Lama.com stolen domain. DO NOT BUY!

[Gerry]

Honestly folks...how many times have we read about hacks using gmail accounts? Can anyone connect the dots?

We've got domainers with tons of domains and yet many are not even setting up a secure email using their own domains.

I get suspicious as hell when I get offers to buy and I look at the email source...gmail.

That immediately tells me that anyone can open a free gmail account and there is a 50/50 chance that if we strike a deal there may be stolen funds or CC involved, the gmail account will be closed, and I will end up getting hit with charge backs and lose the name.

Yes, a 50/50 chance.

Sure, a 50/50 chance exists with every transaction. But that is not the point. Again, the point is, how many threads on this forum crying about hacked accounts involve a gmail account?

 

[tetrapak]

Stian, it was the hacker, probably he just wanted to save time, so I don't find out the big picture until he gets "his" money transfered. It's not a personal attack, I never had any business problem with anyone in the past. Small misunderstanding, sure, anything big, no, not at all. He got just pissed off, because he was very near to getting such an amount which makes you a half god in a small town in Iran.

JP, correct, but the hacker had access to my domaining email (through hacking my vps), so he managed to do the whole deal without me receiving any emails.

Erdinc,

1. Yes, that's where it has started. He got access on Apr 12. (I have it in my log Gmail log), since then he just collected information.
2. Yes
3. Regular

---------- Post added at 03:36 PM ---------- Previous post was at 03:34 PM ----------

Again, the point is, how many threads on this forum crying about hacked accounts involve a gmail account?

It was my personal account, but it contained information which led him to access my vps, and from then on he was king in the castle. That's why I write that my biggest mistake was to keep emails there as safety if my computers crash, not a good idea.

 

[DomainsInc]

people should go to jail for this kind of shit.

 

[Embrand]

Honestly folks...how many times have we read about hacks using gmail accounts? Can anyone connect the dots?

We've got domainers with tons of domains and yet many are not even setting up a secure email using their own domains.

I get suspicious as hell when I get offers to buy and I look at the email source...gmail.

That immediately tells me that anyone can open a free gmail account and there is a 50/50 chance that if we strike a deal there may be stolen funds or CC involved, the gmail account will be closed, and I will end up getting hit with charge backs and lose the name.

Yes, a 50/50 chance.

Sure, a 50/50 chance exists with every transaction. But that is not the point. Again, the point is, how many threads on this forum crying about hacked accounts involve a gmail account?

Even Rick Schwartz uses Gmail for his administrative contact address. Guess he can't afford to buy a personal domain :lol:

 

[erdinc]

tetrapak,
A gmail account that was hacked might be hacked again. The reason is because gmails account recovery form, which asks you things like when did you start using gmail, what are some of the labels etc. A hacked would know this information. If you want to understand how the hacker would do this, follow these steps:
1. Open this page:
https://www.google.com/support/acco...contact_type=acc_reco&ara=2&ctx=acc_reco&rd=1
2. select "no"
3. In the middle of the page you where it says "Do you use Gmail with this account?" select "yes".

Now when you look at the questions you will see that anybody who had access to your account would know most of the questions. They need to score about 85/100 to pass that form. Unfortunately the account recovery form can not be disabled. Therefore many gmail accounts get re-hacked.

One thing I suggest that you do is to activate "two step verification". Gmail sends you a unique code over sms each time you sign in (every two weeks). I'm using it and I like it a lot.
http://www.google.com/support/accounts/bin/static.py?page=guide.cs&guide=1056283&topic=1056284&hl=en

Gmail accounts with two step verification use a different account recovery form which is more complicated.

Also I suggest to anybody who is using gmail to activate two step verification.

Honestly folks...how many times have we read about hacks using gmail accounts? Can anyone connect the dots?
We've got domainers with tons of domains and yet many are not even setting up a secure email using their own domains.

I'm using both and I don't feel like domains based emails are more secure than gmail. The reason is because :

1) method 2, that I posted earlier which involves email forwarding. The hacker sends an email to the registrar that holds the email domain and asks for help setting up email forwarding. You are at the mercy of support staff of registrars. Add to this the fact that hackers can use sent mail as addresses to make the request look legit.
2) Somebody might gain access to your registrar account that holds your email domain.
3) Your hosting account might get compromised if the domain is also used for an site.

This last risk can be disabled by using your domain only for email without having it hosted. For instance you can use google apps with unhosted domains by changing mx records at the domain registrar (rather than changing them inside your cpanel for hosted domains).

Using a domain for your email in order to prevent your registrar account getting hacked is tricky because that domain needs to be in a registrar as well. If your email is [email protected] you certainly don't want to use that email address to control the registrar account that holds example.com.

Although one good thing about google apps based email is that it does not have account recovery form. That form is a security risk and can be used by hackers.

So, there are two good options for safe email:
1. Domain based email: using google apps without having a site. Mx records are set directly at registrar. Also two step verification enabled
2. Gmail : Two step verification enabled

For option 1 you need these links:
To create a new google apps account: https://www.google.com/a/cpanel/domain/new
To find out how to do the mx records directly at domain registrar: http://www.google.com/support/a/bin/answer.py?answer=140034
To enable two step verification for google apps: http://www.google.com/support/a/bin/answer.py?answer=184711

For option 2 you need this link:
enable two step verification for gmail http://www.google.com/support/accounts/bin/static.py?page=guide.cs&guide=1056283&topic=1056284&hl=en

---------- Post added at 09:26 AM ---------- Previous post was at 09:20 AM ----------

It was my personal account, but it contained information which led him to access my vps, and from then on he was king in the castle. That's why I write that my biggest mistake was to keep emails there as safety if my computers crash, not a good idea.

Hacking a hosting account shouldn't give access to a registrar account. Therefore I don't suggest domains based emails that are hosted to be used for registrar accounts. Unhosted domain with google apps is fine although I think two step verified gmail is slightly better because even an unhosted domain is tied to a registrar account and creates new risks.