InDigitalWorks.com - UNOTHORIZED DOMAIN NAME TRANSFER - PLS HELP!

by 105 replies
145
My name is GoranZinic. Some of you know me as the owner of Indigitalworks.com.

On February 22nd, I became a victim of huge Internet fraud, which I would like to share with you.

Domain name IndigitalWorks.com and entire website have been hijacked and transferred by a scammer.

Indigitalworks.com is currently under control of scammer, who managed to transfer everything, including the domain and all the content.

His name is Ahmad Rashid Mohammed, based on the current IndigitalWorks.com WHOIS.

On the first day of the fraud, InDigitalWorks was redirected to 7plr.com, so they are probably involved too.

I have contacted Onlinenic.com (my registrar) but they were very uncooperative and unwilling to help.

In the last few months my Gmail has been hacked several times. After the domain has been transferred I found out that all my online accounts have been hijacked... Twitter, Facebook, Hosting and many others, including Onlinenic.com.

Onlinenic checked the log files and said that domain has been transferred from IP 65.49.14.89, which wasn't my IP. This didn’t solve anything... even if Onlinenic account has been hijacked, they can’t do anything (or don't want to). They refuse to investigate any further or offer any kind of help. Onlinenic is great when you need to buy a domain and send them money, but when you have a problem, they don’t want to listen. If you care about your business, you should AVOID ONLINENIC. Hope this post will urge you to protect your own domains and your business.

After I asked them about the details of the person who owns the domain now, I received the following answer:

“Regarding the information you're asking for, you can refer to http://who.is/whois/indigitalworks.com/

And that’s all… The Whois to which they referred has incomplete information, which is in direct violations to ICANN policies. Not just they refuse to help, but they don’t want to tell the information of the domain name owner. Although OnlineNIC is under ICANN, they don't follow their policies. Be aware of this if you’re using, or planning to use their services.

Since they refuse to investigate such obvious fraud, I have no other choice but to suspect that Onlinenic.com, or some of their employees, could be involved in this act of unauthorized domain transfer.

I have contacted some lawyers in Dubai, the country where the hacker is from, based on the WHOIS information and come to the conclusion that I will need to hire a private investigator first to see if this person even exists, before taking any legal steps.

Does anyone have any suggestions? I and a team of many dedicated freelancers have worked very hard over the past five years to build this site. Without them IndigitalWorks.com would never have succeeded. We’re all working hard on creating a new site, but all our efforts were wiped out in one day.

I know there are warriors here who have lots of knowledge about Internet thieves, and I hope that some of you can help.

Thank you,
Goran

P.S. I also hope that my situation will help you to better protect your business before it’s too late.

---------------------------------------------------
UPDATE:

I apologize to all InDigitalWorks members for not warning them on time about this issue. Scammer has deleted our members database, right after he transferred a domain...

New website is finally setup and we’ve managed to restore the database. Due to huge number of products, it took little longer than we thought. We will continue to do business like nothing happened (although it will be hard). Website will be updated with new products every day, same as it was indigitalworks.com.

Until we resolve this issue our new temporarily URL is www.idplr.com.

Thank you,
Goran
#main internet marketing discussion forum #domain #indigitalworkscom #pls #transfer #unothorized
  • Did you set up domain locking or anything like that to prevent the transfer from happening?
  • No.. unfortunately. I really wasn't aware that stealing a domain is so simple...
  • I assume you have proof of all this. Start by contacting their payment processor to get their account closed.

    You might consider contacting google to see if they will de-index the site until you can get it back.

    OnlineNIC are still listed as the registrar. A strongly worded attorney's letter to them might help.

    Look up Brian Kindsvater. He's a fellow Warrior and internet attorney. He's the one to give you proper advise.
    • [ 2 ] Thanks
  • does this mean he has payment details of all your customers as he could try to use them frauduently also,you may also be able to get them to help you in your quest to get your site back if they are also at risk.
    regards
    vivi62
    • [1] reply
    • No. There's nothing to worry about. Indigitalworks never stored any kind of payment details.
      • [ 1 ] Thanks
  • Wow, scary stuff, really hope you get your site back and karma brings what's coming for that scum!
    • [ 1 ] Thanks
    • [1] reply
    • Hi Goran,

      Let me first tell you how sorry I am to hear about what has happened to you. I know your website well and I can only imagine that this is a huge blow for you...

      The first thing you need to understand is that this is not the right forum to get help. No offense to the people on WF, they are awesome, but if you want to try and get help with this you need to speak with professional domainers. The best forum for this when it comes to .com domains is IMO: Welcome to DNF.com

      Although you might get some good advice from a forum, (and no harm in making a post), I would strongly suggest that you get a US attorney involved ASAP. I would recommend John Berryhill. You can find his contact details here: John Berryhill
      Although I have never hired him personally I have followed him on DNforum for years and he seems very knowledgeable.

