Well, I finally got hacked.

[eli4407]

Well, my godaddy account just got hacked and ripped off by some *&^%**!!
Godaddy is all but saying that the odds of me getting it back are slim.
They want me to fill out a form to change the email address on the account to get it back, but the form asks for the current email on the account and last name, which neither of are mine because the perp was smart enought to change them. DUH
Godaddy supposedly cant access my account becasue the call in pin is changed (really)??
Also, if i do get the account back, they will charge a $150 fee to restore all my files in my hosting. LOL
Thankfully, my best domain were somewhere else, but all 40+ of my websites were hosted at godaddycrappyhosting.com

 

[MicroGuy]

Sorry to hear about your ordeal. ( )

If you can break the Godaddy Chains™ you will be better off anyway. Their hosting is probably the worst (other than NetSol) that I've had the misfortune of using. I could not be happier with my move to MediaTemple.net. Highly recommended.

 

[napa]

I think that you are going to be able to get back your account and domains.

 

[h2o]

This is something that worries me. What is the best way to protect yourself from such losses? Privacy whois, Anti-virus, spyware software, ect?

 

[shockie]

This is something that worries me. What is the best way to protect yourself from such losses? Privacy whois, Anti-virus, spyware software, ect?

i would say that securing your own computer (or wherever you login to your email/registrar) is important, along with spyware and some common sense.

seabass' idea of not putting all of your eggs in one basket is also a good security measure. just make sure you don't link all the accounts using similar email addresses or passwords. :blink:

 

[DubDubDubDot]

Godaddy is all but saying that the odds of me getting it back are slim.

Why would they say that? I'm sure you'll get it back.

They didn't just guess your password, you unknowingly gave it to them. That is probably the basis for GD's office fee for dealing with this. As crappy as this sounds, it falls back onto you protecting your passwords.


Here are the likely culprits...

- Weak password.
- Someone you know stole your password in person.
- GoDaddy or email phishing site.
- Trojan on your system. Most commonly picked up off websites (Firefox and Chrome provide a false sense of security), packaged with warez cracks, pirated programs, .rar and .zip files, etc...
- Hacked database somewhere that has your same GD or email password.
- Same password at a rogue domainer's site (forum, blog comments, etc...) that you use for GD or your email.
(Obviously a GD password alone isn't enough, they need account ID too. So this may involve someone you've done business with that also runs a website you go to.)

- Gmail security breach. They've had pretty much the worse breaches in major email provider history, yet they never make the mainstream news for some reason. I refuse to use this service for anything security sensitive given their poor track record. (domains stolen in first link)
http://www.makeuseof.com/tag/breaking-gmail-security-flaw-more-domains-get-stollen/
http://www.davidairey.com/google-gmail-security-hijack/
http://www.pcworld.com/article/139758/firefox_exploit_can_hack_gmail.html
http://www.cyber-knowledge.net/blog/2007/01/01/gmail-vulnerable-to-contact-list-hijacking/



The first thing you need to do is change all of your other passwords, ideally right now from a computer that you know is clean. If you don't know for sure, you could download and burn a Linux Live CDR. Ubuntu is popular. The Live versions will run Linux off of the CDR and your RAM without actually installing it on your HDD.

If you don't want to do that, then download a firewall with program permissions. LookNStop is probably the most simple. Install it and reboot. If you have a trojan this will likely prevent it from sending data as long as you block it when it asks.

Then run several free online virus scanners: http://www.google.com/search?hl=en&safe=off&rlz=1C1GGLS_enUS291US310&q=online+virus+scan&btnG=Search

Also download SuperAntiSpyware and Spybot and do a system scan with those.



Also, it's worthwhile changing your domain's contact info every 60 days so that it resets the time period in which you can't transfer out after changing your contact info. Just something minor. "Ave." to "Avenue" will work. Then if your account is hacked, they at least can't transfer them out of GoDaddy to another registrar before you get things straightened out.

 

[Soofi]

I could not be happier with my move to MediaTemple.net. Highly recommended.

There dedicated servers are crap though..

Good luck eli4407...

 

[co2]

This is something that worries me. What is the best way to protect yourself from such losses? Privacy whois, Anti-virus, spyware software, ect?

I was think about this several days ago, as GD policy of not being able to transfer out, any domain if you change details. So if you do change [ say email ] any domain can't be stolen, or moved to another register, only to another GD account. I not sure if any other register has this policy, but at least they are still in GD system. As for account hack, you have to be on guard all the time, I am sure you will get it back.

