Three of my Domains Were Stolen

Never heard of. But if those are in your Namecheap account how can they be changed?

How is that supposed to be?
Does that means your site being hacked?

Ken, is it possible that you have forgotten to renew these domains?

wouldn't that be a hack?

js

It happen to me once - a hacker had placed a script in my public html - I got onto the web host support and they fixed it - hope you sort it out
cheers
Danny

Ken, it looks like your domains were transferred out of Namecheap/eNom altogether to another Regsitrar, possibly Directi

I hope this gets sorted out. You should change the password of your Namecheap account just in case it was hacked.

Derek

Let us know how this turns out. Very interested in knowing how they managed to steal your domains. I have quite a few in Namecheap myself and a lot in Godaddy.

This is why I use NetworkSolutions for my main sites. Everything else gets registered at NameCheap but I've never heard of any monkey business going on there.

About a month ago, you had a problem with someone ordering hosting under your account. Was that ever resolved? I'm thinking maybe that's related to the current issue?

Hi Ken,

This is very strange and difficult situation.
Buddy i wish you GOOD luck and hope you get your domains back.

Please keep us updated.

Thank you,
Mohsin

Edit edit edit

Edit edit edit

Wow...that sucks!

This exact thing just happened to one of my clients a few weeks ago. He's a home builder and had a site with hundreds of backlinks.

Hope this never happens to me!

But it is an interesting idea for a product, is it not?

Title could be:

How to Quickly and Easily Secure YOUR Website
to Make You Impenetrable to Hackers!

I'm sure there's a ton of products like it already.

Sorry for your loss Ken!

Hi Ken,

Sorry to hear this. These type of stuff can only be a distraction but
you learn from them and move on stronger than at the beginning.

Hope things resolve in your favor.

-Ray Edwards

Sounds like a Trojan/Virus. I'm sorry to tell you but all the best anti-virus software in the world does not mean you don't have one. I found a Trojan about a month ago that was out for over 7 months before I submitted it.

"Dear Sir/Madam,

thank you for your email.

Please let us inform you that the file attached to your previous e-mail was really infected with a new variant of Trojan horse. The detection will be available with the next AVG virus definitions update.

Thank you for your cooperation.

Please feel free to contact us if we can be of further help.

Best regards,

Ondrej Ploteny
AVG Technical Support"

So the only way you can be safe is to format. If someone REALLY wanted your domain they couldn have created a virus just for you. And depending on your OS you don't even have to download it.

I'm also sorry to hear about this Ken. It couldn't have happened to a better guy.

Is there anything we can do to help you with this?

i don't know that this things also could happen....

I will give you tips. Buy a computer for all your secure internet actions. Don't use the same computer you facebook and myspace for credit cards and domain administraton. Its just not safe. And don't think that because you have a mac "They can't get viruses http://antivirus.about.com/od/macintoshresource/Macintosh_Viruses_and_Mac_Virus_Resources.htm". Pretty much having a work computer and a play computer is the best you are going to get unless you unplug from the internet. You can also get some firewall software and make sure only IP addresses you are approved for can be connected to, but gets kind of tiresome.

I bet you a dollar you have a keylogger on your computer. You need to get on a clean machine and change every password you've ever created.

Its not possible that your site got hacked. I hope and pray that you will be able to resolve this problem soon. The sooner, the lesser stress.

I can't imagine how much stress this is giving to you.

That's scary. All of my domains are through NameCheap. In fact I just renewed one two days ago. I'm going there right now to change my password.

Good luck getting your sites back.

A number of valuable domains seem to have been stolen from Enom recently, check
Major Domain Hijacking Alert: Industry Pioneer Warren Weitzman Has Over a Dozen Domains Stolen From his Enom Account

Considering DNKA info, your computer was not a problem at all, and probably not even your email. It seems that either ENom was hacked, or connections between registars that allowed then transfer domains without triggering the mail, at least not to your account.

By the way, if you worry about trojans, a great way is to run browsers as virtual appliances. Just get VMWare client and an Internet browsing "virtual appliance" -- virtual machine image. Both are free. That's a little too heavy handed approach IMHO, but then nothing really get's out of browser to your machine. Of course, there is still a risk that you voluntary and accidentally install something from Internet that looks like a great idea...

I am a website developer, and can tell you, it is probably a security vulnerability of the host that has caused your problems. I have had first hand experience of how easy it can be to gain access to other accounts on a webserver. Many webservers can have upwards of 2000 sites on the same server. All it takes is a few lines of code from one account to "browse" the whole server, edit files, delete files, etc. etc. Especially if you are on a Windows server, you are not safe on many shared hosting environments.

Wow, this is all a bit scary! I hope it all gets sorted out for you real quick.

Ken

You have been given some excellent advice....sorry I have nothing to add. I did want to offer my sympathy that you were hacked. The "good" side is that someone recognized the value in your domains that made them worth hacking. Small consolation I know but it sounds like you are doing what needs to be done to put a halt on the present hacker and to prevent this from occurring again.

Just changed my password where my domains are thanks to this thread; so thanks Ken for sharing your pain and for all those who gave Ken such good advice so that all warriors can benefit.

Domains usually don't get hacked that easily. Here are some pointers which I am sure you are already aware of, and some step you could take.

1. Run an online AV/Spyware scan to make sure no key stroke recording spyware is on your machine. Don't run a single scan, run multiple times and by different vendors.

