InDigitalWorks.com - UNOTHORIZED DOMAIN NAME TRANSFER - PLS HELP!

105 replies
My name is GoranZinic. Some of you know me as the owner of Indigitalworks.com.

On February 22nd, I became a victim of huge Internet fraud, which I would like to share with you.

Domain name IndigitalWorks.com and entire website have been hijacked and transferred by a scammer.

Indigitalworks.com is currently under control of scammer, who managed to transfer everything, including the domain and all the content.

His name is Ahmad Rashid Mohammed, based on the current IndigitalWorks.com WHOIS.

On the first day of the fraud, InDigitalWorks was redirected to 7plr.com, so they are probably involved too.

I have contacted Onlinenic.com (my registrar) but they were very uncooperative and unwilling to help.

In the last few months my Gmail has been hacked several times. After the domain has been transferred I found out that all my online accounts have been hijacked... Twitter, Facebook, Hosting and many others, including Onlinenic.com.

Onlinenic checked the log files and said that domain has been transferred from IP 65.49.14.89, which wasn't my IP. This didn’t solve anything... even if Onlinenic account has been hijacked, they can’t do anything (or don't want to). They refuse to investigate any further or offer any kind of help. Onlinenic is great when you need to buy a domain and send them money, but when you have a problem, they don’t want to listen. If you care about your business, you should AVOID ONLINENIC. Hope this post will urge you to protect your own domains and your business.

After I asked them about the details of the person who owns the domain now, I received the following answer:

“Regarding the information you're asking for, you can refer to http://who.is/whois/indigitalworks.com/

And that’s all… The Whois to which they referred has incomplete information, which is in direct violations to ICANN policies. Not just they refuse to help, but they don’t want to tell the information of the domain name owner. Although OnlineNIC is under ICANN, they don't follow their policies. Be aware of this if you’re using, or planning to use their services.

Since they refuse to investigate such obvious fraud, I have no other choice but to suspect that Onlinenic.com, or some of their employees, could be involved in this act of unauthorized domain transfer.

I have contacted some lawyers in Dubai, the country where the hacker is from, based on the WHOIS information and come to the conclusion that I will need to hire a private investigator first to see if this person even exists, before taking any legal steps.

Does anyone have any suggestions? I and a team of many dedicated freelancers have worked very hard over the past five years to build this site. Without them IndigitalWorks.com would never have succeeded. We’re all working hard on creating a new site, but all our efforts were wiped out in one day.

I know there are warriors here who have lots of knowledge about Internet thieves, and I hope that some of you can help.

Thank you,
Goran

P.S. I also hope that my situation will help you to better protect your business before it’s too late.

---------------------------------------------------
UPDATE:

I apologize to all InDigitalWorks members for not warning them on time about this issue. Scammer has deleted our members database, right after he transferred a domain...

New website is finally setup and we’ve managed to restore the database. Due to huge number of products, it took little longer than we thought. We will continue to do business like nothing happened (although it will be hard). Website will be updated with new products every day, same as it was indigitalworks.com.

Until we resolve this issue our new temporarily URL is www.idplr.com.

Thank you,
Goran
#domain #indigitalworkscom #pls #transfer #unothorized
  • Profile picture of the author wizzard74
    Did you set up domain locking or anything like that to prevent the transfer from happening?
    Signature

    You don't want to click here --> Richard Arblaster

    {{ DiscussionBoard.errors[5695863].message }}
  • Profile picture of the author Goran Zinic
    No.. unfortunately. I really wasn't aware that stealing a domain is so simple...
    Signature
    I will promote your business to my 100,000 members for free. Find out more
    Find out more
    {{ DiscussionBoard.errors[5695887].message }}
  • Profile picture of the author rosetrees
    I assume you have proof of all this. Start by contacting their payment processor to get their account closed.

    You might consider contacting google to see if they will de-index the site until you can get it back.

    OnlineNIC are still listed as the registrar. A strongly worded attorney's letter to them might help.

    Look up Brian Kindsvater. He's a fellow Warrior and internet attorney. He's the one to give you proper advise.
    {{ DiscussionBoard.errors[5696593].message }}
  • Profile picture of the author vivi62
    does this mean he has payment details of all your customers as he could try to use them frauduently also,you may also be able to get them to help you in your quest to get your site back if they are also at risk.
    regards
    vivi62
    {{ DiscussionBoard.errors[5696785].message }}
    • Profile picture of the author Goran Zinic
      Originally Posted by vivi62 View Post

      does this mean he has payment details of all your customers as he could try to use them frauduently also,you may also be able to get them to help you in your quest to get your site back if they are also at risk.
      regards
      vivi62
      No. There's nothing to worry about. Indigitalworks never stored any kind of payment details.
      Signature
      I will promote your business to my 100,000 members for free. Find out more
      Find out more
      {{ DiscussionBoard.errors[5703779].message }}
  • Profile picture of the author Des Lau
    Wow, scary stuff, really hope you get your site back and karma brings what's coming for that scum!
    Signature
    -----------------------------

    {{ DiscussionBoard.errors[5696819].message }}
    • Profile picture of the author The Real Deal
      Hi Goran,

      Let me first tell you how sorry I am to hear about what has happened to you. I know your website well and I can only imagine that this is a huge blow for you...

      The first thing you need to understand is that this is not the right forum to get help. No offense to the people on WF, they are awesome, but if you want to try and get help with this you need to speak with professional domainers. The best forum for this when it comes to .com domains is IMO: Welcome to DNF.com

      Although you might get some good advice from a forum, (and no harm in making a post), I would strongly suggest that you get a US attorney involved ASAP. I would recommend John Berryhill. You can find his contact details here: John Berryhill
      Although I have never hired him personally I have followed him on DNforum for years and he seems very knowledgeable.

      I have around 2300 domain names and I have in the past gone through the same thing you are now experiencing, and I can give you some information from what I gathered at the time, (but I can't promise that it is still accurate). Unfortunately it is not good news.

      I noticed from the Whois history of indigitalworks.com that you from Croatia. I therefore assume that you don't have a US trademark registered for Indigitalworks? That would make the recover process far easier as you could simply initiate a UDRP dispute (Uniform Domain Name Dispute Resolution Policy). However, in the absence of a trademark this will unfortunately be very hard, despite the fact that you are victim of a fraud. You might want to have a quick look at this thread: Using the UDRP to Recover Stolen Names

      Your best bet IMO is to either try to work with the registrar, or alternatively get John Berryhill or another lawyer specialized in domains to threaten the registrar with a lawsuit, (assuming they are based in the US). I am not a lawyer but I would think that if you present the registrar with indisputable proof that you are the legitimate owner, you could make a strong argument that they will be liable for the losses that you incur if they refuse to assist in the recovery.

      You mention that the registrar is being uncooperative, and it is so unfortunate that people don't seem to understand the importance of holding valuable domains in locked account with an ICANN approved registrar that you can really trust. There are many people, (myself included) that have lost domain names through Godaddy and still people here recommend them to newbies so they can save a couple of bucks... They do this based on the fact that so far everything has worked fine for them with Godaddy, but ignoring the huge number of people who have had terrible experiences with them. Anyway, I didn't mean to go off on a rant, this thread is not about Godaddy! :rolleyes:

      I haven't looked into your registrar to see if they are even ICANN approved, but if you feel that you can't afford an attorney your next best option would be to contact ICANN directly and ask them for advice on what to do.

      If you were living in the US I would also advice that you immediately report it to the Internet Fraud Complaint Center at the FBI, Internet Crime Complaint Center (IC3) | Home but I don't think that is feasible for you. However, you should probably still report it to your local police department in Croatia.

      You should also try to gather all possible information you can that proves you are the legitimate owner of the domain name. This will come in handy in the future as you will have to prove your claim regardless which route you take.

      I really wish I could give you some more definite advice that would help you get the domain back quickly, but all I can say is don't give up!

      I wish you the best of luck!
      {{ DiscussionBoard.errors[5697203].message }}
      • Profile picture of the author The Real Deal
        I just did some quick research on Onlinenic Inc and although they are a large registrar they do indeed have a bad reputation...

        Apparently they are based in China and a lot of people are having problems dealing with them. Here are a selection of posts:

        onlinenic.com refuses to send me login codes

        OnlineNIC.com anyone else have problems???

