More stolen domains: bo.com, pu.com, jy.com, showroom.com, samantha.com

[GeorgeK]

I received an email this morning offering:

bo.com
pu.com
jy.com
showroom.com
samantha.com

for $300K.

All had recent WHOIS changes, changing registrars and admin emails. I contacted the true owner by phone (using the WHOIS history), and they were definitely stolen, and he's now in the process of recovering them.

[Acro]

Wasn't bo.com on eBay recently?

Seems that the thief parked samantha.com and showroom.com on sedo (traffic is low, gotta love those "generics" )
The email jymbarnes @ gmail seems to be fake.

[GeorgeK]

Yes, it was on eBay (not authorized by true owner). But, now the thief has control of the names.

[DomainMagnate]

Now that really wakes me worry. I've set all my domains whois to an email on my domain and installed roboform.. luckily I don't have any 2 letter .com

~MG

[GeorgeK]

It's generally not good practice to have the admin email of a domain be on the same domain name (e.g. if you own example.com, don't use me@example.com as the admin). If you lose control of the domain name by various other means, the thief automatically controls the admin email, and thus the WHOIS and WHOIS history will show an unbroken chain of the admin email address not changing. If your DNS or Hosting goes down (think major DDOS attack or something), your email will go down to the domain, and you'll then have issues to legitimately transfer it by responding from the admin email.

[Gerry]

Any idea how someone is getting control of these rather than assumptions?

Where were these registered?

Is it something that the true owner failed to do?

It would be great if you could shed some light on this.

These are some serious issues that we all need to be made aware of.

[GeorgeK]

I also submitted info to sedo (maybe more than one person should, so that they don't miss it), advising them that the names are stolen, and not to resell them to innocent victims.

[jdk]

BO.com ended at $300k on eBay the other day

[TheLegendaryJP]

Maroulis bid $300k to keep anyone from winning it so no it didn't sale to anyone.

Shame to hear the theif also got control of it and others. The owner seemed like a nice guy , wonder if he even knew he had been hacked yet ?

[Adam Dicker]

It's generally not good practice to have the admin email of a domain be on the same domain name (e.g. if you own example.com, don't use me@example.com as the admin). If you lose control of the domain name by various other means, the thief automatically controls the admin email, and thus the WHOIS and WHOIS history will show an unbroken chain of the admin email address not changing. If your DNS or Hosting goes down (think major DDOS attack or something), your email will go down to the domain, and you'll then have issues to legitimately transfer it by responding from the admin email.

George,

How do you reccomend we setup the whois on our domains if we don't tie it to one we own?

I am open to any good security measures.

Thanks for the info!

Ok, just re-read your post, just not same admin as domain.

Thanks,

-=DCG=-

[Andrew Shaw]

This would be a good time for anyone who hasn't done so...

1. In excel, notepad, or word... Make a list of domain names you own. If you own domain names in different registers, be sure to be specific. Make note of expiration dates, and when they were registered... THIS IS IMPORTANT.
   
2. Though it may take hours... Dont save your personal information in your email, especially if you have freemail. (Gmail, hotmail, yahoo, etc...)
   
3. If your email provider allows you to, export your email's, invest in a $20 flash drive, and store them there.

As everyone knows, every domain name in every register I own was hijacked about a week ago. A week before it happened, I had compiled a list of all the domain names that I own.

A lot of times, Hijacking is caused by hacking of your email account. A basic keylogging virus will get the hacker direct access.

If your email account is hacked. The list of domain names, registers, expiration dates and register dates will give the registers the information needed to do their investigation. Unless you have a really good memory, your domain names need to be recorded by other ways besides your email and register. Your register can simply take that list, and freeze those specific domain names untill they look into the matter further. From what I understand, registers cant look into your account and see which domain names have been pushed out, but thats just based on my conversations and experience with my issue. If you can contact your register and tell them "these 127 domain names have been pushed from my account without my authorization, they were registered on... and were not set to expire untill...." your chances of getting those domain names back are a lot higher.

Registers get a lot of emails from customers that accidently let there domain names drop. Letting them know right off the back, when your domain name was registered, and when it was suppose to expire, will seperate your email from those.

