Domain Thief...this guy is trying to steal one of my domains

[CaptainJSparrow]

I got an e-mail saying:

Open Sources [Under Registrar: DirectI] has received a request from Victor [teen.ann@mail.ru] on Monday, Nov 15, 2004 for DirectI to become the new registrar of record for (my domain went here).

According to the e-mail, if I do not respond then the transfer will not take place.

My understanding is that if I did not have that domain locked at Godaddy, then under the new ICANN rules, that domain could have been transferred.

A warning, be sure to lock your domains. If I had been on vacation and not seen this e-mail, and I did not have that domain locked, it may have been stolen.

There was also a link to click on to cancel the transfer, which I did. This went to the registrar (DirectI) that was initiating the transfer.

FYI to cover myself, I also called my executive accounts rep at godaddy and informed him. I followed up with an e-mail to him that he immediately replied to. I also sent a letter to the President of Godaddy suggesting an even more secure way that they can protect our domains that we have registered there.

Watch out for that guy, Victor ... teen.ann@mail.ru ... he is obviously a domain thief.

[tiny]

RUN as fast and as far as you cn from godaddy do a horror search on the board using godaddy.
Don't trust them my friend like I said do a search and you'll see

[darksoft]

There have been threads on this board, in this forum, for over a week now. And GoDaddy is not at fault here.

[CaptainJSparrow]

I've read the threads about godaddy as they came out. I really don't think godaddy is at fault...their policy is the same as everyone else's. ICANN pretty much sets the guidelines that all registrars must follow.

In this instance, there was no harm done (so far), because the domain was not stolen by Victor (that fuckin prick!).

I will also mention, that the e-mail that is listed for the admin contact for that account was also put on a bunch of spam lists the same day that Victor tried to steal the domain. I got 498 e-mails in instead of the usual 10 or so.

I'm pretty sure that he did that hoping that I would not see the e-mail regarding the transfer.

[tiny]

I didn't say they were at fault I just said don't trust them is all.
Too many horror stories about them saying theres nothing they can do when peeps shit gets taken .

[CaptainJSparrow]

My understanding is that once a domain is stolen, the registrar is helpless to do anything about it. The victim must take it up with the agency (I don't remember the name or symbols for that agency) that is in charge of overseeing such problems. I'd imagine that that agency is affiliated with ICANN but don't know for sure.

[Sean416]

I dont mean to knock you too hard, but if you saw all the threads on the boards, got the email from godaddy and still didnt lock your domains, and then went on vacation and lost your domains... I wouldnt feel too sorry for ya. heh.

[Opti]

Quote:

Originally posted by Sean416
I dont mean to knock you too hard, but if you saw all the threads on the boards, got the email from godaddy and still didnt lock your domains, and then went on vacation and lost your domains... I wouldnt feel too sorry for ya. heh.

and

Quote:

There have been threads on this board, in this forum, for over a week now. And GoDaddy is not at fault here.

1) GoDaddy IS at fault... (I promise you that RIGHT NOW.. GoDaddy is undoubtable at fault.. after 24 hours of digging into this. Some other Registers are vulnerable too though!!)


2) How do all you Brainiacs that keep saying "Just Lock Your Doamins and leave GoDaddy" suggest people transfer a domain without un-locking it? And... you could be fucked over in MINUTES after un-locking your domain if you are not aware how these scammers are Phishing for every un-locked domain on godaddy.


That e-mail is sent by, or with the approval of, a Guy named Tooms or Tooma from Portland in Oregon... who has control of an approved ICANN registrar. You can ICQ Him or his manager (not sure which it is) on this ICQ: 45-692-092 if you want to ask him why he is allowing his registry to be used for this scam if you wish... he is quite a piece of work! (If you need an address and phone number to serve this guy, I think I can get it for you from a guy that chased it down from my registry)

Co-incidently this guys line is basically "I dont care if you are too silly to not lock your domains" Sound familiar people?


It APPEARS the "Decline this Transfer" link could possibly be a scam that will give them proof you have agreed to give your domain away under ICANN rules (a guess from my registry support) He should not be able to hold anymore doamins as a registry under the current name by now, or soon... but chances are that wont stop him for long.


For Anyone else that gets one of these emails DO NOT CLICK DECLINE..
Go into GoDaddy account management and click on PENDING TRANSFERS.... If nothing shows up in there.... go back there twice per day for the next week at least.... and ONLY click decline in that area.... You have to keep checking this area of the godaddy site whenever you have any domain unlocked... it is the ONLY way to be sure GoDaddy hasnt received a request they are acting on without your knowledge.



If you are mid transfer and get one of these..... Cancel ALL your transfers that are current.... Lock all your domains and Do Not re-start your transfers for at least 2 weeks is my advice.. there really is no way to be certain who's request you approve at GoDaddy at the moment.. so be very very careful once you get any suggestion you are being targetted!