        Verizon awarded $33 million judgement against registrar OnlineNIC

        The only good news is that they are an ICANN accredited registrar, so technically they should follow ICANN rules...but obviously it seems that they don't. However, since they have apparently been in trouble with ICANN in the past, see this announcement: ICANN | Advisory: OnlineNIC Transfer Issues Resolved they may become more helpful if you explain to them that unless they assist in recovering your domain name you will get a lawyer who will bring a formal complaint to ICANN. Not sure how much that would help, but it could be worth a try...

        Another worrying thing I noticed is that they are also the registrar for the domain name 7plr.com and I agree this looks highly suspicious. My first thought was that the thief might just have re-directed the domain name to another PLR company with an affiliate program, but it doesn't look like 7plr.com has an affiliate program. The domain name is also registered in the Arab Emirates just like the thief that stole it, which is unlikely to be a coincidence!
        {{ DiscussionBoard.errors[5697332].message }}
  • Profile picture of the author sbucciarel
    Banned
    Without a lawyer or some help from the registrar, it might be difficult to get it back. It was unlocked and you were most likely hacked so the transfer appears normal to the registrar. John Berryhill is a very sharp IP lawyer and kindsvater also, and he frequents this forum. I don't know if they can handle a case based in Croatia or not, but you might get some advice.
    {{ DiscussionBoard.errors[5697306].message }}
  • Profile picture of the author onegoodman
    Domain registrar probably would n't be able to provide you much help.

    If this guy is putting these information on who.is and you can confirm its correct, you will need to hire a lawyer in Dubai.

    You have emails and receipts paying for that domain and prove your ownership for the domain.

    If your computer still infected and the information is going forward to him. I would suggest to contact a computer forensic agency (it will cost you $$$$$)

    Upon my knowledge UAE, has rules for online crimes. If you can prove he did steal you domain, you can get your domain back and get him locked up for online crime.

    This is costy, but i see the website ranked 18k worldwide in alexa, so i do assume it make some good $$$$$
    {{ DiscussionBoard.errors[5697740].message }}
    • Profile picture of the author Goran Zinic
      Originally Posted by onegoodman View Post

      Domain registrar probably would n't be able to provide you much help.

      If this guy is putting these information on who.is and you can confirm its correct, you will need to hire a lawyer in Dubai.

      You have emails and receipts paying for that domain and prove your ownership for the domain.

      If your computer still infected and the information is going forward to him. I would suggest to contact a computer forensic agency (it will cost you $$$$$)

      Upon my knowledge UAE, has rules for online crimes. If you can prove he did steal you domain, you can get your domain back and get him locked up for online crime.

      This is costy, but i see the website ranked 18k worldwide in alexa, so i do assume it make some good $$$$$
      Thank you for info about computer forensics. I don't use any of my laptops any more... I will wait for some other solutions to come up before taking these steps.
      Signature
      I will promote your business to my 100,000 members for free. Find out more
      Find out more
      {{ DiscussionBoard.errors[5703797].message }}
  • Looks like they got into your hosting control panel beforehand, or are damned fast - your previous links are not 404'ing, all content seems correct (I didn't see your site before) so these guys are sophisticated.

    I'd agree with the suggestion of talking to domainers & lawyers. Maybe private investigators too, depending on your budget. One thing to be aware of - they are smart - might even be reading this thread - don't give away too much about what your plan of action is.

    Update: You could ask the host to take it down on the basis of it being copyrighted materials

    Hosting: Hetzner Online AG host the domain indigitalworks.com
    IP Address: 176.9.108.206
    Name Servers: ns1.7plr.com, ns2.7plr.com
    {{ DiscussionBoard.errors[5697855].message }}
    • Profile picture of the author bcbr8r
      Goran, really sad to hear what happened. As a customer I know your site very well.

      Originally Posted by AMcDermott View Post


      Hosting: Hetzner Online AG host the domain indigitalworks.com
      IP Address: 176.9.108.206
      Name Servers: ns1.7plr.com, ns2.7plr.com
      Hetzner Online AG is a german based hoster located in Gunzehausen

      Stuttgarter Str. 1
      91710 Gunzenhausen
      Deutschland

      Tel.: 09831/610061*
      Fax: 09831/610062

      If you contact them and explain them what happened I'm sure they will help you and shut down or freeze the hosting account.

      If this not helps you may file that case to the german police and they can investigate that further.

      I'm from Germany and can help you with that if you want.

      In the end the bad guys will go to another hoster, but they have lot's of work with that and they should see a big crowd is following them and they can't escape that easy.

      Best wishes & fingers crossed!
      {{ DiscussionBoard.errors[5775612].message }}
  • So what is the status of your website currently? It appears to be up and operating but is still registered to someone in Dubai? You may want to make an effort to let your customers know that it is either safe or still dangerous to access your site. Since last post was on Thursday and in that post it stated it would be up and operating the next day. After reading about this I did go to your website and was redirected to a host gator cpanel login page which is based in the States. Something smells very fishy about this. Sounds like someone may have just taken their customers money and ran with it??? Claiming domain name highjacking to some fake name in Dubai and then laughing all the way to the bank. There was a time when the domain was being redirected to 7plr.com. Bottom line worry about your customers first then get the legal issues under wraps.
    {{ DiscussionBoard.errors[5703371].message }}
    • Profile picture of the author Goran Zinic
      Originally Posted by digitaldownloadguy View Post

      So what is the status of your website currently? It appears to be up and operating but is still registered to someone in Dubai? You may want to make an effort to let your customers know that it is either safe or still dangerous to access your site. Since last post was on Thursday and in that post it stated it would be up and operating the next day. After reading about this I did go to your website and was redirected to a host gator cpanel login page which is based in the States. Something smells very fishy about this. Sounds like someone may have just taken their customers money and ran with it??? Claiming domain name highjacking to some fake name in Dubai and then laughing all the way to the bank. There was a time when the domain was being redirected to 7plr.com. Bottom line worry about your customers first then get the legal issues under wraps.
      Unfortunately, it's the same as on the beginning of my post. While I was posting on facebook I didn't knew they stole the whole website... I found this later when I saw it installed on their server. This has made things more complicated...
      Signature
      I will promote your business to my 100,000 members for free. Find out more
      Find out more
      {{ DiscussionBoard.errors[5703941].message }}
  • Profile picture of the author Goran Zinic
    Thank you for all the information’s you provided. Some posts were very useful. I can't disclose which currently. If anyone has some more info to share, I would be very grateful... Thanks
    Signature
    I will promote your business to my 100,000 members for free. Find out more
    Find out more
    {{ DiscussionBoard.errors[5703960].message }}
  • Profile picture of the author GerryMedia
    Hi Goran!

    I have a huge cache of domain names and your story alarmed me, since I use gmail too.I actually will not use gmail anymore for my business accounts. I can't imagine such a thing can happen to a big website like indigitalworks. From what I perceive of your site, it's a major player in the PLR field.

    So you think it's not even safe to visit indigitalworks.com now? I won't trust an hijacked website run by hackers and thieves.

    All the best in your quest for justice... I'm watching this thread.
    Signature

    I.M. ControlPanel - See why this online software is your key to success!
    Lifetime Membership WSO

    Learn. Take Action. Learn. Teach.
    {{ DiscussionBoard.errors[5704001].message }}
    • Profile picture of the author Goran Zinic
      Originally Posted by GerryMedia View Post

      Hi Goran!

      I have a huge cache of domain names and your story alarmed me, since I use gmail too.I actually will not use gmail anymore for my business accounts. I can't imagine such a thing can happen to a big website like indigitalworks. From what I perceive of your site, it's a major player in the PLR field.

      So you think it's not even safe to visit indigitalworks.com now? I won't trust an hijacked website run by hackers and thieves.

      All the best in your quest for justice... I'm watching this thread.
      I suggest you not to store any kind of such data in Gmail!

      Indigitalworks.com is still not under my control, it's run by thieves currently. I wouldn't say it's unsafe to visit but I suggest you not to do anything more than that, like signing up.
      Signature
      I will promote your business to my 100,000 members for free. Find out more
      Find out more
      {{ DiscussionBoard.errors[5705503].message }}
  • Profile picture of the author ginngoh
    Hi Zinc

    I m one of yr lifetime membership for last 2 years.