 

[eli4407]

Well, the good news is my two best domains were at another registrar! I had forgotten that and was sooo depressed. Now, just get new hosting elsewhere, rebuild sites, and hope google doesnt unindex them. How long does it take google to unindex a site?

 

[nrmillions]

let me guess, you used the same email address for your registrar account as the one you used for your contact info that shows up in the whois for the domains?

 

[ashish2005]

Wow that must have depressed you a lot. And you are lucky that your best domains are on some other registrar. Best of luck in getting your godaddy account back.

 

[DubDubDubDot]

Any updates?

How many domains are in the stolen account?

 

[Coronapilot]

Why would they say that? I'm sure you'll get it back.

They didn't just guess your password, you unknowingly gave it to them. That is probably the basis for GD's office fee for dealing with this. As crappy as this sounds, it falls back onto you protecting your passwords.


Here are the likely culprits...

- Weak password.
- Someone you know stole your password in person.
- GoDaddy or email phishing site.
- Trojan on your system. Most commonly picked up off websites (Firefox and Chrome provide a false sense of security), packaged with warez cracks, pirated programs, .rar and .zip files, etc...
- Hacked database somewhere that has your same GD or email password.
- Same password at a rogue domainer's site (forum, blog comments, etc...) that you use for GD or your email.
(Obviously a GD password alone isn't enough, they need account ID too. So this may involve someone you've done business with that also runs a website you go to.)

- Gmail security breach. They've had pretty much the worse breaches in major email provider history, yet they never make the mainstream news for some reason. I refuse to use this service for anything security sensitive given their poor track record. (domains stolen in first link)
http://www.makeuseof.com/tag/breaking-gmail-security-flaw-more-domains-get-stollen/
http://www.davidairey.com/google-gmail-security-hijack/
http://www.pcworld.com/article/139758/firefox_exploit_can_hack_gmail.html
http://www.cyber-knowledge.net/blog/2007/01/01/gmail-vulnerable-to-contact-list-hijacking/



The first thing you need to do is change all of your other passwords, ideally right now from a computer that you know is clean. If you don't know for sure, you could download and burn a Linux Live CDR. Ubuntu is popular. The Live versions will run Linux off of the CDR and your RAM without actually installing it on your HDD.

If you don't want to do that, then download a firewall with program permissions. LookNStop is probably the most simple. Install it and reboot. If you have a trojan this will likely prevent it from sending data as long as you block it when it asks.

Then run several free online virus scanners: http://www.google.com/search?hl=en&safe=off&rlz=1C1GGLS_enUS291US310&q=online+virus+scan&btnG=Search

Also download SuperAntiSpyware and Spybot and do a system scan with those.



Also, it's worthwhile changing your domain's contact info every 60 days so that it resets the time period in which you can't transfer out after changing your contact info. Just something minor. "Ave." to "Avenue" will work. Then if your account is hacked, they at least can't transfer them out of GoDaddy to another registrar before you get things straightened out.

thanks for the great post and advise!

 

[Michael]

Whoever makes a registrar with those security keys that go on your keychain and generate a random password each time you press the button will be rich. Sorry to hear of your trouble, I hope you get everything restored soon.

 

[SpareDomains]

Whoever makes a registrar with those security keys that go on your keychain and generate a random password each time you press the button will be rich. Sorry to hear of your trouble, I hope you get everything restored soon.

http://www.name.com/services/namesafe/

 

[bmugford]

Interesting. I wish some of the larger registrars would add this.

Brad

http://www.name.com/services/namesafe/

 

[aliweb]

I am seeing more and more GoDaddy accounts being hacked these days. Is it really that unsafe or shall I say simple to hack!? Just curious as to how do they do that? Does it involve carelessness on the part of user? like using a simple password!?

 

[wussadotcom]

Interesting. I wish some of the larger registrars would add this.

Brad

IMHO Name.com is a big and great registrar. Easy to use user panel plus they always send a note if I made any mistake when I login :lol:

 

[DubDubDubDot]

I am seeing more and more GoDaddy accounts being hacked these days. Is it really that unsafe or shall I say simple to hack!? Just curious as to how do they do that? Does it involve carelessness on the part of user? like using a simple password!?

The level of safety is probably the same across the board. It's just that GD is the biggest, so naturally there will be more stories floating around about them.

Read my post above to see how this is happening. It can happen anywhere to anyone.

 

[StuartP]

If you have an account executive at GoDaddy, ask him/her about Domain Transfer Validation. That way, even if you get hacked, your domains can't be stolen. If you don't have an executive, ask for one.