      I have around 2300 domain names and I have in the past gone through the same thing you are now experiencing, and I can give you some information from what I gathered at the time, (but I can't promise that it is still accurate). Unfortunately it is not good news.

      I noticed from the Whois history of indigitalworks.com that you from Croatia. I therefore assume that you don't have a US trademark registered for Indigitalworks? That would make the recover process far easier as you could simply initiate a UDRP dispute (Uniform Domain Name Dispute Resolution Policy). However, in the absence of a trademark this will unfortunately be very hard, despite the fact that you are victim of a fraud. You might want to have a quick look at this thread: Using the UDRP to Recover Stolen Names

      Your best bet IMO is to either try to work with the registrar, or alternatively get John Berryhill or another lawyer specialized in domains to threaten the registrar with a lawsuit, (assuming they are based in the US). I am not a lawyer but I would think that if you present the registrar with indisputable proof that you are the legitimate owner, you could make a strong argument that they will be liable for the losses that you incur if they refuse to assist in the recovery.

      You mention that the registrar is being uncooperative, and it is so unfortunate that people don't seem to understand the importance of holding valuable domains in locked account with an ICANN approved registrar that you can really trust. There are many people, (myself included) that have lost domain names through Godaddy and still people here recommend them to newbies so they can save a couple of bucks... They do this based on the fact that so far everything has worked fine for them with Godaddy, but ignoring the huge number of people who have had terrible experiences with them. Anyway, I didn't mean to go off on a rant, this thread is not about Godaddy! :rolleyes:

      I haven't looked into your registrar to see if they are even ICANN approved, but if you feel that you can't afford an attorney your next best option would be to contact ICANN directly and ask them for advice on what to do.

      If you were living in the US I would also advice that you immediately report it to the Internet Fraud Complaint Center at the FBI, Internet Crime Complaint Center (IC3) | Home but I don't think that is feasible for you. However, you should probably still report it to your local police department in Croatia.

      You should also try to gather all possible information you can that proves you are the legitimate owner of the domain name. This will come in handy in the future as you will have to prove your claim regardless which route you take.

      I really wish I could give you some more definite advice that would help you get the domain back quickly, but all I can say is don't give up!

      I wish you the best of luck!
      • [ 12 ] Thanks
      • [1] reply
  • Banned
    Without a lawyer or some help from the registrar, it might be difficult to get it back. It was unlocked and you were most likely hacked so the transfer appears normal to the registrar. John Berryhill is a very sharp IP lawyer and kindsvater also, and he frequents this forum. I don't know if they can handle a case based in Croatia or not, but you might get some advice.
    • [ 1 ] Thanks
  • Domain registrar probably would n't be able to provide you much help.

    If this guy is putting these information on who.is and you can confirm its correct, you will need to hire a lawyer in Dubai.

    You have emails and receipts paying for that domain and prove your ownership for the domain.

    If your computer still infected and the information is going forward to him. I would suggest to contact a computer forensic agency (it will cost you $$$$$)

    Upon my knowledge UAE, has rules for online crimes. If you can prove he did steal you domain, you can get your domain back and get him locked up for online crime.

    This is costy, but i see the website ranked 18k worldwide in alexa, so i do assume it make some good $$$$$
    • [ 1 ] Thanks
    • [1] reply
    • Thank you for info about computer forensics. I don't use any of my laptops any more... I will wait for some other solutions to come up before taking these steps.
  • Looks like they got into your hosting control panel beforehand, or are damned fast - your previous links are not 404'ing, all content seems correct (I didn't see your site before) so these guys are sophisticated.

    I'd agree with the suggestion of talking to domainers & lawyers. Maybe private investigators too, depending on your budget. One thing to be aware of - they are smart - might even be reading this thread - don't give away too much about what your plan of action is.

    Update: You could ask the host to take it down on the basis of it being copyrighted materials

    Hosting: Hetzner Online AG host the domain indigitalworks.com
    IP Address: 176.9.108.206
    Name Servers: ns1.7plr.com, ns2.7plr.com
    • [ 1 ] Thanks
    • [1] reply
    • Goran, really sad to hear what happened. As a customer I know your site very well.

      Hetzner Online AG is a german based hoster located in Gunzehausen

      Stuttgarter Str. 1
      91710 Gunzenhausen
      Deutschland

      Tel.: 09831/610061*
      Fax: 09831/610062

      If you contact them and explain them what happened I'm sure they will help you and shut down or freeze the hosting account.

      If this not helps you may file that case to the german police and they can investigate that further.

      I'm from Germany and can help you with that if you want.

      In the end the bad guys will go to another hoster, but they have lot's of work with that and they should see a big crowd is following them and they can't escape that easy.