    Everytime visited your site - knows how much efforts u been putting in and your are indeed keeping up the site so regularly...

    Pls keep it up and let us know if u do transfer your site to another domain though we hope u r able to get back the domain.

    Warriors - is there anyone there could at least give a words on which domain providers who are reliable, especially in situation like this ?
    {{ DiscussionBoard.errors[5704028].message }}
    • Profile picture of the author The Real Deal
      Originally Posted by ginngoh View Post

      Warriors - is there anyone there could at least give a words on which domain providers who are reliable, especially in situation like this ?
      About a week and a half ago I gave my recommendation on where I believe it is safe to hold your domain names: http://www.warriorforum.com/main-int...ml#post5639588

      The registrar that I recommend in that thread is based in Australia, which I believe can be an advantage in many legal situations. However, if you prefer to have a US based registrar I would recommend Moniker

      Apart from holding your domain name with an ICANN accredited and highly reputable registrar that you can trust you need to lock down your most valuable domains. By this I don't mean that they should simply be "locked" from being transferred, (which I am sure everyone does)!

      What I am referring to is that you should use some form "executive lock" that allows you to have two or three security questions that have to be correctly answered before any DNS changes or transfers of your domains can take place. That way, even if a hacker takes over your email account and computer he will never be able to either change the DNS of your domains or transfer them to another account.

      The registrar I recommended in the thread I linked to above goes even further. For high-value domain names, (or domains that host a valauble business like I am sure indigitalworks was/is) they allow you to set-up several security questions that you have to answer correctly to their management team over the phone (after identifying yourself) before any changes will be approved on those domains. This does add some hassle when you need to make changes but IMO it's a small price to pay when you are dealing with a 6 or 7-figure business...
      {{ DiscussionBoard.errors[5704143].message }}
    • Profile picture of the author Goran Zinic
      Originally Posted by ginngoh View Post

      Hi Zinc

      I m one of yr lifetime membership for last 2 years.

      Everytime visited your site - knows how much efforts u been putting in and your are indeed keeping up the site so regularly...

      Pls keep it up and let us know if u do transfer your site to another domain though we hope u r able to get back the domain.
      Thanks. I will announce immediately after we setup a new site... It should be very soon.
      Signature
      I will promote your business to my 100,000 members for free. Find out more
      Find out more
      {{ DiscussionBoard.errors[5705518].message }}
    • Profile picture of the author wvdploeg
      Originally Posted by ginngoh View Post


      Warriors - is there anyone there could at least give a words on which domain providers who are reliable, especially in situation like this ?
      Well, I would suggest: Always take a domain provider in your own country... since there is a big question about jurisdiction if the provider is in China, the thief in Dubai, ICANN in the USA and the original owner in Croatia...

      If the provider and the owner are in the same country, communication is much easier... and when you plan to sue them, you both talk the same legal language...
      {{ DiscussionBoard.errors[5736314].message }}
      • Profile picture of the author seegreatresults
        Goran, i am sorry to hear about this terrible situation buddy, i have been a member of yours for a long time...actually i used to be a competitor for a short time. Anyways, i have a good domain for your site that is proper that i would be willing to just transfer to you for free if it will help you out. i wont mention the name here, but the site and domain is actually just laying around right now as i havent had the time nor resources to build the site properly. Anyways, as i said, the domain name is relevant to your site and is keyword targeted, so if it will help you in any way, please let me know buddy..its yours my friend.

        Stephen
        {{ DiscussionBoard.errors[5773283].message }}
        • Profile picture of the author Goran Zinic
          Originally Posted by seegreatresults View Post

          Goran, i am sorry to hear about this terrible situation buddy, i have been a member of yours for a long time...actually i used to be a competitor for a short time. Anyways, i have a good domain for your site that is proper that i would be willing to just transfer to you for free if it will help you out. i wont mention the name here, but the site and domain is actually just laying around right now as i havent had the time nor resources to build the site properly. Anyways, as i said, the domain name is relevant to your site and is keyword targeted, so if it will help you in any way, please let me know buddy..its yours my friend.

          Stephen
          Stephen, thanks for your help, I appreciate that but I don't have time currently to start a new website... I will let you know after I resolve this issue. Thank you!
          Signature
          I will promote your business to my 100,000 members for free. Find out more
          Find out more
          {{ DiscussionBoard.errors[5773369].message }}
  • Profile picture of the author Lenny Winkle
    I realize this puts you in a terrible spot and wish you the best of luck. I'm also very curious to hear what you recommend for your customers?

    I signed up a little over a month ago and now it looks as if my subscription is worthless. What do you recommend? How will you take care of your customers?
    {{ DiscussionBoard.errors[5704112].message }}
    • Profile picture of the author Goran Zinic
      Originally Posted by Lenny Winkle View Post

      I realize this puts you in a terrible spot and wish you the best of luck. I'm also very curious to hear what you recommend for your customers?

      I signed up a little over a month ago and now it looks as if my subscription is worthless. What do you recommend? How will you take care of your customers?
      Regarding your purchase, there's nothing to worry about. If you want I will provide you a full refund. Just let me know.

      New InDigitalWorks site, but on different domain, will be setup soon so members will have access. We will also continue to run this site and supply it with new products, there won't be any difference..
      Signature
      I will promote your business to my 100,000 members for free. Find out more
      Find out more
      {{ DiscussionBoard.errors[5705552].message }}
      • Profile picture of the author PatriciaJ
        I can't offer any advice just want to say that I'm sorry to read what's happened to your site and I hope that you get it back. I feel really angry that some pi***ck can do this to somebody else and hope he gets what's coming to him.

        One little bit of help that I can offer is when you get the new domain up and running I will be happy to backlink to it on several of my sites. Blog about what has happened and send the new link to my list.
        {{ DiscussionBoard.errors[5705628].message }}
        • Profile picture of the author Goran Zinic
          Originally Posted by PatriciaJ View Post

          I can't offer any advice just want to say that I'm sorry to read what's happened to your site and I hope that you get it back. I feel really angry that some pi***ck can do this to somebody else and hope he gets what's coming to him.

          One little bit of help that I can offer is when you get the new domain up and running I will be happy to backlink to it on several of my sites. Blog about what has happened and send the new link to my list.
          Patricia, thank you for being so kind. I will let you know about a new domain, and make it up to you somehow...
          Signature
          I will promote your business to my 100,000 members for free. Find out more
          Find out more
          {{ DiscussionBoard.errors[5706084].message }}
  • Profile picture of the author YouJelly
    i feel you bro, it is very unlikely you are going to see your domain again.
    truth is truth.
    all bull**** aside, most of the options here are lame.
    your best option is to hijack it back, its gonna cost you.
    btw the name he used is an alias.
    its not his first hijack (given by his email which is also dummy mail, he used it before).

    how you gonna hijack it? start learning about the deep web.
    download "TORa" and start reading about the dark web. im not going to link you to places and dont ask for, what you looking for is there.

    btw, a small tip before paying any one on the deep web, ask them first to transfer it on thier name(obviously they will use an alias,same goes for ip and isp ) or a name you both agreed upon once he hijacked it, afterwards pay him or let him first transfer it on ur name, learn how to secure it more.

    where you hosting at btw? is it shared? dedicated?
    {{ DiscussionBoard.errors[5704122].message }}
  • Profile picture of the author andynathan
    Let me know when you start up again. I was on the site Friday and there were some irregularities that stopped me from purchasing a membership. Had no clue about this at the time. Interested when you get things running again.
    Signature

    Delighfully Inexpensive: The Scientific Formula For Profitable Blogging takes you step-by-step into how to create mind-blowing content that inspires your readers to learn more about your services.
    Scientific Formula For Profitable Blogging Link

    {{ DiscussionBoard.errors[5705654].message }}
    • Profile picture of the author Goran Zinic
      Originally Posted by andynathan View Post

      Let me know when you start up again. I was on the site Friday and there were some irregularities that stopped me from purchasing a membership. Had no clue about this at the time. Interested when you get things running again.
      Hi Andy, I will announce a new domain on this thread... Thanks
      Signature
      I will promote your business to my 100,000 members for free. Find out more
      Find out more
      {{ DiscussionBoard.errors[5706097].message }}
      • Profile picture of the author darren chow
        I have told Chris Wagoner,Computer Crime Investigator/ Data Forensics Specialist about your situation, and he can offer you some help.

