Three of domain names stolen...

[xxxtreme]

Quote:

I'm not 100% sure of the system these scammers use but believe they work by gaining control of your email account first in many cases. Could that be your security hole?

I suspect that might have been the cause of all my trouble. In the meanwhile I have installed some extra protection on my machine: Kerio Firewall in combination with Webroot´s Privacy Master , which makes it possible to password protect and encode any directory on your PC (including your email dir). And I must admit, that so far I have been seeing some quite suspicious entries (i.e. failed attempts) in my logs.

I had Zone Alarm installed until recently, but since it was causing me quite some problems, I decided to remove it and didn´t replace it. My error...

[terry]

Hi,

I had a domain registered with godaddy.com stolen from me. When I found out I called godaddy and told them. I even showed them my receipt. They took over from there and 2 days later I had the domain back in my name.

Terry

[marzzo]

Quote:

Originally posted by terry
Hi,

I had a domain registered with godaddy.com stolen from me. When I found out I called godaddy and told them. I even showed them my receipt. They took over from there and 2 days later I had the domain back in my name.

Terry

That's great news, rarely do we hear of a recovery! I wonder what makes your situation different than xxxtreme's hijacks?

[DavidM]

Quote:

Originally posted by grzepa
Do you guys think that changing u/p at your cpanel frequently should help preventing such problems ?

Maybe, maybe not. I haven't used them so I don't know what their securtity setup is. But if it (the password) is sent unencrypted (non-SSL, etc), then each time you change it you risk that someone between your machine/network and their server/network is able to intercept it. This can happen with malicious operators or when a cracker/hacker has compromised a router etc. The same thing is true with standard POP email accounts or regular telnet (which is why SSH is used by many hosts - but what about the other services?) and FTP. If the password change is done securely, yes, go for it as often as you can.

Passwords. Make them good - eight characters with numbers and letters, mixed case. DO NOT USE THE SAME PASSWORD FOR OTHER THINGS. PASSWORDS SHOULD BE UNIQUE, especially among vital things.

Also, your machine's security is vital otherwise - no matter what you do remotely - if someone has a key logger on it, it will do no good. Virus and trojan scanners with updated definition files are vital along with some sort of firewall setup. But these aren't 100% either. If someone is very knowledgeable and targets you specifically, they can write custom stuff that will probably get around detection (virus scanners usually look for certain signatures/strings or ebhaviours). This is why people with a lot to lose (and many enemies) should actively take every reasonable precaution that they can - even the best protection known really is not enough with a creative adversary. Anyone who says otherwise probably does nto know what they are talking about.

Don't forget the normal steps the others talked about too - like locking the registrar. I use directnic and have no major complaints, they offer this.

added: also if you really do not want to see this happen again and would hate it, people are often able to circumvent security measures (like passwords) by going over the phone (social engineering). The service will then question them about other things - or some not even at all and will just believe it (!!!) - if someone knows what these questions will be and is able to answer them or convince the person providing the service enough, it will be trouble for you. It might be good to talk with your providers of services and tell them not to allow this in advance and establish how you will identify yourself. This would apply to hosts too - as it would be a pretty blatent denial of service attack if they convinced your host to pull the plug, wouldn't it?

Good luck.

[DavidM]

Quote:

Originally posted by xxxtreme
I suspect that might have been the cause of all my trouble. In the meanwhile I have installed some extra protection on my machine: Kerio Firewall in combination with Webroot´s Privacy Master , which makes it possible to password protect and encode any directory on your PC (including your email dir). And I must admit, that so far I have been seeing some quite suspicious entries (i.e. failed attempts) in my logs.

I had Zone Alarm installed until recently, but since it was causing me quite some problems, I decided to remove it and didn´t replace it. My error...

Hopefully it is encrypting the directories with a good algorithm instead of just hooking to the system calls and trying to regulte access - I couldn't tell you though because I'm not familiar with it. I use something called PGPdisk (modified version of 6.5.8) and have a few encrypted disks which are encrypted with passphrases. This isn't the best either (a lot of holes and possibilities) - bit every bit helps.

[ewriter]

Sorry to hear about the domain theft too.
I use www.iaregistry.com for my domains and have found them to be reasonable in price and with a domain locking device to prevent unauthorized tampering with my domains. They also send me warnings whenever one of my domain names is about to expire. I mean right up to the last couple of days.

Sam Phifer

[stuveltje]

yikes , i have all my domains at godaddy, as far as i know, if i change something in my accound at my domains, i get an email from godaddy, telling me this and that has been change, if this is not right, take contact now. Didnt you get an email from them that something has changed?

[xxxtreme]

Quote:

Originally posted by stuveltje
yikes , i have all my domains at godaddy, as far as i know, if i change something in my accound at my domains, i get an email from godaddy, telling me this and that has been change, if this is not right, take contact now. Didnt you get an email from them that something has changed?

Nope, no email... Even more, when I asked them the same question over the phone, they even admitted that they don´t send out any emails. Be warned

[stuveltje]

Last time i changed dsn at godaddy , i got an email that something was changed, i have all my domains locked there, if i unlock them i get an email, that the domains are unlocked, if not right i need to contact them..........very strange

[chilihost]

I feel for you, but I also hope that you and others will learn from this experience. There is no reason why you should not have different complex passwords for things like your domain accounts. You access these things so rarely that it makes sense to make up some unique alphanumeric passwords and write them all on a piece of paper and file that paper away! Don't keep an electronic copy of this and you reduce your chance of password theft by 99%!!! If you do ever lose your list, most places will email your password or a reminder to the email address they have on file.

I wish you the best of luck getting your domains back.

cheers,
Luke

[jvastine]

xxxtreme,

sorry to hear about your problems. I have used NatNames for over 5 years with no problems, you may want to take a look at their service. NatNames is an operation of NationalNet.

[SomeCreep]

Quote:

Originally posted by xxxtreme
Nope, no email... Even more, when I asked them the same question over the phone, they even admitted that they don´t send out any emails. Be warned

I get an email from godaddy everytime I change DNS or contact emails on my domains.

[marzzo]

Quote:

Originally posted by SomeCreep
I get an email from godaddy everytime I change DNS or contact emails on my domains.

Yep, I get emails when changes are made.