      Best wishes & fingers crossed!
      • [ 1 ] Thanks
  • So what is the status of your website currently? It appears to be up and operating but is still registered to someone in Dubai? You may want to make an effort to let your customers know that it is either safe or still dangerous to access your site. Since last post was on Thursday and in that post it stated it would be up and operating the next day. After reading about this I did go to your website and was redirected to a host gator cpanel login page which is based in the States. Something smells very fishy about this. Sounds like someone may have just taken their customers money and ran with it??? Claiming domain name highjacking to some fake name in Dubai and then laughing all the way to the bank. There was a time when the domain was being redirected to 7plr.com. Bottom line worry about your customers first then get the legal issues under wraps.
    • [1] reply
    • Unfortunately, it's the same as on the beginning of my post. While I was posting on facebook I didn't knew they stole the whole website... I found this later when I saw it installed on their server. This has made things more complicated...
  • Thank you for all the information’s you provided. Some posts were very useful. I can't disclose which currently. If anyone has some more info to share, I would be very grateful... Thanks
  • Hi Goran!

    I have a huge cache of domain names and your story alarmed me, since I use gmail too.I actually will not use gmail anymore for my business accounts. I can't imagine such a thing can happen to a big website like indigitalworks. From what I perceive of your site, it's a major player in the PLR field.

    So you think it's not even safe to visit indigitalworks.com now? I won't trust an hijacked website run by hackers and thieves.

    All the best in your quest for justice... I'm watching this thread.
    • [ 1 ] Thanks
    • [1] reply
    • I suggest you not to store any kind of such data in Gmail!

      Indigitalworks.com is still not under my control, it's run by thieves currently. I wouldn't say it's unsafe to visit but I suggest you not to do anything more than that, like signing up.
  • Hi Zinc

    I m one of yr lifetime membership for last 2 years.

    Everytime visited your site - knows how much efforts u been putting in and your are indeed keeping up the site so regularly...

    Pls keep it up and let us know if u do transfer your site to another domain though we hope u r able to get back the domain.

    Warriors - is there anyone there could at least give a words on which domain providers who are reliable, especially in situation like this ?
    • [ 1 ] Thanks
    • [3] replies
    • About a week and a half ago I gave my recommendation on where I believe it is safe to hold your domain names: http://www.warriorforum.com/main-int...ml#post5639588

      The registrar that I recommend in that thread is based in Australia, which I believe can be an advantage in many legal situations. However, if you prefer to have a US based registrar I would recommend Moniker

      Apart from holding your domain name with an ICANN accredited and highly reputable registrar that you can trust you need to lock down your most valuable domains. By this I don't mean that they should simply be "locked" from being transferred, (which I am sure everyone does)!

      What I am referring to is that you should use some form "executive lock" that allows you to have two or three security questions that have to be correctly answered before any DNS changes or transfers of your domains can take place. That way, even if a hacker takes over your email account and computer he will never be able to either change the DNS of your domains or transfer them to another account.

      The registrar I recommended in the thread I linked to above goes even further. For high-value domain names, (or domains that host a valauble business like I am sure indigitalworks was/is) they allow you to set-up several security questions that you have to answer correctly to their management team over the phone (after identifying yourself) before any changes will be approved on those domains. This does add some hassle when you need to make changes but IMO it's a small price to pay when you are dealing with a 6 or 7-figure business...
      • [ 2 ] Thanks
    • Thanks. I will announce immediately after we setup a new site... It should be very soon.
    • Well, I would suggest: Always take a domain provider in your own country... since there is a big question about jurisdiction if the provider is in China, the thief in Dubai, ICANN in the USA and the original owner in Croatia...

      If the provider and the owner are in the same country, communication is much easier... and when you plan to sue them, you both talk the same legal language...
      • [1] reply
  • I realize this puts you in a terrible spot and wish you the best of luck. I'm also very curious to hear what you recommend for your customers?

    I signed up a little over a month ago and now it looks as if my subscription is worthless. What do you recommend? How will you take care of your customers?
    • [ 1 ] Thanks
    • [1] reply
    • Regarding your purchase, there's nothing to worry about. If you want I will provide you a full refund. Just let me know.

      New InDigitalWorks site, but on different domain, will be setup soon so members will have access. We will also continue to run this site and supply it with new products, there won't be any difference..
      • [1] reply
  • i feel you bro, it is very unlikely you are going to see your domain again.
    truth is truth.
    all bull**** aside, most of the options here are lame.
    your best option is to hijack it back, its gonna cost you.
    btw the name he used is an alias.
    its not his first hijack (given by his email which is also dummy mail, he used it before).

    how you gonna hijack it? start learning about the deep web.
    download "TORa" and start reading about the dark web. im not going to link you to places and dont ask for, what you looking for is there.