        However, I cannot Pm you or post a link yet. So, how can i reach you?
        {{ DiscussionBoard.errors[5736040].message }}
  • Profile picture of the author kasher9
    Has the scammer locked the domain? If he hasn't, you can transfer it back, all these domain registrars are just about their own pockets and don't consider customer service at all. Unfortunately, they won't be much of help, I've had similar problems before, best thing to do is get a lawyer who works in corporate law and ask them to send a letter to the registrar, the only issue is if he hasn't hacked your account then you may be in a sticky situation because you don't have a case - you left it open to transfer dude... You need to contact law enforcement so that they can investigate the hacking side of things.
    {{ DiscussionBoard.errors[5706186].message }}
  • Profile picture of the author JohnSp
    Sorry to hear that, sir.

    Alright, you have an IP Address in your hands. It's 65.49.14.89

    I traced it and this guy used a proxy. (Obviously a hacker would try to hide his tracks)

    The ISP of this proxy is "Hurricane Electric". Proof: http://www.ip-adress.com/ip_tracer/65.49.14.89

    So you can contact them and see what you can do from there. Like if you will send them legal papers about your case they will most likely give the information you want.

    E.G. You can ask OnlineNIC the exact date + time the person did login and transferred your account. Then ask proxy's ISP (Hurricane Electric) for the IP address that used the proxy 65.49.14.89 at <date/time goes here>.

    Or just ask for the IP address that used the proxy and connected to OnlineNIC's website.

    If you have a new IP address on your hands now you should do your research (trace it etc) because it's most likely that it will be a proxy aswell.

    Good luck buddy.

    EDIT: I gotta go now, I added you on Skype though to speak later and help a bit.

    See ya.
    {{ DiscussionBoard.errors[5706927].message }}
  • Profile picture of the author Lloyd Buchinski
    The ip you mentioned seems to be an anonymous proxy.

    View information about 65.49.14.89 - Free IP Lookup

    That might give you something to work with. Not many people would use one for a legitimate purchase.

    Also, not the "OBFUSCATED IPs 1093733977 18273603161." Unfortunately they don't include the dots in them, so there is more than one possibility for each, but if all the digits match something that you manage to track down that might help too.
    Signature

    Do something spectacular; be fulfilled. Then you can be your own hero. Prem Rawat

    The KimW WSO

    {{ DiscussionBoard.errors[5708525].message }}
  • You may want to check your twitter account also.
    Since this was posted about 2 hours ago. You really should spend more time informing your customers as to what is going on right now. Get on your auto responder asap and send an email out to your list letting them know what is going on.

    SPECIAL OFFER valid 24Hr 3 Months Access - $67 $47 $37 1 Year Access - $147 $87 Lifetime Access - $297 $90 Coming from your twitter account? 2 hours ago.
    This whole thing just is reallllllly fishy. Since the previous post from your twitter account is a link going here?? Or has your twitter account been hacked now also?
    {{ DiscussionBoard.errors[5709243].message }}
    • Profile picture of the author Goran Zinic
      Originally Posted by digitaldownloadguy View Post

      You may want to check your twitter account also.
      Since this was posted about 2 hours ago. You really should spend more time informing your customers as to what is going on right now. Get on your auto responder asap and send an email out to your list letting them know what is going on.

      SPECIAL OFFER valid 24Hr 3 Months Access - $67 $47 $37 1 Year Access - $147 $87 Lifetime Access - $297 $90 Coming from your twitter account? 2 hours ago.
      This whole thing just is reallllllly fishy. Since the previous post from your twitter account is a link going here?? Or has your twitter account been hacked now also?
      I just checked twitter and you're right. It's been hijacked also like all my accounts. My twitter account is merged with Facebook so everything is published on twitter automatically. I have just submitted a dispute!

      Currently I don't have access to indigitalworks.com and I'm unable to send any emails until developers setup a new site.

      I truly apologize for everything what happened. I'm doing my best to resolve this issue!

      All I can do now is advise anyone not to purchase anything from indigitalworks.com.
      Signature
      I will promote your business to my 100,000 members for free. Find out more
      Find out more
      {{ DiscussionBoard.errors[5709389].message }}
  • Profile picture of the author YouJelly
    oh i see what he doing there... he is a smart fish...
    he actually taking his own website down due to low profits in recent times.
    (i got my sources and a pretty decent proof)
    he is making the last blow before he is done with that project.

    the "special offer" is obvious!

    lol stupid people gonna stupid...
    {{ DiscussionBoard.errors[5709457].message }}
  • Profile picture of the author Goran Zinic
    @AnnaM
    @You Jelly

    Is it coincidence that people who registered yesterday, and have few posts, are trying to offer "help" and some black hat methods to restore my domain?
    Signature
    I will promote your business to my 100,000 members for free. Find out more
    Find out more
    {{ DiscussionBoard.errors[5709562].message }}
    • Profile picture of the author YouJelly
      Originally Posted by Goran Zinic View Post

      @AnnaM
      @You Jelly

      Is it coincidence that people who registered yesterday, and have few posts, are trying to offer "help" and some black hat methods to restore my domain?
      hey, i never offered you helped!

      just told u a path u can take... which has nothing to do with me.
      i believe u can read, so how did u not get this?
      just google for "deep web" or "TORa"
      in simple words: its where u can meet or make contact with hackers.

      now the other user above does sound like a scam.
      {{ DiscussionBoard.errors[5709850].message }}
  • Profile picture of the author sbucciarel
    Banned
    I'm sorry. As this thread progresses, it seems more and more unbelievable that:

    1. You kept your domain unlocked and that your email was hacked numerous times without you changing all passwords and making them very strong.

    2. Not only did they get your domain ... and I know that has happened before, but they also got your hosting account, Twitter, Facebook and who knows what else.

    Can you explain how this happened? If nothing else, as a pointer for others to avoid the same type of thing.
    {{ DiscussionBoard.errors[5712013].message }}
    • Profile picture of the author Goran Zinic
      Originally Posted by sbucciarel View Post

      I'm sorry. As this thread progresses, it seems more and more unbelievable that:

      1. You kept your domain unlocked and that your email was hacked numerous times without you changing all passwords and making them very strong.

      2. Not only did they get your domain ... and I know that has happened before, but they also got your hosting account, Twitter, Facebook and who knows what else.

      Can you explain how this happened? If nothing else, as a pointer for others to avoid the same type of thing.
      I wasn't aware that all my accounts have been hijacked except Gmail until he transferred a domain!

      Of curse I changed logins but now I'm aware that I have a keylogger or similar virus on my laptop, so it really wasn't hard for them to see my new logins, no matter how strong they were. Every time when I logged into some account, they knew my logins but they didn't do anything that will make me suspicious that my account has been hijacked.

      Since my laptop is infected, I'm not using it anymore and I will send it to computer forensics if this issue doesn't resolve soon.

      Regarding hosting account, they didn't take control over it, they just use logins to download a whole website and install it on their server. I still have a website which will be ready soon.

