[RESOLVED] - Domain Name Stolen...A Horrible Story and a Warning...

[Dustie]

Hi All. I've not been in here for a number of years, but a week ago I had my domain of 20 years (dustie.com) stolen and I have to tell the story. it looks like I'm out of luck here, and out a lot of money, but maybe my story can help prevent this happening to someone else. This happened at Godaddy, though I don't blame them, and i still have all of my domains with them, as well as my websites. I blame the no good slimy thief who stole my domain name!

Here's the story... First off, my name is Dustie, and I've owned Dustie.com since 1998.
Sometime in 2017 (I think) I decided to go ahead and list dustie.com as a premium domain for a high price. It being my name, I wasn't real keen on selling it, but, as they say, everything is for sale for the right price. I'd had someone offer me 5,000.00 for it, but after taxes (it would have put me in a higher tax bracket for the year) and commisison, it wasn't worth it wasn't worth it to sell it for that amount. However, I figured that if someone were willing to pay that for it, maybe someone would pay even more. So I listed it as a premium domain for 20,000.00. I seriously didn't think it would sell but it woudn't hurt to list it (or so I thought).

All was well, until a bit over a week ago. I had been out that evening and didn't get home till nearly 10:00 PM. It was 11:00 before I was able to get onto the computer. That's when I saw the 5 emails from Godaddy.... I'm sure you can imaging my reaction when I saw that, within 20 minutes, my domain name, dustie.com, which I have owned since 1998, sold and transferred for a mere 450.00? I was sick...simply sick. How could this happen! First off, I've never had a domain name sell and transfer inside of 21 minutes and then be paid for it a little over a day and a half later. That's unheard of!

Immediately after reading those 5 emails and realizing my domain name had sold for less then 5% of what I'd had it listed for on Premium Domains, I was online with Godaddy help. Though they were sympathetic, no one there could help. They said I'd have to wait till morning and call auctions help. Needless to say, I didn't sleep well and was on the phone as soon as they opened their office. Though I was on the phone for a good 30 or so minutes with them (a good part of that time on hold), I was ultimately told there was nothing they could do for me. My domain was bought, paid for, and transferred and that was that! (Oh, and this even though they found the price had been tampered with twice that same night, long before I got online). They said this had to be me because no one else had access to that account! That was proof to me that someone was in there messing with my account and screwed me over big time, but not to them.

So I've been sick all week...trying to forget that someone illegally reached into my pocket and stole a lot of money , as well as my NAME! Needless to say, even a week later, I'm just sick about the whole thing.

Today, on a lark I looked up dustie.com on godaddy and was sick all over again when I saw that it is now listed as a premium domain for 12,000.00 (by the person who stole it from me?). That's just wrong, in so many ways! How do I get over this? I want to know how this could have happened!!??

I am posting in here as a warning to you all, as well as wanting to go on record that this did happen, regardless that the guy at [email protected] said that dustie.com had always been listed at 450.00 and it was a legitimate sale! I know how to use GoDaddy. I'm a long time user and have over 50 domain names with GoDaddy, more the half listed as premium domains! Ever since Dustie.com was originally listed as a premium domain at 20,000.00 that was the price that showed up whenever I went to maintain my premium listings. It always stuck out like a sore thumb, because most my other domain names are listed below 1000.00. There is simply no way Dustie.com was ever listed for as little as 450.00. Even go daddy suggested a price of nearly $5,000 as a premium listing starting point for dustie.com.

Without a doubt, my godaddy account was hacked and my domain name of 20 years stolen from me and relisted for 27 times what they paid for it! That burns me to the core!!!

I'm sure that, since this happened to me it will surely happen again. If any of you hear about such a thing, could you please have them get in touch with me? If I can find others that this has happened to, maybe we can do something as a group?

In the meantime, if you have a valuable domain name on Godaddy Premium domains, then you might want to take screen shots of the listed prices. Also, I was told that if I had the original email when it was listed that would be proof that it was listed at 20,000.00. Alas, I did not have it...I had, not long ago, deleted emails that were more then a year and a half old. If you don't have emails for your most valuable domain names, then remove them from listing, then relist them to get a new email and save those emails just in case!!

