Help! Someone stole my domain names!

Someome retrieved the username and password of my domain account panel, logged in and changed all registrant and administrative details as well as control panel username and password.
I only recevied a notification message to my administrative email address about this change.
The provider where I registered the domain names said that I'm responsible for my username and password and that they can't do anything about it without a fax blabla from the current registrant. But the current registrant is a thief!!
Someone who has access to a control panel, is automatically the owner of the domains? Also vital information like this can be changed just by accessing a panel? Without any authorization or confirmation email from the current registrant?
Can you give me any help or advise on this?
Many thanks in advance

[Zoobar]

Whats the domain?

> AUTOPAGEEXCHANGESYSTEM.COM, CAPZEYEZ.COM, CTAXNET.COM,
> CYINFONET.COM, EXITTRAFFICEXCHANGESYSTEM.COM, FAIR-EXIT.COM,
> FAIR-HITS.COM, FAIR-POPUP.COM, FAIR-TRAFFIC.COM,
> FAIREXIT.COM, FAIRHITS.COM, FAIRPOPUP.COM, FAIRTRAFFIC.COM,
> GOGREENTOURS.COM, MAXIMPLANET.COM, MOJOSCRIPTS.COM,
> POPUNDEREXCHANGESYSTEM.COM, SIAM1.COM, SIAMONE.COM,
> STARTPAGEEXCHANGESYSTEM.COM, TELA-IT.COM, TELAIT.COM,
> TRAFFICEXCHANGESYSTEM.COM, TRAFFICSYSTEMSCRIPT.COM, WEBFRESH.COM

@ GODADDY

[Drewbert]

I wouldn't be too concerned then, they're saving you some money at renewal time.

How easy was your password to crack?

Was it a mixture of letters (upper & lower case) and numbers?

[James Names]

You need to act fast, before the theif is able to transfer these to another registrar.

Be firm with Go Daddy! Tell them that your account has been hijacked and request that they put a registrar level lock on the domains so they cannot be transferred away from Go Daddy until the matter is resolved! You'll have a lot more problems if they get transferred away from Go Daddy.

Now do what you need to to prove to Go Daddy that you are the proper owner of the domains. This means credit card receipts, fax them a letter, whatever you need to.

[yesonline]

Quote:

Originally posted by -RJ-
You need to act fast, before the theif is able to transfer these to another registrar.

Be firm with Go Daddy! Tell them that your account has been hijacked and request that they put a registrar level lock on the domains so they cannot be transferred away from Go Daddy until the matter is resolved! You'll have a lot more problems if they get transferred away from Go Daddy.

Now do what you need to to prove to Go Daddy that you are the proper owner of the domains. This means credit card receipts, fax them a letter, whatever you need to.

Hey, it comes up a question about how to prove you are the legitimate owner? What kind of evidences and proof shall we keep for this situation? I mean is there anything we could do in advance in case the domain stolen happens to us then we may use it to prove we are the legitimate owner?

thanks

[James Names]

This question would be better answered by a registrar.

My advice is, keep your registration details current and keep your credit card reciepts on file for your purchases.

I believe each registrar would have their own method of dealing with this. Network Solutions has you fax a letter to them on your company letterhead. All registrars should have methods of tracking changes in user information so they would have their own records of the domain been taken over by someone else.

The story how they got access to the access details is that I once purchased one of above mentioned domains from someone and to transfer this domain name from his registrar to my registrar I had to enter the administrative email address from his registrar in the new records of this domain name at my registrar. So this transfer had been approved. I thought I had taken care of everything during this transfer but it seems I didnt change this administrative email address to another email address. So he retrieved the access details at this previous administrative email address.

Years ago I registered these names under some company name but I never had and have a business license for this name, godaddy requests now a fax with business license to change the administrative contact after several calls, faxes and emails, at first I called in, someone told me to fax a request to change contact info on the domains with my passport, then someone told me to fax in another request incl. domain names and passport, now someone wants to have a fax with a business license and so on, brilliant.

[DotComster]

Not a godaddy expert - but they must know this can happen. If worst comes to worst - complain to ICANN. Your old WhoIs info is proof also, but the fax and old info will have to be verified to.

Don't go that wat till GoDaddy know - ie tell them - this might get them a bit more interested in your case.

[RMF]

You might want to take screenshots of the whois for your domains incase he changes contact information again. I think this is a good idea for anyone. I do it for all my domains...or most anyways.

RMF

[WildCard]

Maybe you can message Bok. He's a Godaddy employee that posts here.

-WC-

[WildCard]

Oops, I forgot where I was posting. Bok is a Godaddy employee that posts over at www.webhostingtalk.com.

Give him a private message and tell him you are in a world of hurt and need his suggestions.

Or just call their 800 number and beg for mercy.

-WC-

[draqon]

in my honest opinion:

im probably gonna make people mad by saying this, but Drewbert is right. These names are not good enough to be worth fighting for. I wouldn't even have registered them had they been available.

[WildCard]

Agreed. I imagine most people here would agree with that statement. But they were important to him and they were stole from him by someone that somehow got into his control panel.

I still think you should call Godaddy.com and tell them to help in any way they can. Certainly you can prove you are the owner by telling them your credit card number info.

-WC-

Doesn't look good, Godaddy completely closes up here, they say that this contact info has been changed and for them it has been changed through the control panel, in a correct way. Now they told me contact WIPO and launch a dispute, according to their fees this would been $2000+ for 10+ domains.
This means to me that if I have your username and password to your registrant panel and change all info in my favour, I'm the owner of these domains then. As far as I understand, when you signup with godaddy you agree to changes that are made through your control panel. As far as I understand the current administrative contact is the domain owner. It doesnt matter who paid for the renewal or who the billing contact is.

ah, and a registrar lock can only be placed with a WIPO dispute complaint according to godaddy

[James Names]

A lawsuit against godaddy might be cheaper and more effective than going through the UDRP for 10 domains.

It was their password retrieval function that gave away your login and password.

Also, their policies indicate that for an actual ownership change to be made, you have to complete a 'Transfer of Ownership Agreement' with them to transfer the ownership to another party. If you did not do this, then no ownership transfer has occurred.

I think they're just being lazy.

[mole]

Wow, you've been hijacked by the Vietnamese

[Nic]

Sue !