      I never had similar issues and I wasn't very careful. I advise people not to make my mistake...
      Signature
      I will promote your business to my 100,000 members for free. Find out more
      Find out more
      {{ DiscussionBoard.errors[5712310].message }}
  • Profile picture of the author sbucciarel
    Banned
    Well, that's quite a loss. It looks like a lot of time went into the site.
    {{ DiscussionBoard.errors[5712339].message }}
    • Profile picture of the author Goran Zinic
      Originally Posted by sbucciarel View Post

      Well, that's quite a loss. It looks like a lot of time went into the site.
      Yes, 5 years..
      Signature
      I will promote your business to my 100,000 members for free. Find out more
      Find out more
      {{ DiscussionBoard.errors[5712513].message }}
      • Profile picture of the author GreginDFW
        Goran,
        I think this is just awful. I have been a very satisfied customer of yours for years, and I can't believe someone would do this to you! You know I'll do all I can to help you, and I hope you catch these guys very, very soon!
        {{ DiscussionBoard.errors[5717803].message }}
        • Profile picture of the author Goran Zinic
          Originally Posted by GreginDFW View Post

          Goran,
          I think this is just awful. I have been a very satisfied customer of yours for years, and I can't believe someone would do this to you! You know I'll do all I can to help you, and I hope you catch these guys very, very soon!
          Greg, thanks for your help.
          Signature
          I will promote your business to my 100,000 members for free. Find out more
          Find out more
          {{ DiscussionBoard.errors[5722059].message }}
  • Profile picture of the author wizzard74
    Don't spend money taking your laptop to a forensics expert, just run a virus scanner on it and get rid of the key logger. If you cannot get your domain back, then move on, learn your lesson from it and learn to lock your new domain.
    Signature

    You don't want to click here --> Richard Arblaster

    {{ DiscussionBoard.errors[5712345].message }}
    • Profile picture of the author yohoho
      Originally Posted by wizzard74 View Post

      Don't spend money taking your laptop to a forensics expert, just run a virus scanner on it and get rid of the key logger. If you cannot get your domain back, then move on, learn your lesson from it and learn to lock your new domain.

      I would go to Geeks to Go and get your computers checked out. They are very good. There is usually a 3 day backlog but their help is free. Just follow instructions.
      {{ DiscussionBoard.errors[5722216].message }}
  • Profile picture of the author vrajbi
    Hi,
    I just registered and paid through paypal a lifetime membership with indigitalworks.com, it was shortly after as I noticed I couldn't log in when I did a search via google which landed me straight here!
    So what are my options now Goran?
    {{ DiscussionBoard.errors[5716542].message }}
  • Profile picture of the author vrajbi
    Hi,
    I just registered and paid through paypal a lifetime gold membership with indigitalworks.com (worth 97$), it was shortly after as I noticed I couldn't log in when I did a search via google which landed me straight here!
    So what are my options now Goran?
    {{ DiscussionBoard.errors[5716551].message }}
    • Profile picture of the author Goran Zinic
      Originally Posted by vrajbi View Post

      Hi,
      I just registered and paid through paypal a lifetime gold membership with indigitalworks.com (worth 97$), it was shortly after as I noticed I couldn't log in when I did a search via google which landed me straight here!
      So what are my options now Goran?
      I'm sorry... I suggest you to open a PayPal dispute for this transaction. I have sent you a PM with more details.
      Signature
      I will promote your business to my 100,000 members for free. Find out more
      Find out more
      {{ DiscussionBoard.errors[5722048].message }}
  • Profile picture of the author darren chow
    Visit this site:
    3w.allexperts.com/user.cgi?m=6&catID=3072&expID=86566&qID=5023682

    I have already told him that you will want to discuss this issue with him directly in a follow up question, so he is expecting you to contact him.

    Go to 3w.allexperts.com/user.cgi?m=4&expID=86566&catID=3072
    and get some help from him!

    Have a nice day =)

    remember to change the "3w" to "www"
    I cant post a link yet ==''
    {{ DiscussionBoard.errors[5736070].message }}
    • Profile picture of the author webmann
      I'm sorry to hear what has happened. Actually I was kind of pissed about what you did to your site and never dreamed it had been hacked.

      I just thought you had somehow lost your mind and I removed all your links from my sites. I even went back and found the posts I had written and deleted them.

      Now I'm really pissed because I just assumed you lost your mind.
      {{ DiscussionBoard.errors[5775831].message }}
      • Profile picture of the author Hils
        So sorry to hear your news. A site getting hacked is bad enough, but completely stolen that's just cruel and shocking. Somebody once told me thieves can get in when we use FTP and don't change the password afterwards. I don't know if this is true, but must be something to be aware of. I wish you all the very best with your new site, and strongly recommend you don't stick with the same registrar and hosting service providers.
        {{ DiscussionBoard.errors[5776153].message }}
  • Profile picture of the author vivi62
    so sorry to hear about the problems I am a member of indigitalworks .com so please keep me informed as to when the site is set up correctly.
    Thanks
    vivi62
    {{ DiscussionBoard.errors[5737075].message }}
  • Profile picture of the author avi m
    HI Goran,
    i have a gold membership and i want to know if there is
    something new about indigitalworks?
    i also want to recommend this software:
    Malwarebytes : anti-malware, anti-virus and spyware removal
    this software cost only around $35 and it really protect your computer
    from malware- that is how they stole your website they just entered your computer with malware that delivers them your passwords of your account in the hosting provider and others passwords.this software also
    notice me whenever some one or some malware is trying to get access to my compuer and get blocked by Malwarebytes (it is not affiliate link!)
    i also want to ask you about indigitalworks monthly affiliate report
    i am getting this report every 20 min!! from webmaster@indigitalworks.com
    do you now something about this???
    one more thing you still have your hosting account and theyBackup your site every week so you can use your backup to open the new site if you dont get your domain Back!
    Hope This Help,
    Avi
    Signature
    More Than 250 Call-To-Action Animations and Video Stingers and
    Ads Genius video course Awarded Produt of The Day June 27th 2016 on JVzoo

    {{ DiscussionBoard.errors[5743999].message }}
    • Profile picture of the author avi m
      Hi Goran,
      i see that the site is going down for some time and then goes up!
      please update us your membership subscribers!
      ps. use my recommendation in my previous post!
      Thanks
      Avi
      Signature
      More Than 250 Call-To-Action Animations and Video Stingers and
      Ads Genius video course Awarded Produt of The Day June 27th 2016 on JVzoo

      {{ DiscussionBoard.errors[5748431].message }}
  • You still have some work to do on your coding. Just had a friend who uses your sight tell me that when he logged out he was redirected to the original indigitalalworks.com website.
    {{ DiscussionBoard.errors[5772924].message }}
  • Profile picture of the author Goran Zinic
    I apologize to all InDigitalWorks members for not warning them on time about this issue. Scammer has deleted our members database, right after he transferred a domain...

    New website is finally setup and we’ve managed to restore the database. Due to huge number of products, it took little longer than we thought. We will continue to do business like nothing happened (although it will be hard). Website will be updated with new products every day, same as it was indigitalworks.com.

    Until we resolve this issue, our new temporarily URL is www.idplr.com.

    Thank you,
    Goran
    Signature
    I will promote your business to my 100,000 members for free. Find out more
    Find out more
    {{ DiscussionBoard.errors[5773058].message }}
  • Profile picture of the author raleigh
    Hello,

    I had the same issue before and hell these hackers really takes the wind out of you specially if you are on a good run.

    I Would suggest as a security measure is to use the gmail sms 2 step verification process . Really did the job of having a secured account. . . Furthermore, now you woulod know if someone is accessing the account without your knowledge.

    Here is a YT video bout that: Hope that helps out a bit.
    {{ DiscussionBoard.errors[5773210].message }}
  • Profile picture of the author steveinhouston
    run a PPV ad on the site telling everyone it is a fake and it was stolen
    {{ DiscussionBoard.errors[5773218].message }}
    • Profile picture of the author CTonline09
      Step 1.

      First of all you need to start a DMCA (Digital Millenium Copyrights Act) take down notice on your original site.

      To do this you need to conatct the current hosting provider of Indigitalworks.

      The details are below:
      indigitalworks.com Is Hosted by Hetzner Online AG
      • Hosting: Hetzner Online AG host the domain indigitalworks.com
      • IP Address: 176.9.108.206
      • Name Servers: ns2.7plr.com, ns1.7plr.com
      Write out your DMCA take down notice and sign it and make sure it explains everything needed for the host provider to act upon it and remove the old site from there hosting.

      For more info on writing a DMCA visit here> DMCA Letter - How to write, prepare and send

      Once the site has been removed or suspended by its current host it will give you some peace of mind and perhaps stop anyone falling victim to having there email addresses harvested and hacked into when joining the stolen site, not to mention lots of credit card numbers being logged.

      Step 2.

      Contact PayPal and explain to them exactly what has happened and that they are putting there customers at risk by allowing IndigitalWorks.com to be operated by thieves.

      Include evidence that the site was yours including any screen shots past payments perhaps processed via PayPal would help.

      This should make PayPal act in shutting down the payment processor which is what is currently being used on IndigitalWorks.

      Step 3.

