Domain Hi Jacker Strikes again.

[linkman]

This is mainly a warning to everyone.

I just had one of my domains stolen by the same person who recently stole one of the bigger adult sites domains. The perp Xyberotica.com. The domain was also transfered to the same registrer DirectI.com

Fortuantely the DNS servers have not been changed and I may be able to scrap through this and get the domain back into my position before any major damage is done. Would rather not say the domain incase the person is reading and attempts to change the DNS info.

I would suggest doing a whois on your domain names and making sure that all the contact information is correct. I only noticed because I was lucky enough to whois my name today.

I have contacted all major parties involved and hopefully with some luck I can get my name back ASAP.

I also want to publicly thank GeorgeK for taking my call, helping and pointing me in the right direction to get this resolved. Most people would say that sucks dude. But he went out of his way to contact people on my behalf. Thanks alot George.

 

[GeorgeK]

You're welcome. I wish the registrars would go further in helping us hunt down these criminals.

 

[interlution]

Without helping hijackers...

Could you explain how this happened? You should have been emailed at the whois contact email address to authorize the transfer? Or did the thief forge your identity?

Thanks for sharing your experience.

 

[linkman]

Without helping hijackers...

Could you explain how this happened? You should have been emailed at the whois contact email address to authorize the transfer? Or did the thief forge your identity?

Thanks for sharing your experience.

I did not receive any emails. A quote from GeorgeK on another board.

I don't want to educate the thieves by elaborating too much. But, basically relying upon the GAINING registrar, a party you have no existing contract with whatsoever, to authenticate a transfer is a stupid idea. The old system of double-authentication (where the existing registrar also had to autheticate) was safer.

The "meat" of ICANN's new policy was the requirement that registrars provide an easy to use unlock mechanism (some registrars like Totalnic were infamous for making it nearly impossible to unlock your own domains). Then, ICANN went too far, in my opinion, in reducing security by making transfers too easy. Yes, too easy for legit transfers, but also too easy for rogue transfers.

 

[interlution]

I agree double authentication was much better and safer. I prefer the old method of handling domain transfers too.

I can sort of understand why ICANN made this change; it's easier for all involved, especially with an ever increasing pool of registrars to deal with. ICANN doesn't want to deal with registrars trying desperate measures to retain their customers’ domains. Easier for ICANN and registrars, worse for the smaller guy, domain holders.

Everyone make sure your domains are locked. That's the 1st line of domain defense today.

 

[linkman]

Good news...

The Domain Name is currently resolving to ns1.candidhosting.com & ns1.candidhosting.com, the Name Servers to whihc it was set prior to Transfer.

We have placed a Register Lock on the Domain Name so that no can make any changes to the Domain Name or have it Transferred Away.

You are advised to get in touch with the Transfer Dispute Department at the previous Registrar. They will in-turn contact our Transfer Dispute Specialist at DirectI, to investigate the case.

We understand your anxiety at this time, and hope this case is resolved soon. We appreciate your patience in the interim.

Kind Regards,

Andy
DirectI.com

looks like this matter will be resolved very soon

 

[interlution]

Good to hear!

Glad you got your name back so quickly.

 

[linkman]

Good to hear!

Glad you got your name back so quickly.

Well not back in my possession just yet. But it shouldn't be long.

 

[GeorgeK]

Nice that they reacted so quickly this time. They must have learned a little from last time.

 

[Theo]

Lock your domains. Don't use Godaddy - they won't help out if your domain is stolen. Use reputable registrars. Report all cases of stolen domains to the authorities. And flood the ICANN't with emails so that they change their stupid new policies.

 

[datat]

Can I ask what is the first step to take when a domain account has been hacked.
As I have 2 that have been renewed by some else and I can't get into the acount that they are in. Strange as the name servers are still the same. As the one above, but they have added 1 year to both domains - must be how they got in.

One domain pulls tiny momey each month, the other pulls nothing, so I have not bothered putting much time into it (chasing up). Also that account only has those 2 in - chaces are I did not change the contact details, as the account came with the domains in question. How ever I did change the password - as I have a record of doing this.

 

[linkman]

Looks like the reseler was involved in this and not just the one individual.

Hi Erik,

We are aware of many unauthorized Domain Name Transfers carried out by this person and we had taken preventive measures against this Reseller and had Locked the Domain Name.

We need the Complaince Cell of the Previous Registrar to contact us in this matter so that we can jointly work towards resolving this case.

Kind Regards,

Andy

Datat if it was your account that was hacked I would contact the register that your domains are at and let them know that someone has taken over your account. If the domains are still in the account I would think it wouldn't be to hard to prove that it was your account and get it back.

 

[DaddyHalbucks]

Wow. That was very nice of George K. to do that for you.

There are some good folks in this business.

 

[linkman]

Wow. That was very nice of George K. to do that for you.

There are some good folks in this business.

Yes indeed it was.