- Impact
- 5,741
Not going to get into a long conversation about this other than to say the domain name 6462.com has been stolen and is now at ename.com .......merry F****KING XMAS TO ME
The point is that, even though the above is a horrible circumstance, we have to see things for what they are.
IF the email has been hacked ( and that might have happened everywhere on the internet ) THEN we can't blame GoDaddy for it.
Presumably GD sent out AUTOMATED email like they do EVERY TIME and the fact you didn't receive it can't be on GD but on the hackers that found a way to access your email address.
So statements like "Gd is not safe" " lack of security " etc are something very close to empty.
If you use gmail I am surprised you didn't receive an email from them stating someone was accessing your account from an unusual location. You can also set up a phone verification with them too; which is probably the moste effective way to prevent email account hacking
I would suggest GD, though, to put into place a system that warns people if someone is trying to access their account from an unusual location as well. But maybe those emails would be filtered too.
The point is that, even though the above is a horrible circumstance, we have to see things for what they are.
IF the email has been hacked ( and that might have happened everywhere on the internet ) THEN we can't blame GoDaddy for it.
.
If it was me, I'd be very concerned about my email account. You said that you first realized there was a problem with GoDaddy because you could no longer get into your account. That suggests that the hackers gained access to your GD account by issuing a password reset for it. In order to do that, they would have to have had access to your emails. Once they have access to your email account, they're free to intercept the emails of interest and proceed with the transfer without your knowledge. I'd ask GD to provide you with a list of IP addresses that accessed your account as well as a log of all activity for the period in question. I'd request the same of my email provider. I'd also change my email password for sure ( in case you haven't done so already). Anyhow, good luck to you and I hope that your holiday season ends off better than it started.
Unsure if GD emails auth codes, but they nonetheless send emails to the one on the domain name's record upon receiving a transfer request. If the email on record is compromised, however, then...you can imagine.As far as I know, it's not even possible to transfer out a domain from GD without receiving an email because GD issues all their transfer authorization codes via email ( if someone knows of an alternative method to get the codes, please correct me ).
AFAIK, GD has been offering two-step ever since. They're probably letting their customers decide whether or not to use it. Unsure also, but...I think their two-step is limited to users in North America or something?why didn't they offer me a two step verification??
NOTE: At this time, only U.S.-based numbers can receive validation codes.
check your godaddy email to the top left, it has IP addresses that have accessed your webmail
With respect to accessing accounts from unusual locations, it's pretty trivial to spoof a location using either proxy servers or browser plugins designed to do exactly that. That part of it is probably taught on day one of hacking101.
If Godaddy was not in cahoots with eName, the theft wouldn't have happened.
What's ridulous is to think the domain industry wouldn't attract bad actors even among the Registrars, Verisign, and ICANN. It wasn't too long ago mafia members were sentenced to time for organized crime.
There is more $$ to be from parking revenue of established websites with backlinks, and selling valuable dot coms, than the slim margin Registrars like Godaddy and enom are left with.
@ Acro, is it ridiculous that bad actors INSIDE Verisign, ICANN, and the major Registrars would be tempted to steal established business websites and valuable dot com domain names? We have witnessed the rise of domain thefts with the rise of the internet.
I have been studying Godaddy's moves since my lawsuit against it in 2009. Godaddy has bullying attitude, which fits a pattern. Then I noticed that Verisign appears to be involved, and ICANN. There are high profile Godaddy thefts, like:
4chan
FamilyAlbum
p2p
and many, many smaller ones, each which weren't enough to generate the publicity on thier own . . .
You do a good work to publish the thefts. Please keep that up. Let's not block cumulative evidence, like the SEC did with Madoff, or the country with 911.
http://godaddy.com/...
), but then alter the actual destination of the link to point to a phishing website. To get hijacked, you have to click the link. I haven't seen any other significant attack vectors exploited on a large scale in this context, and I doubt I will anytime soon.yourregistrar.com
or something.yourregistrar.com
, not yourregistrar.com.pw
, yourregistrar.com/asdfasdf/asdfasdf/asdfasdf/[email protected]
, or yourregistrar-service.com
.xn--something.com
or otherwise contains xn--
, leave and mark the message as spam.pct=0
. Stupid.Acro, thanx for your patience. Please consider, in the case of 6462.com and perhps the others, an interesting facet of the ruse server.
As easily as Godaddy sanctions theft within its ranks and trademark violations from its Registrants, Godaddy has been absolutely fierce protecting ITS OWN trademark, likely using software similar to Valuate. For instance, see: https://www.valuate.com/support-godaddy.com . There is a huge flag front and center, which states: exact trademark issue with GODADDY on the term 'support godaddy' - Probability: 100% - Risk: 10/10.
Godaddy knows when its trademark is violated.
It has won many wipos on its own trademark:
godaddi.com
godadi.com
godaddytraffic.com
godaddysgirls.com
gotodaddynot.com
are a few. Godaddy hands out via email many more cease and desists, within days of registration, where the domain is simply transferred to Godaddy.
Since support-godaddy.com has been allowed to exist since June shows that Godaddy is complicit in the thefts.
Thank you for listening.