By exporting your emails, even if your email account IS hacked... You will rest easy knowing that your true personal information is safe in your pocket. If your email provider doesnt allow you to export your email's... I would suggest creating a seccond email account, and forwarding all personal emails there. Remember to delete your "sent box" after. Make sure your seccond email account IS NOT associated with your whois, or posted on any other public forums.

My domain names were registered in 3 seperate accounts. Based on my experience, here is what you should do if for any reason you have a hijacking issue.

If your domain names are hijacked from GoDaddy: You will need to contact undo @ godaddy.com. Calling godaddy will only waste time, as they will tell you to do the same. This is where the information you logged in excel, notepad or word will come in handy. They will want to know when the domain name was created, and when it was set to expire... for the reasons stated above. Mark your email as URGENT. If they take more then a day to respond to your email, Email them again... Let them know that if they cant do something about your issue today, you will need to talk to Bob Parsons directly. Mark all emails as URGENT.

Domainsite: Email Jennifer @ domainsite.com, include all information above. Then call Domainsite's number at 303-459-6012, push 4 for customer service, and ask for jennifer. If she isnt available... you should explain your situation to whoever answers. Make sure you tell them you have a list of all information needed if they would like you to email it to them. Mark any emails as URGENT.

Moniker: Email support @ corp.moniker.com with the above information, then call 1-800-688-6311 and explain your situation. If you dont get a reply within 2 days, email them again, and insist that if they cant help you today, you would like to speak with Monte.

[Argie]

Thanks Andrew. Very good information. Thanks for share.

[Giode]

Is it normally this bad and usually goes unnoticed, or are these thefts on the drastic increase? With FastFood.com, Story.com, NewsPaper.com, and a few others being found stolen last week, our premium domains are looking more at risk than ever!

I know lately I have been getting a few suspicious emails. All you need to do is click on a link or reply to an email and the recipient has your ip address, which is the raw foundation to hacking ones computer. Granted you didn't have a strong firewall. Personally, I have made all my passwords the maximum length possible. Now, if I can only remember what it is......

[EJS]

Are there any email providers that allow you to get a password fob that changes every 60 seconds? I think Paypal just offered this for $5/each, but it would be great if some other services offered this.

[-ET-]

He also stole stl.net from which he gained access to five other premium domain which was mentioned above.

[Andrew Shaw]

Bump

[Domainmaster]

Great thread even though it scares me a bit.

George K. brings up a good point I never thought too much about. I've used several different admin emails in the past but was in the process of consolidating them. Now I'm thinking that might not be such a good idea.

Which email addresses would be the best for admin. email purposes?

[Dave Zan]

Which email addresses would be the best for admin. email purposes?

The one you have full control over and consistently protect.

Grudgingly, one thing I like about Netsol (cough cough) is they let you assign
2 sets of contact data: one for the WHOIS and a second for your account. I
confirmed with a few of their reps the WHOIS one doesn't necessarily provide
your actual login information (yet still complies with the WHOIS thingie) if you
put in a different set within.

I did this with my one remaining domain name with them. It shows one set of
contact data (including a throw-away email address), yet my account has a
different one inside.

[Bashar]

http://blog.domaintools.com/2007/09/...tolen-domains/

UPDATE: Here are some more stolen domains:

* Newspaper.com
* FastFood.com
* Right.net

[jberryhill]

Grudgingly, one thing I like about Netsol (cough cough) is they let you assign
2 sets of contact data: one for the WHOIS and a second for your account.

Dave, the account email can be readily determined by a minor security bug.

If you want to know the actual account email for a domain name at Netsol, as opposed to the admin contact email, you use the "lost userid or password" function at the Netsol login.

You then identify the domain name.

And, here's the boneheaded part, Netsol then asks you which method you want to use to retrieve or reset the password. Among the options it lists is "send an email to <the account control email address>"

And, before you rag on me about posting that, any hi-jacker knows this (the feature has useful purposes as well, particular where the domain name is owned by an organization, and nobody remembers whose email was being used). Accordingly, it's better that you know it too, in case you were relying on security through obscurity.