please consider, in the case of 6462.com and perhps the others, an interesting facet of the ruse server.

As easily as Godaddy sanctions theft within its ranks and trademark violations from its Registrants, Godaddy has been absolutely fierce protecting ITS OWN trademark, likely using software similar to Valuate. For instance, see: https://www.valuate.com/support-godaddy.com . There is a huge flag front and center, which states: exact trademark issue with GODADDY on the term 'support godaddy' - Probability: 100% - Risk: 10/10.

Godaddy knows when its trademark is violated.

It has won many wipos on its own trademark:

godaddi.com
godadi.com
godaddytraffic.com
godaddysgirls.com
gotodaddynot.com

are a few. Godaddy hands out via email many more cease and desists, within days of registration, where the domain is simply transferred to Godaddy.

Since support-godaddy.com has been allowed to exist since June shows that Godaddy is complicit in the thefts.

Thank you for listening.

 

[discobull]

Acro, thanx for your patience. Please consider, in the case of 6462.com and perhps the others, an interesting facet of the ruse server.

As easily as Godaddy sanctions theft within its ranks and trademark violations from its Registrants, Godaddy has been absolutely fierce protecting ITS OWN trademark, likely using software similar to Valuate. For instance, see: https://www.valuate.com/support-godaddy.com . There is a huge flag front and center, which states: exact trademark issue with GODADDY on the term 'support godaddy' - Probability: 100% - Risk: 10/10.

Godaddy knows when its trademark is violated.

It has won many wipos on its own trademark:

godaddi.com
godadi.com
godaddytraffic.com
godaddysgirls.com
gotodaddynot.com

are a few. Godaddy hands out via email many more cease and desists, within days of registration, where the domain is simply transferred to Godaddy.

Since support-godaddy.com has been allowed to exist since June shows that Godaddy is complicit in the thefts.

Thank you for listening.

Except that you just got done reminding us that ev never clicked on any of the fake godaddy links...

 

[Acroplex]

Yes, GoDaddy is conspiring to steal the domain assets of its customers and send them to China.

Get your free tinfoil hats, one size fits all.

 

[DnEbook]

Well to be honest I cant see why WalletControl's thoughts are none too crazy, we have seen dubious practices in the past and these days in the world we live in noting really shocks anymore. I can't believe what some folk are thinking when they get up each morning and decide to do ... such and such
~
Anyways here is copy of an email reply i have just sent
~
NAME WITHHELD (does not seem fair to publish an individuals name)

I am informed by the incident team the two step verification is not offered outside the United States ? The obvious question is why ........ you still charge me the same amount as people in the states to register a name and use your services?
~
I am also now informed via incident team that because of Godaddy's failure to offer better security for my account after being informed of the attempted fraud to gain entry into my amy account that i cannot gain information as to who had access to my account unless i lodge a subpoena? Are you kidding ........it's my account !!!! How dare you treat your customers like this
~
The whole incident is disgusting in my eyes, Godaddy charges overseas customers the same rates yet does not offer the same security options ...... are you kidding! Sounds like discrimination to me ??
~
I am on a pension for arthritis and legal costs are not really an option, the fact that have to pay to see who has broken into my account speaks volumes to me about your company
~
I am receiving emails from people who are of the belief that there is an entity in Godaddy who supplies account information for the theft of valuable domains .......... i believe that is the case as well, there have been too many domains gone missing from your registrar .... even blind freddy can see what's going on
~
The fact that security levels are different for different customers is a strong indicator that something is up
~
NAME WHITHHELD replied to the question, why has the [email protected] option disappeared , they state they think that the live chat option is better, well another example of bias is that i can see no live chat support option for my account. Although if i do a domain search a live chat box appears offering assistance?? So it seems that if i am willing to spend more money at Godaddy i can get live chat, but if i have a problem there is only an expensive phonecall, i am not even in that state and interstate phonecalls to landlines tend to be costly
~
Whilst i do thank you for the time taken to respond, you may understand disbelief at the whole situation
~
So at the end of the day it appears Godaddy has screwed me over nicely
~
But hey you guys have a nice xmas too
~
Rod Seeber

 

[DnEbook]

Can anyone suggest a website/entity that i can be sharing this account with?