And Thanks for listening to my very long rant!

Dustie
(was [email protected] for over 20 years...now I am [email protected] and my site is dustie.art ... cool name, but it's certainly not worth what I lost in dustie.com!)

 

[Dustie]

@Dustie please do not forget to check domain contact details. Limited public whois shows the following:
Registrant State/Province: WA
Registrant Country: US
Other details: <hidden from public view>
It was the same yesterday.
So, either both @Dustie and @maxtra reside in WA/US, or the domain still has old ownership details (even being now at home with an original account).

And... congratulations!

Thank you Tony...I'm quite humbled over here by all of you guyses with this!

I did the same...checked Who Is and it's Maxtra who's in Washington. I'm in www.beautifulbellavista.com (one of my websites, a fan site for my little city nestled in the hills of the Ozark Mountains). Joe suggested I work with Chat to set up a [email protected] email account and they are in the process of getting the DNS changed and when those are complete, then I can get the information Edited. The guy at chat said that should take at least a day to propagate through the system. So it's getting done, slow but sure! Thanks for the suggestions though!

 

[LarryDomain]

MapleDots did say that he'd turn the domain over to me if it becomes his, and I believe him. I think he may not have known all about the controversy right away. He's stepped up to the plate, as has Matrix and are going to be giving me back my 20 year old domain. Hopefully no one will be out anything when all is said and done, and both these guys will be heros of the year for sure! In this case they are doing the right thing, and I know that I, and many others in here, would do the same were the tables turned.

 

[tonyk2000]

I'm in www.beautifulbellavista.com (one of my websites, a fan site for my little city nestled in the hills of the Ozark Mountains).

Wow... really a great place. And beautiful
By the way, the domain expires later this year, you might want to renew it an advance (for up to 10 years).

 

[LarryDomain]

So did Mantra get $5000 and Dustie got his domain back? And Maple donated $5000 to Mantra?

Help shorten the story I can't read 19 pages

 

[Dustie]

@Dustie -

Thank you for your response.

Did GD specifically indicate that the "change request" from $20,000 to $450 was specifically tagged as having been initiated from your GD panel?

Please advise.

-Cougar

ps: Yes, like Stub mention, I am happy you have your domain back...Congrats! But if we don't have a perfectly clear (and documented reason) for how this transpired, we are naively flying blind. Thanks.

I was told that the change was initiated from my GD panel, first changed from the 20,000 that it had been for over a year, to 30,000.00 and then changed to 450.00 right after. That is a real head scratcher, as I would have never priced it at either price. I thought 20,000.00 was a pipe dream so I would have never put it at at 30,000.00, only to follow it up by lowering it to 450.00. But they could find nothing to prove I didn't do just that??

I just don't think we are ever going to be able to ferret out the truth here. I'd say the best way to avoid anything like this from happening again is to always double and triple check any price change you ever make on any of your domains for the next few days after... and keep the 2FA system always on your account (if there is one available where your names are).

Dustie

 

[Dustie]

So did Mantra get $5000 and Dustie got his domain back? And Maple donated $5000 to Mantra?

Help shorten the story I can't read 19 pages

Welcome to the Fray LarryDomain!

Maxtra was refunded his original purchase price from GoDaddy, I paid GoDaddy Back 360.00 (the original purchase price minus GD's commission) and Maxtra gave MapleDots back his 5,000.00 All have been made whole! Oh, and GD gave Maxtra a Credit (although I'm not sure what that was) for being so noble! And I'm offering a lifetime worth of Graphic Arts work for both Maxtra and Mapledots if they should need it for the same reason! ... And I'm a she...

 

[Dustie]

Wow... really a great place. And beautiful
By the way, the domain expires later this year, you might want to renew it an advance (for up to 10 years).

