If you are new to domains and looking to buy, sell and learn about domains then you have come to the right place. DNForum is the largest domain name community on the internet and continues to grow every day. There are over 105,000 domainers on DNForum doing everything from buying domains, selling domains, learning about domains and discussing domains. Take a minute and Register.
Register Today on DNForum IT'S FREE!
somebody got into both of his servers last night and deleted everything, backups, sites, everything off both
then his most profitable site myrwawr.com has been directed to a copy of the site on another server, looking exactly the same except the adsense publisher ID has been changed to the hackers.
looking at whois it seems to have transferred some time ago, from domainsite to enom.
This is a pretty big blow for him as this is his full time job and he nor I am really not sure which route to go down as if i remember correctly registrars never help.
Any help anybody?
So the domain has been hijacked too ? Which registrar ?
I hope google will help identify of the thief based adsense id.
NameNewsletter.com - free lists of available domain names
ZoneFiles.net (beta) - ccTLD and gTLD droplists
myrwawr.com is not a registered domain name.
What you are describing does not appear to be a domain name issue unless, as noted by sdsinc, the domain has been hi-jacked also.
Breaking into a web server and taking control of a site is a separate issue.
Many registrars can be extremely helpful if you (a) can be specific about what is the problem and (b) are correct about what is the problem. Quite often, registrars have to deal with questions and problems that don't have anything to do with the domain name or are otherwise the result of incorrect information and/or misguided domain registrants.if i remember correctly registrars never help.
For example, in your post above, you identify a domain name that does not exist and describe a problem that is not a domain name problem.
I'm not saying your brother doesn't have a domain name problem, but if he does, you haven't described what it is yet.
John Berryhill Ph.d., esq.
John-AT-johnberryhill.com
Please do not send private messages via dnforum.com, email me directly.
Ah sorry, main domain is:
# Myrawr.com
but hes told me other domains have gone too, I will find out what they are asap.
the thief has taken copies of the website content before deleting the origionals and backups off 2 servers, he/she seems to have transferred the domain last month, and has gone un-noticed until today when my brother found all files deleted and was going in to change the nameservers when he realised they werent there! Upon closer inspection of the websites, the thief has just changed the adsense publisher ID (to their own im assuming), Google have allready been contacted about this, aswell as the registrars, but im assuming the registrars will do nothing about this?
Any ideas anyone?
Just found this posted on another forum were my brother posted:
Now, if i remember rightly, a namepros member runs scribbytech.net, unfortunately I cannot contact him as my account over there is closed, could somebody ask him to read this post over here and email me at paul rogers 250 @ gmail . com (without spaces), I would like to know who owns that Hosting account if it is infact hosted on his server.Which leads to:
IP address [?]: 208.110.69.34
IP address country: flag United States
IP address state: Missouri
IP address city: Cameron
IP postcode: 64429
IP latitude: 39.734001
IP longitude: -94.222900
ISP [?]: WholeSale Internet
Organization: WholeSale Internet
Host: server.scribbytech.net
Local Time: 2007-08-27 08:55
scribbytech.net - is up and running..
Last edited by MrDude; 08-27-2007 at 01:15 PM. Reason: Automerged Doublepost
Sent a pm to user 'scribby' over on np.Originally Posted by MrDude
24.184.57.25 2007-08-07 08:03:39 success
24.184.57.25 2007-08-07 11:04:24 success
24.184.57.25 2007-08-08 01:01:55 success
24.184.57.25 2007-08-08 02:58:24 success
Login history on domainsite for the hijacker
optonline.net cable modem...dynamic IP. you never know if it was really the hijacker or the hijacker used ool-18b83919.dyn.optonline.net [24.184.57.25] as a proxy. that's what sucks about this
you need some experts to think this through and get a logical approach. however, not very smart to talk about strategy on a forum where the hijacker can possibly be reading and plan ahead to cover any tracks.
Yah... you need to be clear and specific about the facts.Any ideas anyone?
Putting aside the question of the servers for a moment and concentrating on the domains...
You refer to "registrars". Is there more than one registrar involved, how? At what registrar was the domain name registered? Does your brother still have access to that registrar account? Is the domain name in that account?
I get the impression that there are two things being conflated here, when only one thing might have happened. Or... both things might have happened, but that seems a bit odd.
John Berryhill Ph.d., esq.
John-AT-johnberryhill.com
Please do not send private messages via dnforum.com, email me directly.
so far 5 domains have been taken
they were taken from the domainsite.com account and transferred over to the hijackers namecheap account, there were 4 gone today and a 5th one went a few hours ago so I called domainsite up for him and had them put a hold on all domains, but they cant do anything about the domains allready gone.
The hijacker has the full myrawr.com site up, including databases, and the only change being their google adsense publisher ID, this is the first time i have seen anything like this, the whole domain and website stolen!
Oh.. it happens....
http://www.arb-forum.com/domains/decisions/1008008.htm
Do you think you could at least list the domains and BE SPECIFIC about what happened when?so far 5 domains have been taken
You left two questions up there unanswered.
There's a reason I ask....
This is my last try to find out exactly what happened. If someone else wants to pick up here, feel free....
In the meantime, your brother needs to quit using that hotmail email address for his domains, and I assume he has already changed the password (using an UNcompromised email address) on the Domainsite account, yes?
I'm also guessing that he used the same password and/or email account for the Hosting account yes?
Last edited by jberryhill; 08-27-2007 at 08:32 PM.
John Berryhill Ph.d., esq.
John-AT-johnberryhill.com
Please do not send private messages via dnforum.com, email me directly.
And (c) are being polite, although that's also a challenge for some.
MrDude, better start talking to the registrars involved if indeed any of their
registration details have been recently changed. And as John said, be correct
and specific about the problem.
However, I'll also add that some registrars will want to work with those whom
they're able to verify as having been originally listed on the domain names. If
you weren't but your brother was, they'll probably want to deal with him.
Vidi, Vici, Veni!
Well, there's always that, too.If
you weren't but your brother was, they'll probably want to deal with him.
John Berryhill Ph.d., esq.
John-AT-johnberryhill.com
Please do not send private messages via dnforum.com, email me directly.
wow its been a while since I've been here!Your password is 692 days old, and has therefore expired.
I've had 2 namepros members contact me regarding this thread, sadly I cannot be of any help as I no longer own the server in question, I would recommend contacting wholesaleinternet.com as they own the server.
Posting Permissions
View Profile
View Forum Posts
View Forum Threads
View Friends
View Blog Entries
Reply With Quote
Bookmarks