NameCheap Whois protection - Is it a joke?

[EbookLover]

I was talking to someone on the other day who was telling me that NameCheap whois protection is a joke. I asked him to prove it. So he took one of my domains that I have namecheap whois protection for (and have had it from the minute I regged it) and told me what my whois info was - exactly.

How did he do this?

He had no other knowledge of any other domains I own that don't have whois protection. And, like I said, the domain I had him use to prove it to me had namecheap whois protection on it from the very minute I regged it. So it's not like he could have used his WHOIS.sc paid membership to find that info with the whois history tool.

Strange.

So does anyone have any clues as to how he did it?

 

[seeker]

what exactly did he tell you?
your email address?
once he found your email address, he checked the zone files and saw what you use for other domains you have that do not have whois protection and just told you that.

Please elaborate on what you told him, and what he told you.

 

[EbookLover]

WOW. What a quick reply! thanks.

I only gave him the domain name.

Yes, he did have my email address, I think.

He told me my exact whois info. Name address and all.

What do you mean by "he checked the zone files" and how do you check these zone files with an email address? And how does doing so allow him to find other domains I own that might not have whois protection?

Thanks again.

 

[seeker]

then it is easy.
once I have your email, I cross check it in the xone files (registry zone files) and bingo! your non protected names come up. So he then copied and pasted the info and gave it to you from your non protected domain.
if you dont weant to go the zone way, you can google your "eaxct" email, and many times your domain shows up.
heck, you can even google "whois emailaddress(your email), and a list of some of your domains will come up.
it is then easy to act like he read through the whois protection, when apparently he didnt.
there is a way that this can be done, but I dont think it is the time nor place (nor wise) to discuss this. It takes a lot of work to do the real thing.

 

[RJ]

Zone files don't contain email addresses?

This is a tough one, EbookLover. Not sure how he did it, but am interested to find out.

 

[EbookLover]

then it is easy.
once I have your email, I cross check it in the xone files (registry zone files) and bingo! your non protected names come up. So he then copied and pasted the info and gave it to you from your non protected domain.
if you dont weant to go the zone way, you can google your "eaxct" email, and many times your domain shows up.
heck, you can even google "whois emailaddress(your email), and a list of some of your domains will come up.
it is then easy to act like he read through the whois protection, when apparently he didnt.
there is a way that this can be done, but I dont think it is the time nor place (nor wise) to discuss this. It takes a lot of work to do the real thing.

OK. But can you tell me how you "check registry zone files"? Where do you go to do this? I don't even know that is.

BTW, he couldn't have used the method of googling my email address becuase my email address comes up with no results in Google, MSN or Yahoo.

Thanks again.

Zone files don't contain email addresses?

This is a tough one, EbookLover. Not sure how he did it, but am interested to find out.

Yeah. Me, too, RJ. I am trying to figure out if it is even worth spending money on the whois protection service once my domains come up for renewal.

 

[seeker]

for example.
afilias's zone files (you can go to their site and request access to them, you will require a statis IP for access, or at least that was the case 2 years ago) include an expanded version with email.

other examples. If you gave him a domain that was ever up for appraisal, he would check for the domain, go to any forum where you have posted, and checked other domains you own and retrieved the whois info from there (the non protected ones).
its basic logic and some detective work, but it can be done this way.
bypassing whois protection as i said can be done, but not with 100% accuracy and it is very difficult.
I spent quite a few sleepless night discussing this on another forum with some experts...

P.S.
If you want, PM me the name, and I'll tell you how he did it.

 

[gamehouse]

While I do not know how exactly he did it, but if one sits on internet to find something, you can always find something. I had success like that for good reasons.

Anyway, the protection is to thwart low or medium level threats not a high level threat, IMHO.

Gamehouse

 

[edwinfelix]

Nowadays real whois are not hard to find with a some research:

[ Removed -Staff ] Why would you post someone else's info without their consent????

The only way to protect one's identity is to not go on the internet...

Any also, I think in many democratic countries the government is required to release voter registration information, which exposes everything from your full name to your birthday, to your address, phone number etc. etc.

 

[RJ]

Sure, without a doubt being a good investigator can yield information on almost anyone. However, I wasn't under the impression that was what this thread was about. He specifically stated NameCheap's WHOIS protection was lacking somewhere, and not WHOIS protection in general.

 

[edwinfelix]

I wouldn't recommend using NameCheap. For one thing, registering a domain there isn't cheap, and also with their WhoisGuard, once you let your name expire, it's gone. No redemption period, no nothing.

It's very possible that a skilled hacker can hack in WhoisGuard and get info.

 

[EbookLover]

Well, I for one, would recommend namecheap. $8.88 for a domain is cheap enough. I can get names for cheaper with Fabulous ($6.75/4.75) because I have a wholesale account, but you get what you pay for. One downside with Fabulous is that it takes too long for NS propagation. With name cheap the NS propagation usually occurs within 30 minutes. There are some advantages to that. Besides, I see you reg your domains from godaddy. Godaddy charges $8.95 PLUS they add a $0.25 ICANN fee. So you pay $9.20 per domain at regular price. At name cheap, with coupon code, you get a domain for $$7.99 and no bogus ICANN fee (not to mention the checkout isn't annoying and spammy like GD).