Thanks Tonyk2000... Good Idea! And yes, Bella Vista, AR is a beautiful place! Been here nearly 17 years and we love it!

 

[Grego85]

I love how GoDaddy keeps the commission after yet another mess up. If one thing is clear from this thread its that GoDaddy continues to fail at handling the responsibilities they have with their domination of the domain aftermarket.
I feel an explanation is owed to everyone who is expected trust GoDaddy Premium Auctions.

 

[tonyk2000]

I was told that the change was initiated from my GD panel, first changed from the 20,000 that it had been for over a year, to 30,000.00 and then changed to 450.00 right after.

It is very interesting.

If it is really the case, then your pc or laptop was possibly "hacked", or may still have a virus or a backdoor.

Just one more proof that everybody should consider either switching away from windows (to mac or linux) or at least use antivirus software (with frequent updates). Not "windows defender" which is a joke and always was...

A low-budget solution - as per various third party quality tests - might be AVG FREE ANTIVIRUS https://www.avg.com/en-ww/free-antivirus-download or Kaspersky Free https://www.kaspersky.com/free-antivirus . Or their paid advanced versions - not expensive at all. Kaspersky is not recommended by U.S. government though (due to some Russian connections).

Also, the are good 100% commercial products with different prices and licensing types.
In no particular order -
http://www.norton.com/antivirus
https://antivirus.comodo.com
https://www.bitdefender.com
https://www.drweb.com

 

[Dustie]

I have the paid version of AVG, just ran it and no viruses. Now that I have two step authorization, would that stop a hacker if they were coming through my computer. If they are doing that then is there any way to be safe?

 

[MapleDots]

So did Mantra get $5000 and Dustie got his domain back? And Maple donated $5000 to Mantra?

Help shorten the story I can't read 19 pages

I've been a bit quiet on this whole event for the last day or so because I wanted to make sure Dustie had her domain before I said anything.

The question everyone keeps asking me is why I stepped in to purchase the domain and did I get my money back.

I read the passionate story from Dustie and it stirred something in me which made me want to help. Everyone was pointing to a namepros member who now owned the domain and that member had the domain for sale on the forum. He was asking what I considered a fairly reasonable price and at this point I did not know who he was so I decided to jump in and lock the domain down. I offered him the complete 5k he was asking for and said I was purchasing it to hold until the dust settles (pardon the pun). I did not know if the domain was stolen or if it was a technical error, all I knew is that I wanted it to stay at namepros before someone else bought it who may not have the honourable intention to give it back. My offer was accepted and I transferred the funds within minutes of consummating the deal to assure the deal was locked down solid.

My intention was to hold the domain until everything was cleared up so that it could not be resold again.
I don't think I planned anything further than that, it was simply a gut reaction to lock the domain down. There was really no hero intention or anything, I simply figured that worst case scenario I would give it back and write off the 5k.

A little while after that I received my transfer email and found out the domain was locked down and I could not transfer it to my account. When I informed @maxtra he confirmed it was locked down. I decided to wait a day or so to see if the domain would unlock and when it would not @maxtra offered to return my funds. This was a given because the domain did not transfer so I really had no risk that deserves any credit in this topic.

Maxtra then also publicly stated he would return the domain once he found out what happened.

So basically my money is on its way back from paypal, I have done nothing that deserves credit or praise of any kind. That should all be reserved for the true hero of the day which is @maxtra. Even when it was determined that Dustie had indeed made an error and maxtra was the legal owner of the domain he still stepped up and offered the domain back.

So if anyone deserves any credit or acknowledgement here it is only @maxtra and I for one want to nominate him for the namepros member of the month. If we don't have that we should certainly get it because he exemplifies everything decent and honest at namepros. I am so proud to be a member and I am proud of all the people who rallied around Dustie to offer her advice and assurance through this tough time.

I would also like to give a shout out to @Joe Styler and crew for taking care of things on their end.

Good job everyone, this is definitely as good as it gets.

