Godaddy account hacked!

[Amdek]

I don't know how my account was hacked into , some how he got my password (no keyboard logger) and stole 4 names.
Does anyone know what I can do to lock down the account better to prevent this or is security better at another registrar.

I got the email notice and all but he (from China) pushed the names in less than 1 hour, scary with 1400 names

any suggestions

got all back except one , still fighting that one

 

[draggar]

Don't use free email for registrar contact, use one from one of your domains, preferably one that is unpublished (use a separate one for the WhoIs information).

Make your passwords difficult but easy for you, like instead of "amdek" use 4mD3k or even international characters if you can.

Don't put capital letters where expected, mis-spell your passwords, and don't use obvious guesses (your name, a school, a nickname, a significant other, a pet etc..).

 

[DNP]

Also try to list minimum information about yourself @ Facebook, LinkedIn and similar portals that criminals and scammers are using very often to collect some data about people.

 

[Amdek]

all good advice, but the email account I use is a paid account and my password is 12 char, very complex

never mess around in facebook or any places like that, I am in contact with the hacker and he is in Asia and is 16. Would love to know how he did it

 

[DNP]

Would love to know how he did it

Do not wonder! See here. http://www.dnforum.com/f77/gangsta-7-year-old-steals-car-thread-311000.html

 

[Amdek]

Yhea that is a video on stealing a car, hacking a password that only gives you three attempts is something different

 

[actnow]

As I recall, GD is good about locking down after 3 failed attempts.
And, then it is locked down for 12 hours? or something like that.

Enom use to be that way.
I wonder if it is still that way?

 

[Amdek]

Enom is even worse as they don't even send you an email to confirm a change has been made, so if hacked you wouldn't know about it until all your domains are long gone, unless you log in every hour to check them. Very bad practice.

Atleast with Godaddy I got an email alert that the email address had been changed and was able to stop it before I lost everything.