Sorry for caps... but his one is important: THERE IS NO WAY TO DETERMINE WHAT REGISTER IS REQUESTING YOUR DOMAIN FROM WITHIN GODADDY ADMIN ... and GoDaddy cant tell you either.... (Believe me it sounds impossible... but it is definitely true)

BE VERY CAREFUL ABOUT CLICKING APPROVE IN GODADDY ADMIN... if this scammer has managed to fire off their transfer request before you got yours in... OR IF YOUR TRANSFER FAILS.. this scammers Transfer request will display for approval in your GoDaddy admin instead of your genuine request and there is No Way To Tell.. even by telephoninf and asking godaddy to check for you! (I spoke to 5 or 6 differnt people at GoDaddy.. it isnt just one bad support person.. their system really isnt in place or set up to track this)



I'm going to write a detailled "article" about this, designed to help webmasters with lots of domains spread over many registers protect themselves. I predict many many more people will be caught and lose doamins before this system is fixed.

One thing people who do lose domains might like to consider is.... setting up a class action right now against ICANN... apparently them levying a 45 cent fee direct on us, now gives them a direct responsibility to us, instead of just to the registry. (an opinion)

[Trax]

How could you not lock your domains when using Godaddy?
This was very risky.

[Opti]

Quote:

Originally posted by Trax
How could you not lock your domains when using Godaddy?
This was very risky.

Sorry to answer your question with a question... but.. How can you transfer a domain without unlocking it?

And it's not just GoDaddy... the scammers just happen to know GoDaddy are clueless and hit them hardest first.. Several registries appear to be a worse security hole than GoDaddy to me.

[CaptainJSparrow]

I think that this sums up the new ICAAN policy:

How a registrar transfer works
The new transfer policy still requires the "gaining" registrar to get positive confirmation from the domain owner before submitting the request to the registry. They do this by sending a conformation request to the domain's admin contact. This has not changed.

The domain owner must confirm the transfer as valid by replying to the confirmation request as noted in step 1. This has not changed.

Once the domain owner has confirmed a valid request, it is sent to the registry and they pass it along to the "losing" (or current) registrar. This has not changed.

The current (losing) registrar sends a second confirmation request to the domains admin contact. This has not changed.

What's changed
Currently, if the domain owner does not or cannot reply to this "2nd" confirmation request, the losing registrar can, at their discretion, decline the transfer.

As of Nov 12th, the transfer WILL complete even if the domain owner does not reply to the 2nd confirmation request.

Why this matters
It's important to note that the current and long standing policy of OpenSRS and some other respectable registrars is exactly the same as that which will be imposed on all registrars beginning on November 12th, 2004.

Many other registrars used the older policy to hinder the transfer of domains away from their companies. They used all kind-o sneaky tricks to keep domain owners from confirming the second transfer request.

This new policy does not increase the risk of domain hijacking and if fact hinders it because it also imposes requirements that the "gaining" registrar maintain "proof of domain owner authorization" for domains transferring to their system. Further, if the gaining registrar cannot provide proof, upon request, they are subject to a fine of $1500 per incident (domain) plus the possible loss of ICANN accreditation.

[swedguy]

The only registrars that I've seen that has sent out information regarding the new policy is GoDaddy and RegisterFly.
Odd.

[CaptainJSparrow]

You can read up on it here:

http://icann.org/announcements/announcement-12nov04.htm

[ClubPussy.com]

Again... SCARY....


LOCK UP YOUR DOMAINS PEOPLE....
Do Not let all those hard working hours you've put into your site end up in the toilet. DO IT NOW!

[grzepa]

Quote:

Originally posted by Opti

Several registries appear to be a worse security hole than GoDaddy to me.

Could you name them to aware others ?

[Opti]

Quote:

Originally posted by grzepa
Could you name them to aware others ?

I posted a list of some registry systems in a couple of threads here at GGandJim... and explain a bit more over here... http://www.mainstreamwebmasters.com/...hp?p=1010#1010

I have only personally tried transfers from 2 registers since the change.. Godaddy and a Tucows reseller... If time allows I will do some better research, contact each registry I looked at and ask them to confirm the information is correct, and then write an article to help others... when I know what I am saying rather than just guessing about some things.

[Opti]

Quote:

Originally posted by CaptainJSparrow
I think that this sums up the new ICAAN policy:
............

This new policy does not increase the risk of domain hijacking and if fact hinders it because it also imposes requirements that the "gaining" registrar maintain "proof of domain owner authorization" for domains transferring to their system. Further, if the gaining registrar cannot provide proof, upon request, they are subject to a fine of $1500 per incident (domain) plus the possible loss of ICANN accreditation.