      Write a formal letter to your original registrant and email expalining what has happened to the site and demand it be transfered back immediately without delay or you will begin legal proceedings against your current registrar and mention this will cost them money as you have full evidence of the theft and evidence that they have not acted as they should, provide all evidence when making this claim of theft to them.

      Tell them they have 5 days to transfer the site back to your control panel and that they must also lock the site so its cant be moved again for now.

      Step 4.

      Look up and contact a legal professional that deals with internet fraud and get some solid advice.

      Good luck!
      {{ DiscussionBoard.errors[5773303].message }}
    • Profile picture of the author JamieSEO
      Originally Posted by steveinhouston View Post

      run a PPV ad on the site telling everyone it is a fake and it was stolen
      What a unique idea!
      Signature

      {{ DiscussionBoard.errors[5773444].message }}
      • Profile picture of the author azmanar
        Originally Posted by JamieSEO View Post

        What a unique idea!
        PPV and PR networks normally won't accept such Adverts. They prefer to play safe.

        How about using Forums, Yahoo Groups and Facebook Groups to make this story viral.

        And it won't cost a cent. Only a bit of time.
        Signature
        === >>> Tomorrow Should Be Better Than Today

        {{ DiscussionBoard.errors[5791919].message }}
        • Profile picture of the author Goran Zinic
          Originally Posted by machesta View Post

          Goran:

          I tried to Download using the new user name and password, but it wouldn't let me.
          Are you aware of this problem?
          I emailed you with no response.
          Steve
          Originally Posted by kfor0745 View Post

          No response seems to be the name of the game. Have open tickets and ask in this forum. Am I ever going to be able to log into affiliate site and set up my links. The log in buttons on that page just take you out to indigitalworks.com page.
          How about some answers.
          Keith
          I have just answered on your questions. I apologize for delays, there are so many tickets, I can't answer right away...

          Thaanks for understanding.
          Signature
          I will promote your business to my 100,000 members for free. Find out more
          Find out more
          {{ DiscussionBoard.errors[5792822].message }}
  • Profile picture of the author Goran Zinic
    @raleigh

    Thanks but this wouldn't help in my case. My laptop has been infected by a trojan who steals logins and sends them to the thieves... That's how they managed to get into all my online accounts.
    Signature
    I will promote your business to my 100,000 members for free. Find out more
    Find out more
    {{ DiscussionBoard.errors[5773250].message }}
    • Profile picture of the author FreeMeal
      Originally Posted by Goran Zinic View Post

      @raleigh

      Thanks but this wouldn't help in my case. My laptop has been infected by a trojan who steals logins and sends them to the thieves... That's how they managed to get into all my online accounts.
      any ideas on when, where, or how this trojan got on your laptop? Maybe it was a dodgy email or something. If you can find that, maybe it would help you trace the hackers?
      {{ DiscussionBoard.errors[5773305].message }}
      • Profile picture of the author Goran Zinic
        Originally Posted by FreeMeal View Post

        any ideas on when, where, or how this trojan got on your laptop? Maybe it was a dodgy email or something. If you can find that, maybe it would help you trace the hackers?
        Yes, I have some ideas about how the virus got into my laptop. I will post an update on forum soon.
        Signature
        I will promote your business to my 100,000 members for free. Find out more
        Find out more
        {{ DiscussionBoard.errors[5773389].message }}
    • Profile picture of the author CTonline09
      Originally Posted by Goran Zinic View Post

      @raleigh

      Thanks but this wouldn't help in my case. My laptop has been infected by a trojan who steals logins and sends them to the thieves... That's how they managed to get into all my online accounts.
      I would suggest running your laptop in safe mode with networking, if you have spyware doctor run it in both inteligent mode then full mode before restarting, then run again in normal mode.

      Run anti maleware bytes, as well as cc cleaner.

      Or take it to a repair shop and get them to remove everything from the registry.
      {{ DiscussionBoard.errors[5773326].message }}
    • Profile picture of the author jimbo3891
      Hey Goran.

      As for GMail 2-step verification for login, if it's available in Croatia (I don't know if it is or not), it might actually work even on an infected computer. Why? Because right now, I can give you my login ID and my password to my GMail account and you could not gain access to it.

      I'm sure that's got some people wondering why. If someone logs in from a computer that has not logged in to GMail before, I receive a text -- not a text like FB sends, but a text with a 6 digit code in it that I then have to enter into the new computer (and that 6 digit code is valid only ONCE). Once that code is entered, I can access my Google accounts. If it's never entered, I can't access my Google accounts. Once it's entered, it can't be used again on a different device or on the same device. So, if the keylogger sends them your access code that you were texted and try to use it, they still can't get in.

      Of course, all this only works if you can receive texts from Google with your access code. You might actually want to look into that to see if it works in your area. It can't hurt to add that extra level of security - I know I feel better about my Google account security. It may be a false sense of security, but I do feel better about it.

      James Dunn
      Athens, GA USA
      Originally Posted by Goran Zinic View Post

      @raleigh

      Thanks but this wouldn't help in my case. My laptop has been infected by a trojan who steals logins and sends them to the thieves... That's how they managed to get into all my online accounts.
      Signature

      James Dunn
      Athens, GA
      http://wpmu.org/author/jamesdunn

      {{ DiscussionBoard.errors[5774224].message }}
  • Profile picture of the author GIahGroup
    Bro thats is just awful, really dont have any advice just got your email notifying me of the situation.

    I guess the best thing you can do is inform current customers and I guess if a number of us place a report on sites like :

    Code:
    ripoffreport.com
    Then hopefully the site looses value and atleast these jerks wont profit from it.

    Good luck!
    {{ DiscussionBoard.errors[5773392].message }}
  • Profile picture of the author Goran Zinic
    @ MarketingMonkey, thanks!

    Regaring my laptop, I'm not cleaning it until this issue resolves. I'm using another one..
    Signature
    I will promote your business to my 100,000 members for free. Find out more
    Find out more
    {{ DiscussionBoard.errors[5773407].message }}
    • Profile picture of the author CTonline09
      Originally Posted by Goran Zinic View Post

      @ MarketingMonkey, thanks a lot!
      Regaring my laptop, I'm not cleaning it until this issue resolves. I'm using another one..
      This may not be the most ethical approach but given the situation you are in I would do it.

      Head over to some b-l-a-c-k, h-a-t, f-o-r-u-m-s and hacking forums.

      A quick google search will get you the best ones up in know time.

      Let people know whats happened and see if anyone there is willing to help take down the original IndigitalWorks site. If it was me I would want to bury the old site until I had it back in my hands.

      Id rather it was a smoldering wreck than have someone else profit from my hard work. Kinda like sinking your ship as pirates board lol.

      Just my opinion though.

      Hope it all works out and this 7plr site is defo linked to it, so if anyone has done business with either 7plr or indigitalworks recently then check your PayPal receipt and see if there is any address, name or business name on there as this may help trace the person that has done this.
      {{ DiscussionBoard.errors[5773463].message }}
    • Profile picture of the author JamieSEO
      Unfortunately dealing with these kind of messes (international and online) gets very time consuming and expensive... even if you are 100% in the right

      There are a few tips I can offer to others to prevent this kind of thing:

      1 - Protect Your Computer
      Always have high quality firewall, anti-virus and anti-spyware software running on your computer and always update. If you don't have a big budget grab something like AVG and make sure you have all defenses turned on. Some of the best software tends to be resource hungry, so people get tempted turn them off... don't!

      2 - Important Info and Gmail/Hotmail/Yahoo Accounts
      Popular email sites like Gmail and Hotmail are not the greatest for security, in part because they are such a big target. NEVER use this kind of easily hacked account for financial or login information. Essentially, anything that you would want kept confidential should be using a more secure email server.

      3 - Domain Registrars and Web Hosts
      Do your research on any registrar or host you are considering - search for reviews/comments people have made about the service recently (past 6 months). Weigh up the value or expected value of the site you plan to register/host against the cost to use that service. If you have a small, fairly basic or short-term type of site you might be happy to take some risks with a cheap service. If you have a well established website that is making good money then factor in how much better reputation for security is worth when choosing a service.


      Quality Host Online is one service that tends to be fairly secure for both hosting and site registration. They are definitely not the cheapest, but worth considering if you have a well established/valuable site you want to protect.