2. Change the password of your domain registrar - make sure it is long (12 characters, UPPER/Lower case, numerals and a few characters like &$%#), and it is NOT saved on your computer. If your computer is compromised, little good will this do.

3. You can do step # 2 from another computer that is not in your house, etc. (more safer from a security viewpoint) if your entire network is compromised.

4. Make sure all your domains have a Registrar Lock enabled on them.

5. Change the password to the email address where you receive such information - same scenario - keep the password long and complex.

6. Go through all your domains and ensure the ownership information that is reflected is yours.

7. Send a 'Standing Instructions" (via fax, email and registered post), that the Domain Registrar is NOT to transfer/change ownership of any domain in the event they receive instructions in writing (like fax/letter). The only method they should accept is the one outlined in the website and what you use. Your goal is to have credible evidence of you having informed the Domain Registrar prior.

8. Make sure if you have assigned Authorization Codes to your domain to be transferred that they are 'reassigned'

9. If you have a Reseller Account, domains can come with a User ID and Password, have this changed immediately.

10. Send a copy of the letter to IANA.

11. Send a copy of the letter to the registrar where you deem the domains have been transferred.

12. You can file for a case at IANA/WIPO (it will cost money)

13. Take any and all snapshots of the domain before it was transferred, Internet Archive: Wayback Machine is a good point: Internet Archive: Wayback Machine

14. Keep all the transactions you have completed on that domain (FTP logs, Web Logs, Blog logs, etc. and save them onto a USB memory stick and a CD).

15. If you even 'suspect' your computer to have been compromised, until and unless you are very good with the security aspect of it (for example can you definitively tell what traffic is traversing through your modem and on what ports? by what application?) - it would be suggested to take a back up for your data and reformat the machine. This IS, I will admit, a little drastic, but if you have digital property and that property is managed by that one machine of yours. I'd have it cleaned.

16. If you have a habit of storing your passwords on a file, on your computer, a notepad or Excel or Word file, assume it HAS been compromised and change all this information. Tedious, but would you want a repeat of what just happened to you.

17. Keep sending a daily reminder, fax, email, letter to the registrar until the issue is resolved. The goal is to show you actively pursued this wrongful transfer. It helps provide weight to your case.

Hope it helps.

You might contact Lee McIntyre about this. He went through the
same thing a year or so ago. Some guy in Turkey offered to sell him
back his own name for big bucks. He finally got it resolved but I don't
know the details. (I think he was doing business with Go Daddy)

Tom

come on, post up any information you have on this guy. He is obviously in it for some money, thus the offer to return the domain for $2,000.

Bait this schmuck along. Get whatever information you can out of him and make it public here. There are some very good interweb detectives out there who get off on finding people hiding behind emails/domains and the like.

I hope the people in "fraud" get this resolved for you. After reading this, I changed all my passwords to email and name registrars.

Oh dear sorry Ken. That's not good. I presume these domains were locked? If so then I agree with Martin there may be something maybe more serious like an email hack.
Hope you get this sorted ASAP.

Rich

I read an article in playboy a couple of years ago about how someone stole the domain sex.com and was making almost a million a month off of someone elses domain. Millions of dollars in legal fees later, the original owner got it back but the whole situation was a total mess. You may be able to empathize with that lol. Good luck for the future and thanks for the domain advice guys!

I don't know how these things happen but it's really scary. I read about the sex.com thing too. Unbelievable that such a high value domain could be stolen ... not only stolen but used to make the money that the owner should have been making.

Ken, best of luck on getting the domains back.

I wonder if you have any idea how they were transferred out. Do you know whether the thief did hack into your Namecheap account?

Derek

Namecheap is just an eNom reseller....when I had a problem with namecheap and they could not resolve it, I called eNom and they fixed it for me.

Enterpryzman

Most people here seem to think that the only way this could have happened is if hacking was involved, really if there is no trace then it was properly done the old fashioned way.
The thief could simply have phoned a person at the registrar with sufficient access and asked for the transfer to be made (it is called social engineering and is properly the most efficient form of "hacking" ever invented). If this is how the transfer happened then the person who got tricked will have to make a decision of either risk their job by admitting thy made a mistake or cover up their involvement by deleting any evidence.

So you may never really get to know how this happened or how to prevent it in the future.

Good ... sounds like they're on it ... hopefully you will get them all back.

wow, sorry to hear that your domain is stolen ken,

Hope you can get it back.

my 2009 were not good as well, my gmail and my paypal has been hacked... shish..

Good luck ken!

If I were I'd report this to WIPO and ICANN. ICANN keeps a check on the registrars, and if the registrars are not being helpful, you would have done your duty to inform ICANN, the basic question you should be asking in writing again and again of your registrar and all those associated is how did it happen? Why are they being lax about it? Do tell them if they fail to get your domain back, you WILL file charges and any/all legal fees would be borne by them.

Also, pressurize ICANN and WIPO on stepping in and aiding you.

I would also advise you have ONE chance/shot to get your domain back.

Do not take steps without having first discussed it with an attorney or equivalent who knows this area very well, and you certainly do not want to be contacting the person who wants to sell it back you without having thought this thing over and having discussed it with someone who would know what the repercussions are of the action you would take.

As knowledgeable as all the members in the Forum are, it is still advisable to talk to / deal with someone who does this for a living and knows the law and tactics.

I cannot stress enough that you need to nearly peg the scale as far as putting pressure on the Registrars are concerned.