If you are new to domains and looking to buy, sell and learn about domains then you have come to the right place. DNForum is the largest domain name community on the internet and continues to grow every day. There are over 105,000 domainers on DNForum doing everything from buying domains, selling domains, learning about domains and discussing domains. Take a minute and Register.
Register Today on DNForum IT'S FREE!Today's lesson is on how to steal a domain name.....
Step 1. Find a high value domain name with an invalid administrative email address, preferably one that is not actively being used so that it won't be noticed.
Example: nigger.com, nigger.net, nigger.org (owned by NAACP)
Step 2. Note in the WHOIS that the admin email is thawley@BAWAVE.COM, which until yesterday was on a domain (BAWAVE.com) that had long expired and been deleted.
Step 3. Register the aforesaid domain name in Step #2. Oh my, some folks have caught on, as you can see the WHOIS for BAWAVE.com, freshly registered yesterday:
Registrant:
Nigger Inc spring888@hotmail.com +62.3189598
Hendra Gunawan
JL. Bengawan 56
Surabaya,Jawa Timur,Indonesia 60000
Domain Name:bawave.com
Record last updated at 2002-11-04 20:31:57
Record created on 2002/11/4
Step 3a: Ideally, make the registrant in step 3 very obscure, like in a far away land.
Step 4: Activate the domain in Step #3 so that email is working, namely the email address in Step 2.
Step 5: Initiate a transfer request, and accept using the email in step 4.
Step 6: Enjoy
Given the NAACP's inability to fix the problem (I emailed them about this months ago), I acquired a SnapBack, in case someone tried to take the name. I imagine now that the process is unveiled, someone at Verisign (Chuck?) or at ICANN will do something.....(maybe someone in Washington, DC can give the NAACP a call, or something....
George Kirikos
Home Page
it's a well known method and it's pretty annoying that the owners of the stolen domains often don't care..
maybe it should be legalized..
George, I guess I'm wondering why you'd pay $69 for a snap but not $8 to register BAWave.com yourself?
Current inventory: Duvs.com for sale$500$400 ~ RE4.com for sale$500$400
Send me a private message
Honour.![]()
George Kirikos
Home Page
(I had already paid for some SnapBacks previously, so the actual cost was zero; if NAACP reads their email, they could have avoided making it such a tempting target, as I warned them months ago, to no avail)
George Kirikos
Home Page
You might want to notify Verisign, although they could probably care less too.![]()
Current inventory: Duvs.com for sale$500$400 ~ RE4.com for sale$500$400
Send me a private message
Yes, verisign will need you to fax all that info to them - unless you want priority processing, which will cost $30. ;-)
Yes, I hate the way they move. Interesting post though. I didn't realize this type of action was available.
-WC-
I posted it on the DNSO GA mailing list (cc'd to Verisign and ICANN), and also to ICANNWatch.com, so somebody should get the message.
NAACP will get the name back, if it's stolen, that's for sure. Those thieves give the rest of us a bad name, though. Would be nice to nail one of them.
George Kirikos
Home Page
You know, you can do this with IP address blocks as well.
Check out the IP address block in which cubaweb.cu, along with a bunch of Cuban government websites, is located.
Then, check out the whois for the domain name registration corresponding to the contact email address for that IP address block.
Cigars, anyone?
John Berryhill Ph.d., esq.
John-AT-johnberryhill.com
Please do not send private messages via dnforum.com, email me directly.
Update -- admin emails now fixed
Kudos to Richard Lau of MyDomain.com, for helping to get this fixed. The NAACP has updated the admin email of the domains at risk, so that they can't be hijacked the 'easy' way.
Hopefully this is a lesson ICANN and others can learn from, in formulating policy regarding accurate WHOIS (scrubbed to fix data errors, to protect innocent registrants) and transparent WHOIS (to make it harder to commit cybercrimes, the average person can identify a crime that might be about to happen).
George Kirikos
Home Page
If I had detected this, I would have spent $6.95 and registered the deleted name. Then after I hijacked the names I would contact the NAACP and say, see I told you so. Maybe they would pay a reward. If not, I'm only out $6.95.
Hahahahahaaaaa... that's not stealing, that's getting a name from someone who deserves to lose it.
If a man will begin with certainties, he shall end in doubts; but if he will be content to begin with doubts he shall end in certainties. Sir Francis Bacon
What are you doing checking those domains (nigger.com, nigger.net, nigger.org ) anyway:?Originally posted by GeorgeK
Today's lesson is on how to steal a domain name.....
Step 1. Find a high value domain name with an invalid administrative email address, preferably one that is not actively being used so that it won't be noticed.
Example: nigger.com, nigger.net, nigger.org (owned by NAACP)
![]()
I prefer the old fashioned way: Force the guy to change the registration at gunpoint, then shoot him.Today's lesson is on how to steal a domain name.....
Never mind, what was I thinking?
(i'm giving away my best domain name strategy secrets)
How to steal a domain name??
Get a job at NetSol...
Just transferred Yahoo.com to my account. Thanks for the advice George.![]()
I actually came across something like this the other day. I found a domain that had expired, and was used in the admin contact for a VERY large company. I sent them an email explaining what I found, and how they can fix it. I told them that they have a huge security problem that they should be aware of.
Sure, I could have registered that expired domain and stole their company domain from networksolutions, but I live in canada, doh. No, really though, I wouldn't want something like that to happen to me, and I would hope someone would contact me if I was in that situation ( However I doubt I would ever be in that situation).
RMF
Didn't we all look up naughty words in the dictionary as a kidOriginally posted by Nic
What are you doing checking those domains (nigger.com, nigger.net, nigger.org ) anyway:?![]()
?
I think it's human nature.
If I was to change a hijacked domains ownership, to my actual (non-fraudulent) personal info. And sold it. What's the worse thing that could happen?
Bookmarks