 

[tonyk2000]

I have the paid version of AVG, just ran it and no viruses. Now that I have two step authorization, would that stop a hacker if they were coming through my computer. If they are doing that then is there any way to be safe?

I'd say that basically you are all set Just make sure that AVG is always running in the background and receiving updates. Also, do not click on links in unexpected emails received from unknown senders... and even from known senders.

 

[Name Trader]

@tonyk2000 - I don't like Windows and I don't like any of your choices for AV software. I agree that mac/linux are much better protected from AV because they are not a target platform. I had an interesting conversation at TenForums.com recently where the consensus was most of the AV software was overbloated, expensive, too intrusive, to outright dangerous, and that Windows Defender was all you needed to keep your windows safe from virii. And furthermore, you only needed an AV suite if you were doing something nefarious. Really! (Their opinion) I agree with most of their conclusions about the "features" however. I wouldn't touch AVG or Kaspersky with a barge pole. AVG was way, way to intrusive, and Kaspersky was compromised. Maybe still is.

After reading a lot of reviews. I mean a LOT. I finally decided on Panda. The free version is only an AV program with nothing else. It performed pretty well in recent test results. It does have a pop-up which can be a tad annoying, popping up a couple of times a day. But it was mostly acceptable. The pop-up is to trying to get you to buy their premium, read "bloated" version. The frequency gets less with time. However, this was extremely mild compared to AVG. Which seemed like it wanted to take over your computer.

I would add that I am not a voluntary user of Windows. It was kinda forced on me because the Intel NUC I purchased only had Windows support. I am/was a primarily a linux guy using OPENsuse. I have not ejnoyed my time with Windows (10). The array of software is bewildering. Sorting out the wheat from the chaff is almost impossible with the amount of BS chasing your every dollar.

 

[creataweb]

Any theories for what happened here? Doesn't seem like a hack because @maxtra ended up with the domain...

 

[tonyk2000]

@tonyk2000 - I don't like Windows and I don't like any of your choices for AV software

100% agree. I do not like windows, too. I'm using linux, freebsd and also have win10 in virtual machine isolated from everything, as win10 is by itself non-trusted software ;-(). I also do not like my choices for AV software... But what else can be suggested to windows user? I heard that some Chinese antiviruses may have higher quality... but users behavior will then be tracked by China and not by U.S. (or by Russia in Kaspersky case, or by Spain/EU in Panda case). Panda? I had it running in VM for a few years, and it used to miss viruses frequently. tested with a lot of attachments I receive to whois emails. It was a few years ago though, maybe it is better now....

 

[Dustie]

I love how GoDaddy keeps the commission after yet another mess up. If one thing is clear from this thread its that GoDaddy continues to fail at handling the responsibilities they have with their domination of the domain aftermarket.
I feel an explanation is owed to everyone who is expected trust GoDaddy Premium Auctions.

I do not feel that GD is at fault here. I've no reason to not trust Joe Styles and the work he put in trying to figure this all out. I've still got my names at GD and have no intentions of moving them. I am, for now and the unforseeable future, keeping dustie.com under lock and key.

Go Daddy didn't keep the commission. I was paid 360.00 and I paid back 360.00. Maxtra was paid back his original 450.00 that he paid, plus a credit and Maxtra paid MapleDot. So everyone was made whole and GoDaddy commended Maxtra.

 

[Dustie]

I'd say that basically you are all set Just make sure that AVG is always running in the background and receiving updates. Also, do not click on links in unexpected emails received from unknown senders... and even from known senders.

All good advice Tony. I have, however, been on the net since 1998 and know much better then to click on unknown links. If I get an email with a link from a stranger, I never click on it. If I get one from a friend, and they haven't said what the link is for, I write to them and ask if they sent a link and, if so, where does it go. I know that bad stuff can come through email. AVG is always running in the background and automatically updates itself.

 

[vincew]

I'm glad you got your name back and everything worked out. I just had one question:

I don't have any names at GoDaddy but I assume you can lock a name so it can't be transferred. Was dustie.com unlocked when the sale happened? If it was locked I don't see how it could've been transferred.