      Namecheap is a good registrar for low-moderate value domains, however I don't use them for high value sites.

      Bluehost is a service I have been using for some sites over the past 10 months and so far I have been happy with it.

      From my own and my clients experiences, some services to avoid are:
      - GoDaddy
      - Hostgator
      - Dreamhost
      Signature

      {{ DiscussionBoard.errors[5773566].message }}
  • Profile picture of the author jlb148
    Wow Goran,

    Sorry to hear about what happened. I am a customer with a lifetime membership and have the new URL for your new site.

    I hope you get things worked out in your favor.

    John
    {{ DiscussionBoard.errors[5773526].message }}
  • Profile picture of the author maz1207
    Hi, i'm sorry to hear your big loss. you should have transfer your domain registrar to NameCheap before, there were helpful. It is a well known sites and of course it's generating money and that is why someone stole it. I would suggest you to use SiteLock which you can get on some website hosting for less than $13 / year or you can just buy from SiteLock.com which will cost $99 / year. SiteLock will only work on one domain name and you need to buy another one if you want to protect more domain name. I have been using Bluehost and Namecheap since the last time i my website got hacked too. You can try Kaspersky Pure antivirus which have 360 degree protection, find it on eBay for cheaper price. Good luck! i hope you can get it back, i am one of InDigitalWorks.com member too.
    Signature

    {{ DiscussionBoard.errors[5773823].message }}
  • Dear Sir:
    It is troubling to hear what you are suffering. I am working to get my foot into the door of Internet Marketing, so to think it could all be stolen in a day is troubling. I do not know what safeguards you had on your domain name or what safeguards you have on the one you have now. I used godaddy in the past, but became a domain name reseller myself (yahwehdomains.com) so that I could register at my cost and to stop paying so much to godaddy. Regarding safeguards. When I transferred my own domains from godaddy to yahwehdomains.com (my registration service), I had to unlock the domain and also provide a authorization information string of characters. It is emailed to the admin contact of the domain. So once they cracked into your registration, all that was needed was to change the admin contact to an email account that they had access for. I checked using my own domain service and indigitalworks.net is available. Why after so many years, have you not registered it and redirected it to your main site? You can still register it now and use it for your new home a while. If is turns out to be permanent at least you only have a different TLD. I am an OpenSRS reseller. I am a godaddy alternative. The IP address that you received identifies the thief. That is the evidence you need. Trace the IP address to the nation, region, etc. It may or may not be the same as what the whois is pointing at today. The whois should be correct, but a thief is not honest. The IP address is the key to finding the criminal that has stolen from you. Hope this helps.
    {{ DiscussionBoard.errors[5773830].message }}
  • Profile picture of the author profit2day
    Hey Goran,

    I noticed the site had a message, the type from the host like the payment was missed. I had checked back a couple of days later, but when I went to download a product I was brought back to the main menu.

    Today I happened to check my junk mail and found an email linking me here. First I am sorry to hear what happened. I've been hacked on more than one host (two that were mentioned in this thread) and lost accounts because I didn't shut the sites down and notify them... Lessons learned.

    After reading through this thread today I went to your new site, I clicked on a product and received the following message:

    Database Error: Unable to connect to the database:Could not connect to MySQL

    Carol
    {{ DiscussionBoard.errors[5773904].message }}
  • Profile picture of the author gorufus
    Man,

    This is one of my favorite sites. I have a lifetime membership and they are always updating the content. Sucks that this happened.
    {{ DiscussionBoard.errors[5773906].message }}
  • Dear sir:
    It may be helpful for you to know how crackers get you, so that you can take measures to prevent being attacked again. Firstly, crackers (people that crack into secure devices), many times rely on human habits: Using the same password in many places, or using a combination of nouns related to you personally: some people use names of pets, children, etc for passwords. The best passwords are random combinations of letters and numbers. Crackers can attack you with a dictionary attack. Using combinations of words from the dictionary and numbers before or after. This method also covers the standard corporate password1 password. Also some database products have default root or admin passwords, never leave it at default. I use a password generator myself written in java. Or I just use the password generator in my hosting control panel running using https (ssl). I notice this forum is all clear text. All of our user names and passwords could be stolen by a man in the middle attack. So if you used the same password here as you did in other places, a cracker could get you that way. I use different passwords different places and I use strong passwords. The password I used on this forum, if stolen by a man in the middle attack, could only hijack me on this forum. It would not crack into all of my accounts.
    {{ DiscussionBoard.errors[5774013].message }}
    • I'm so sorry to hear of your troubles with your domain. I'm also a lifetime member of yours and a domainer. I truly hope you will find a way to get your property back or at least prevent the hackers from profiting from your hard work.

      One thing does surprise me however...

      I see the Whois server for idplr.com is listed as OnlineNic

      Why are you still using OnlineNic?

      If you think they may be involved; why are you giving them your business? Could it be the membership database?

      It's the only thing that makes sense from what I can tell.

      I'm fairly certain that HostGator can assist you to move your entire site, including the database for free or a very small fee if you switched to one of their hosting plans.

      I really think you should find a new registrar and hosting company.

      I use enom (I'm also a reseller, domainregistryservices.com) for registrations and Hostgator for all my site hosting.
      {{ DiscussionBoard.errors[5774177].message }}
  • Profile picture of the author trader82
    I still can login to the indigitalworks.com, I am a lifetime goldmembers. I don't even notice any different until I got your email
    {{ DiscussionBoard.errors[5774105].message }}
  • Profile picture of the author dhiyafaris
    so sorry to hear that.
    goodluck with idplr.com
    {{ DiscussionBoard.errors[5774248].message }}
  • Profile picture of the author johndougs
    Just would like to add the following:

    check this out for more information on who these guys are that hijacked your website
    intoDNS: indigitalworks.com - check DNS server and mail server health

    In there you will find an email address and a domain: possible hijackers email and domain address.

    SOA

    SOA recordThe SOA record is:
    Primary nameserver: ns1.7plr.com
    Hostmaster E-mail address: lookserv.lookserv.com
    Serial #: 2012022202
    Refresh: 86400
    Retry: 7200
    Expire: 3600000 5 weeks
    Default TTL: 86400

    It looks like they also own lookserv.com though name.com

    Contact name.com too.

    Furthermore, on that record sheet you will find more clues to where more of their sites are:

    Reverse MX A records (PTR) Your reverse (PTR) record:
    206.108.9.176.in-addr.arpa -> server7.location003.lserv.management.colo4dallas.c om
    You have reverse (PTR) records for all your IPs, that is a good thing.


    ----

    Ps: contact paypal.com and other merchants and tell them that that site indigitalworks.com is hijacked and now is operating illegally.

    Contact as much merchants as possible.
    Contact and google, yahoo and bing to tell them of the forgery etc.

    --------------
    Investigating further: intoDNS: lookserv.com - check DNS server and mail server health

    There you will find more
    Here is more
    Ultimate Network Information Centre - 64.186.146.106
    They are with vpsland.com
    related sites to hijackers: 7plr.blogspot.com/
    Google sites, ips, whois and records will yield more information.
    {{ DiscussionBoard.errors[5774299].message }}
  • Profile picture of the author Deepak Media
    Were you using a Mac or a PC? Just curious to know.
    Signature
    Digital Marketing Author | Speaker | Consultant

    Read my Blog: DigitalDeepak.com

    @ Bangalore, India.
    {{ DiscussionBoard.errors[5774498].message }}
  • Profile picture of the author newspecies
    So this means all of out personal information was also stolen ?????

    Come on!
    {{ DiscussionBoard.errors[5774583].message }}
  • Profile picture of the author sureshots
    Wow! Unbelievable! I just got your email and I can't believe what I'm reading. I'm beginning to understand the reason Godaddy has all of it's additional security features! WOW! Sorry to hear that bro my heart goes out to you Best Wishes!
    {{ DiscussionBoard.errors[5774752].message }}
  • Profile picture of the author wpshed
    VERY IMPORTANT! It is known that Gmail have been vulnerable to XSS attacks. Google have solved the issue, but if you were a victim you might be still in danger!
    Go to your Gmail settings and check if any filters or forwarding rules are set and delete if any
    .
    The XSS was setting such rules and all or filtered incoming e-mails can be forwarded to someone else. This is how they highjack any of your other accounts.