Sorry to pop your balloon... But one of the problems here is that the gaining registry can do what they like if they are criminals or can find a way to TRICK you.. (which is what at least one was trying to do)

And the issue at GoDaddy is not with the Verisign or ICANN rules... it is that the GoDaddy system is so poor... and after seeing it firsthand.. I think even a careful and experienced webmaster could be caught out, even webmasters who exactly follow the correct steps.


Have you transferred any domains this week? After transferring 50-60 domains in 5 seperate batches, and watching 3 attempts to steal different ones... I'm pretty confident I'd have a good chance of tricking any webmaster here into transferring one of their domains to me, if you start multiple transfer orders soon after each other... then the chances of the scammer grabbing a domain become higher too.

I don't personally know how I could get away with it long term.. but the person who tried to grab some of mine is doing this in a big way and seems to think there is a point to it.

[darksoft]

Out of curiosity, why all the massive domain transfers anyway? I mean honestly. Is it a new sport or something? What's wrong with picking a place and staying there?

[CaptainJSparrow]

No Opti, I am not transferring any domains. I hold with darksoft's theory of picking a place, or a few places, and staying with them.

I don't think that the gaining registry can take a domain without the approval of the owner. This said, caution on the part of all of us is certainly called for. ICAAN also allows a 30 day period that you can recall a domain that was stolen, according to what I read on their site. I don't know the specifics on it, but it seems they're trying.

[stuveltje]

i have all my domains at godaddy about 200+ i have them for 3 yers and i had never have a problem which couldnt resolve, i am happy with godaddy

[Opti]

Quote:

Originally posted by darksoft
Out of curiosity, why all the massive domain transfers anyway? I mean honestly. Is it a new sport or something? What's wrong with picking a place and staying there?

Nah, it's not for Sport! I call it business ;- ))

It is more than in a normal week for me, but not that unusual for lots of webmasters. I don't know why it's anyones business really.. and when I posted this stuff the last question I was expecting to get over and over and over again was "why dont you just lock your domains and not move them?" .... So in the interst of my sanity....... I bought some domains from another webmaster and he gave them to me in a GoDaddy account... I sold a couple... a friend gave me 1.... Also, I had been putting off moving the last domains I still had at godaddy in one group...... as it always felt like a chunk of dollars I didnt "really" need to spend and I had never had a problem at godaddy until last week... That problem, and this new system made it seem like a smart time to move the last ones to the group of registers I do trust. As it turned out it was a crazy time to move the ones that didnt have to be done right now. But I don't really need any more messages trying to explain how dumb I am or how locking my domains will solve all issues please



I don't mean to be rude to anyone (and this isnt directed at you Darksoft) but I've fixed my own problems and I'm done with this for now... If you have 10-15 domains, always buy from one registry, and don't have a need to transfer many domains.. I understand this may not be important to you... if you do make regular domain transfers.. all the info you probably need from me can be found in my various posts about this issue... or e-mail me please.




stuveltje: I've probably got a couple of good tips to help you stay safe there. Hit me up on ICQ if you like. 2556404 ;-)

[M.D]

As far as i recall from reading various posts on various threads...

Every time (or at least most of the times) i read about hijacking a domain name, the hijacker has managed to hack into the free email account that was used to register the domain name.

were there any cases that the attempt to hijack the domain happened using another method other than hacking a free Yahoo or other email account?

I am using Godaddy for several years and never had any problem with them.

[ClubPussy.com]

Quote:

Originally posted by darksoft
Out of curiosity, why all the massive domain transfers anyway? I mean honestly. Is it a new sport or something? What's wrong with picking a place and staying there?

A new Sport? I Wish, I could join. BUT....
Crap, I've always suck at sports...

[Porn Princess]

Just to let everyone know...gkg.net also sent out a warning email about the change in ICANN rules..and said they were automatically locking every domian they control and that if you want to unlock it, you have to log in and make the change manually. i've never had a problem with them and their customer support is excellent and $8.45 a year to register a domain for 3 years can't be beat IMHO.

Opti....just to make sure I understand, so long as your domains are locked, they can't be stolen, correct? The only time they can be stolen is if you unlock the domain to transfer it?

Thanks

[Ann Omness]

CaptainJSparrow,

DirectI was following the correct procedure. They received a transfer request as the acquiring registrar. They sent a confirmation email to the owner and administrator of the domain (you). If you do not respond to that confirmation, they will NOT accect the transfer, as they stated in their email. I don't see any real cause for concern. If you do nothing at all, your domain stays at GoDaddy.

I will comment that your domain must have been unlocked at GoDaddy in order for someone to even make the transfer request. If you go to DirectI and try to transfer a domain there, the first thing it does is check the lock status. If the domain is locked, you just get an error message telling you that you can't transfer the domain because it's locked. The transfer request doesn't even go in the system in that case.