 

[Dustie]

I'm glad you got your name back and everything worked out. I just had one question:

I don't have any names at GoDaddy but I assume you can lock a name so it can't be transferred. Was dustie.com unlocked when the sale happened? If it was locked I don't see how it could've been transferred.

It was listed on Premium Domains with GoDaddy for 20,000.00 and I wanted it to be able to be purchased so I didn't lock it. Naive maybe, but there it is. It's going to be locked from now on, believe me!

 

[dande]

Welcome to the Fray LarryDomain!

Maxtra was refunded his original purchase price from GoDaddy, I paid GoDaddy Back 360.00 (the original purchase price minus GD's commission) and Maxtra gave MapleDots back his 5,000.00 All have been made whole! Oh, and GD gave Maxtra a Credit (although I'm not sure what that was) for being so noble! And I'm offering a lifetime worth of Graphic Arts work for both Maxtra and Mapledots if they should need it for the same reason! ... And I'm a she...

Good dear. Glad everything is settled in a win-win situation. All thanks to @MapleDots for the huge stake in this matter. Always make sure you monitor your names at all time.

 

[BrandCougar]

I was told that the change was initiated from my GD panel, first changed from the 20,000 that it had been for over a year, to 30,000.00 and then changed to 450.00 right after. That is a real head scratcher, as I would have never priced it at either price. I thought 20,000.00 was a pipe dream so I would have never put it at at 30,000.00, only to follow it up by lowering it to 450.00. But they could find nothing to prove I didn't do just that??

I just don't think we are ever going to be able to ferret out the truth here. I'd say the best way to avoid anything like this from happening again is to always double and triple check any price change you ever make on any of your domains for the next few days after... and keep the 2FA system always on your account (if there is one available where your names are).

Dustie

@Dustie -

Thanks for your follow up.

I do appreciate your taking the questions head on and being candid with your responses. Thank you!

And much appreciated.

Based on what you have outline - it appears (somewhat likely) that some figured out your GD password and had quietly logged into your account & changed the price without your knowledge.

I also get the impression (tho without hard data) that @maxtra simply walked into this shi*storm by accident and purchased a name for his portfolio he felt was worth $450.

Tho I know I have beaten this drum hard - I do feel that you, Maxtra, and all for that matter would benefit from the hard data identified by GD's research. There is no Proprietary or "Trade Secrets" being requested here - just simply an event timeline and event request (who or which venue requested the pricing change events) to be provided to all. Yes, the NamePros community is not a party to the transaction, but the pricing change request events data would help table the topic and would demystify the situation for all.

Additionally - by providing this data this would help table the credibility hit that Maxtra faced - let's be honest about this - initially in this thread many shouted "OGRE- grab your pitch fork!" and chased after Maxtra as a villain - who then was shamed into returning the domain.

Without the data - he is left with mud on his face (even tho he returned the domain - there's still a stain).

IMO - you owe it to Maxtra to seek and provide below information - and then share with Maxtra the hard facts that GD identified. (and with us if both you and Maxtra are receptive to)

A mistake made (understandable) or a hack (unknown) ----> but GD should know if the IP used for the $30,000 and $450 price change request were actually your IP when your GD Panel was accessed -or- whether is was a different IP address.

This fact alone would help to clear the fog a bit..

Joe should have no issue providing you that one simple fact.

-Cougar

ps: Let me be clear - I think Dustie had a valid issue and you have initiated a thread that drew a lot of discussion - as well as - a lot of great recommendations - I also think you have done an OUTSTANDING job of continuing to respond to questions being asked on this thread even after you have received your domain back - there are some that would have said "thanks" and then disappeared all jolly and happy - but you have continued to respond post-return and I thank you for that.

 

[Kate]

I have the paid version of AVG, just ran it and no viruses.

That means nothing.

What is more likely is that your password was leaked in one of those massive data dumps. Many people reuse the same password across sites, which means that if one site gets compromised somebody can take over user accounts you have at other places, and your E-mail account which is crucial.