    Goran, go check how CSS-tricks.com was was highjacked and managed to get the domain back, there were several other notorious domains stolen as well, it might help.

    All others please spread the word for people to know because tomorrow you can be in the same situation, learn from Martin Niemöller's mistake of not being interested as it was not his problem and remember his words:

    First they came for the communists,
    and I didn't speak out because I wasn't a communist.

    Then they came for the trade unionists,
    and I didn't speak out because I wasn't a trade unionist.

    Then they came for the Jews,
    and I didn't speak out because I wasn't a Jew.

    Then they came for me
    and there was no one left to speak out for me.
    Cheers!
    {{ DiscussionBoard.errors[5775091].message }}
    • Profile picture of the author healy009
      Sorry to hear about your issue as you had (have a great site). Dont know your circumstances, but you should take whatever action you can to recover your domain.
      Thanks
      JJ
      {{ DiscussionBoard.errors[5775542].message }}
  • Profile picture of the author lenkablog
    Hello I would like to Point out 2 points . Which are maybe simple but better to prevent in future for other's also . First Goran check if you have the invoice of your Purchase of Domain . If you have it check when your domain is Expiring . If you really did nothing it can be a great Proof for your safety in Court OR before law . Second I must aware all of the members here ; now all of our computers are not safe . Recent threat of the Internet is somebody can Monitor your keyboard stroke . By that they can able to get all your Secured information like credentials ,Credit card number . So try to use " keyscambler tool ". By which nobody able to read anything what you type in your keyboard . Internet is really now a scaring place. Use always antivirus Software for your important websites like this along with firewall .

    I hope you best of Luck and wish you will get back your happiness again.
    {{ DiscussionBoard.errors[5775597].message }}
  • Dear sir:
    Regarding the computer used to steal you web site. By using the IP the following information is found:
    ISP:Hurricane Electric
    Organization:Sophidea
    Services: Confirmed proxy server
    Type: Corporate
    Assignment: Static IP

    Geolocation Information

    Country:Anonymous Proxy
    {{ DiscussionBoard.errors[5776338].message }}
  • Profile picture of the author Tajine
    Sorry to hear of your plight Goran

    I have taken a screenshot of reverse internet info on the site. Don't know if it's any use but good luck and thanks for all your work on the site so far. Have been a member for a few years.
    {{ DiscussionBoard.errors[5776400].message }}
  • Profile picture of the author Tajine
    Screen shot didn't paste so info shows IP Address as 50.23.54.92 (32)
    ns1.abcentar.com (34)
    ns2.abcentar.com (34) as of 6/03/2012
    {{ DiscussionBoard.errors[5776421].message }}
  • Profile picture of the author tampaprogrammer
    well if members can still login there, start downloading every video/audio file you can (since they are the largest) and bandwidth burn them...

    Sort of a ddos attack from within
    {{ DiscussionBoard.errors[5776588].message }}
  • Profile picture of the author DigitalWavez
    Hey Goran,

    Sorry to hear your misfortune - hope it gets resolved soon. I've been a member since 2011 and my login still works on the new site, thank you. Thought you'd like to know your new site still has links pointing to InDigitalWorks.com in the footer...

    Dave.. ::
    {{ DiscussionBoard.errors[5776616].message }}
    • Profile picture of the author Goran Zinic
      Originally Posted by profit2day View Post

      Hey Goran,

      I noticed the site had a message, the type from the host like the payment was missed. I had checked back a couple of days later, but when I went to download a product I was brought back to the main menu.

      Today I happened to check my junk mail and found an email linking me here. First I am sorry to hear what happened. I've been hacked on more than one host (two that were mentioned in this thread) and lost accounts because I didn't shut the sites down and notify them... Lessons learned.

      After reading through this thread today I went to your new site, I clicked on a product and received the following message:

      Database Error: Unable to connect to the database:Could not connect to MySQL

      Carol
      This issue has been fixed.

      Originally Posted by Deepak Media View Post

      Were you using a Mac or a PC? Just curious to know.
      It's PC, Windows 7.
      Signature
      I will promote your business to my 100,000 members for free. Find out more
      Find out more
      {{ DiscussionBoard.errors[5777999].message }}
  • Profile picture of the author Goran Zinic
    Thanks everyone for help and support. This gives me strength and motivation to continue…

    I’m still shocked with everything what happened. I never dreamed that business, which I’ve been building for almost 5 years, could end up like this.

    I have taken some steps, and we’ll see how it will end.

    Thank you.
    Signature
    I will promote your business to my 100,000 members for free. Find out more
    Find out more
    {{ DiscussionBoard.errors[5777932].message }}
    • Profile picture of the author kfor0745
      Some links on website are still going to old domain. My concern is that this happened before I could create my affiliate links. Now your site won't let me log in to affiliate site. Click on log in and redirected to main page which has url of indigitalworks.com.
      Any idea when it will all be fixed?
      {{ DiscussionBoard.errors[5780315].message }}
      • Profile picture of the author Jon Patrick
        I got your email, and I'm sorry to hear that this has happened.

        I could be wrong, but I highly doubt that a keylogger is what allowed them to do this. How would the owners of 7plr.com go about installing a keylogger onto your computer?

        If you downloaded a keylogger, most likely it would be from somewhere else. So unless the 7plr.com people happen to be in the business of distributing keyloggers on the internet AND you happened to download one by chance from somewhere on the internet AND they happened to notice the indigitalworks.com information in the logs and steal it, it wouldn't seem to be a keylogger. And all of those things happening would be a huge, unlikely coincidence.

        Clearly they hijacked your site somehow - I just don't think that's how (though I can't be absolutely certain). I would still advise you to do a thorough review and revamp of your security on your computers, domains, and hosting.

        As for retrieving the domain, I think one of the things that would really help is if you hired an attorney in the country where the registrar is located and had a strongly worded letter sent (the cost to have this done should be relatively affordable.) They should be advised that they are responsible for helping you fix this situation - they can not simply sit there and continue to be the registrar for a hijacker who stole your domain.
        {{ DiscussionBoard.errors[5780760].message }}
  • Profile picture of the author chrystz
    Sorry to hear that.. I was trying to subscribe to your website and I was unable to do so. The next day my friend told me that the site was hijacked..

    I could see that a lot of people gave you few ideas on how to secure your computer.

    I could see that you have the keylogger detected on your computer. Checkout the outgoing traffic of the logger with the help of your firewall.. Delete any present rule and modify the firewall to ask for connection request.

    You can then track to which Email or FTP server the logs are being sent to.
    and regarding gmail being hacked there is 2 step verification which was already suggested to you. It would have definitely helped you . Your password might get keylogged but the code which would be sent to your mobile cant be.. though there is an option to enter a predefined verification code to access your Emails they will first gain the access before getting those codes.
    set up the 2 step verification. Checkout the outgoing traffic and if its around more than 50 mb a day from that particular keylogger than the screenshots are being sent too..
    I hope you get your issue resolved soon..
    {{ DiscussionBoard.errors[5783467].message }}
  • Profile picture of the author aciddropkid
    Truly sorry to learn of your misfortune. I sincerely hope you achieve a satisfactory resolution. I am one of your customers, and I did receive your email about the theft of you site. (I must confess I didn't know whether or not to trust the email until now that I've seen this thread on this forum. It may be no consolation to you Goran, but your unfortunate experience has taught me a lesson - and I suspect it's had the same effect on other warriors.) I wish the very best of fortune, and hope you find a successful remedy. I wish I could say more and/or do more to help.
    {{ DiscussionBoard.errors[5784178].message }}
  • Profile picture of the author machesta
    Goran:

    I tried to Download using the new user name and password, but it wouldn't let me.
    Are you aware of this problem?
    I emailed you with no response.
    Steve
    {{ DiscussionBoard.errors[5791254].message }}
  • Profile picture of the author kfor0745
    No response seems to be the name of the game. Have open tickets and ask in this forum. Am I ever going to be able to log into affiliate site and set up my links. The log in buttons on that page just take you out to indigitalworks.com page.
    How about some answers.
    Keith
    {{ DiscussionBoard.errors[5791336].message }}

Trending Topics