But this is neither here nor there. Off-topic.

Who cares if the whois protection is gone once you let it expire? It's expired. It isn't yours anymore.

I am sure that the same goes with DomainsByProxy as well and even with all other whois protection services.

What's your point?

 

[edwinfelix]

DomainSite - $6-$8
GoDaddy - $5-$9

With NC's WhoisGuard the domain is gone once the domain expires, you can't get it back.

 

[floatingworld]

DomainSite - $6-$8
GoDaddy - $5-$9

With NC's WhoisGuard the domain is gone once the domain expires, you can't get it back.

you can't get what back?
when you purchase a name with NC you get a 1 year whoisguard separate from the name. you can choose or otherwise to assign the guard to that name or any other. if you renew the name you can purchase (cheaply) further whoisguard protection at a much lower rate than GD guard protection renewal.

 

[edwinfelix]

The domain, not WhoisGuard.

GD's whois protection is free.

 

[enetwork]

I wouldn't recommend using NameCheap. For one thing, registering a domain there isn't cheap, and also with their WhoisGuard, once you let your name expire, it's gone. No redemption period, no nothing.

It's very possible that a skilled hacker can hack in WhoisGuard and get info.

Oh really? It really bother's me when people make these sort of baseless statements. Please prove how someone is able to hack WhoisGuard since you are the expert.

The WhoisGuard feature is a pretty basic feature. It replaces your information with ours and forwards emails through. The ONLY way to "hack" it would be to hack into someones namecheap account and actually view the info from there. Now if your suggesting hacking NameCheap is an easy process in any way, I can assure you, we are more than confident that this is impossible unless done via a trojan on a users computer or something of the sort.

Now I'm not saying that someone could not dig deeply into other domains owned by tracking dns used to see what other domains are used by an individual or other similar methods but the fact is, it takes some serious technical saavy and deep investigation.

As for your redemption period statement, we recently made the whoisguard feature to extend a few days through the year so that if it does go into redemption, the whoisguard information remains.

Once again, please stop your attempts to denigrate our reputation and our company with your assumptions.

 

[EbookLover]

DomainSite - $6-$8
GoDaddy - $5-$9

.

:yell: Please stop hijacking this thread. It has nothing to do with who is the cheapest domain reg.

 

[edwinfelix]

Oh really? It really bother's me when people make these sort of baseless statements. Please prove how someone is able to hack WhoisGuard since you are the expert.

The WhoisGuard feature is a pretty basic feature. It replaces your information with ours and forwards emails through. The ONLY way to "hack" it would be to hack into someones namecheap account and actually view the info from there. Now if your suggesting hacking NameCheap is an easy process in any way, I can assure you, we are more than confident that this is impossible unless done via a trojan on a users computer or something of the sort.

Now I'm not saying that someone could not dig deeply into other domains owned by tracking dns used to see what other domains are used by an individual or other similar methods but the fact is, it takes some serious technical saavy and deep investigation.

As for your redemption period statement, we recently made the whoisguard feature to extend a few days through the year so that if it does go into redemption, the whoisguard information remains.

Once again, please stop your attempts to denigrate our reputation and our company with your assumptions.

I'm not the expert. For the expert you gotta ask the guy Ebooklover talked to. I didn't say NameCheap's whois protection is a joke, just saying that I wouldn't be surprised if someone does hack in.

 

[Jako]

DomainSite - $6-$8
GoDaddy - $5-$9

With NC's WhoisGuard the domain is gone once the domain expires, you can't get it back.

How is this relevant to what the OP asked?

Edit // Didn't refresh to see someone already took care of this post :hehe:

 

[EbookLover]

Oh really? It really bother's me when people make these sort of baseless statements.

Wheeew. You and me both, buddy. Some people just like to cause problems by making false statements.

 

[edwinfelix]

As for your redemption period statement, we recently made the whoisguard feature to extend a few days through the year so that if it does go into redemption, the whoisguard information remains.

That's good to know. Keep it up.

 

[EbookLover]

I'm not the expert. For the expert you gotta ask the guy Ebooklover talked to. I didn't say NameCheap's whois protection is a joke, just saying that I wouldn't be surprised if someone does hack in.

That isn't what you stated in your last PM to me. You specifically stated (as if it were an undeniable fact) that a NameCheap account... (I think you meant to say "domain") ...with WhoisGuard is really not too secure and thief-proof.

We'd all love to know how you know this for sure as it would surely put an end to this thread.

 

[edwinfelix]

I also stated that I'm not the expert.

With all due respect, this is a free country, and I've right to my opinion.

Don't listen if you don't like it.

 

[EbookLover]

I also stated that I'm not the expert.

With all due respect, this is a free country, and I've right to my opinion.

You did not state it as an opinion, You state it as a fact. It's one thing to have an opinion. It is quite another to claim that you know the facts.

Man! :yell:

 

[floatingworld]

The domain, not WhoisGuard.

GD's whois protection is free.

check the GD small print:
LIMITED-TIME OFFER: Get FREE Private Registration ($8.95/yr value) when you register or transfer three or more domains,
...it is not going to be free when you renew, and unlike NC once lifted from a specific domain its gone.
NC guard renewal is 2.88 for 1 domain + cheaper for a pack.