I don't know if that statement applies in your case.

But even lazy people should at a minimum use a unique password for their E-mail account. And also for their registrar accounts. Use a password manager, then you can have super-complicated passwords that are different for each site, and you don't have to remember them.

Anyway, GD must have a log of user activity with IP addresses. Do we have to subpoena for that information ?

 

[Larion]

DUSTIE.COM IS HOME SAFE AND SOUND AND SHE'S RESTING PEACEFULLY WITH ALL HER DOMAIN NAME FRIENDS!

now sell the domain for 50K to some company and also sue GD for 1 million bucks for their buggy website.
Done Deal

 

[Larion]

Hi @stub -

I agree.

But wouldn't it be a solid response by GoDaddy and demonstrate a huge amount of credibility if they did!

We are not talking about "confidential information" for Dustie's account - we are simply talking about timestamps of certain events that have been discussed extensively in this thread. And also want to know how this $450 price point was implanted. If GoDaddy says "we don't know" then we are F'kd - as this is a Risk Management issue that deserves a specific Root Cause analysis and result..

And not a single one of those dates are "Top Secret" (nuclear code) type data points. They are only date stamps and event time stamping.

The problem I have with how this is playing out - is their is too much jubilee at the moment about the name being in the transfer mode back to Dustie- and not enough effort is being made to get to the ROOT CAUSE of this problem.

This ROOT CAUSE is super important to all of us that have a GoDaddy account. And sugar coating a dog turd does not make it a Babe Ruth bar!!

Meaning - the fact that good will is being exhibited to return the domain to Dustie is terrific and admirable, but damn - let's get real here - something happened that caused this cluster of a mess - and simply sugar coating it by saying "we found no issues" is too simple and generic a response.

Every communication I have ever had with Joe has been super professional. He is focused and responsive to NamePros members questions. Thank you! But this is an opportunity for GoDaddy to shine! With full transparency on a topic that at the moment is quite public and concerning.

This thread demonstrates there is an undercurrent (undertow) feeling about this situation. Why not provide full transparency to the reasonable questions I asked in my earlier post. If "VP" level GD employees were involved, they must (or at least hopefully) had data provided to them for them to draw their conclusions.

This is a perfect moment for GoDaddy to shine. I am not asking for Trade Secrets or "Proprietary" information. Just asking for a simple timeline of events based on their raw data findings.

And if someone says.... "they found nothing unusual"... then why not published the data and share the data they used to render that opinion!

Let us... as domain investors... render our own conclusion!!

We aren't a stupid lot and many of us have operated multi-million dollar businesses and have had to participate in Risk Management exercises / Root Cause analysis & exploration.

-Cougar

there is a simple solution to all of this:

DO NOT use GoDaddy or Afternic.

Problem solved.

 

[Dustie]

Kate, now that the horse is back in the barn, I've taken precautions to protect her. I have a really long password on GD and email as well as 2 step verification and GD's paid security lockdown too. I plan on changing my password often so I will certainly look into that password management software you spoke off (thanks for the tip).

I have learned so much through this process. 1st of all, that there are great number of people in here ready to jump in and help if someone has a legitimate problem. Then there's all the advice on how to protect your valuable domain names and to not just take them for granted. And that there are people out there that really care about people more then they care about money (mmmm, let's see, the names MAXTRA AND MAPLEDOTS come to mind immediately). A great learning experience.

And Cougar, I wish I could give you the answers you're wanting, but they just aren't there for me to give. I'm not a tech person... I didn't even get on computers until Windows came along in the late 90s with the cute little graphics I could click on to find things that I needed to help me do what I wanted to do. So even if Joe had tried to explain all he did to check to see if it had been a problem with the software or a hack, I wouldn't have understood a thing he was talking about. Sufficient it to say, his explanations were enough for me.

As I said before, if he wants to elaborate to those of you who would know what he was talking about, that totally up to him. I hope you understand.