    btw, a small tip before paying any one on the deep web, ask them first to transfer it on thier name(obviously they will use an alias,same goes for ip and isp ) or a name you both agreed upon once he hijacked it, afterwards pay him or let him first transfer it on ur name, learn how to secure it more.

    where you hosting at btw? is it shared? dedicated?
  • Let me know when you start up again. I was on the site Friday and there were some irregularities that stopped me from purchasing a membership. Had no clue about this at the time. Interested when you get things running again.
    • [ 1 ] Thanks
    • [1] reply
    • Hi Andy, I will announce a new domain on this thread... Thanks
      • [1] reply
  • Has the scammer locked the domain? If he hasn't, you can transfer it back, all these domain registrars are just about their own pockets and don't consider customer service at all. Unfortunately, they won't be much of help, I've had similar problems before, best thing to do is get a lawyer who works in corporate law and ask them to send a letter to the registrar, the only issue is if he hasn't hacked your account then you may be in a sticky situation because you don't have a case - you left it open to transfer dude... You need to contact law enforcement so that they can investigate the hacking side of things.
    • [ 1 ] Thanks
    • [1] reply
  • Sorry to hear that, sir.

    Alright, you have an IP Address in your hands. It's 65.49.14.89

    I traced it and this guy used a proxy. (Obviously a hacker would try to hide his tracks)

    The ISP of this proxy is "Hurricane Electric". Proof: http://www.ip-adress.com/ip_tracer/65.49.14.89

    So you can contact them and see what you can do from there. Like if you will send them legal papers about your case they will most likely give the information you want.

    E.G. You can ask OnlineNIC the exact date + time the person did login and transferred your account. Then ask proxy's ISP (Hurricane Electric) for the IP address that used the proxy 65.49.14.89 at <date/time goes here>.

    Or just ask for the IP address that used the proxy and connected to OnlineNIC's website.

    If you have a new IP address on your hands now you should do your research (trace it etc) because it's most likely that it will be a proxy aswell.

    Good luck buddy.

    EDIT: I gotta go now, I added you on Skype though to speak later and help a bit.

    See ya.
    • [ 1 ] Thanks
  • Banned
    [DELETED]
  • Banned
    [DELETED]
  • The ip you mentioned seems to be an anonymous proxy.

    View information about 65.49.14.89 - Free IP Lookup

    That might give you something to work with. Not many people would use one for a legitimate purchase.

    Also, not the "OBFUSCATED IPs 1093733977 18273603161." Unfortunately they don't include the dots in them, so there is more than one possibility for each, but if all the digits match something that you manage to track down that might help too.
    • [ 1 ] Thanks
    • [1] reply
  • You may want to check your twitter account also.
    Since this was posted about 2 hours ago. You really should spend more time informing your customers as to what is going on right now. Get on your auto responder asap and send an email out to your list letting them know what is going on.

    SPECIAL OFFER valid 24Hr 3 Months Access - $67 $47 $37 1 Year Access - $147 $87 Lifetime Access - $297 $90 Coming from your twitter account? 2 hours ago.
    This whole thing just is reallllllly fishy. Since the previous post from your twitter account is a link going here?? Or has your twitter account been hacked now also?
    • [ 1 ] Thanks
    • [1] reply
    • I just checked twitter and you're right. It's been hijacked also like all my accounts. My twitter account is merged with Facebook so everything is published on twitter automatically. I have just submitted a dispute!

      Currently I don't have access to indigitalworks.com and I'm unable to send any emails until developers setup a new site.

      I truly apologize for everything what happened. I'm doing my best to resolve this issue!

      All I can do now is advise anyone not to purchase anything from indigitalworks.com.
  • oh i see what he doing there... he is a smart fish...
    he actually taking his own website down due to low profits in recent times.
    (i got my sources and a pretty decent proof)
    he is making the last blow before he is done with that project.

    the "special offer" is obvious!

    lol stupid people gonna stupid...
  • @AnnaM
    @You Jelly

    Is it coincidence that people who registered yesterday, and have few posts, are trying to offer "help" and some black hat methods to restore my domain?
    • [1] reply
    • hey, i never offered you helped!

      just told u a path u can take... which has nothing to do with me.
      i believe u can read, so how did u not get this?
      just google for "deep web" or "TORa"
      in simple words: its where u can meet or make contact with hackers.

      now the other user above does sound like a scam.
  • Banned
    I'm sorry. As this thread progresses, it seems more and more unbelievable that:

    1. You kept your domain unlocked and that your email was hacked numerous times without you changing all passwords and making them very strong.

    2. Not only did they get your domain ... and I know that has happened before, but they also got your hosting account, Twitter, Facebook and who knows what else.

    Can you explain how this happened? If nothing else, as a pointer for others to avoid the same type of thing.
    • [1] reply
    • I wasn't aware that all my accounts have been hijacked except Gmail until he transferred a domain!

      Of curse I changed logins but now I'm aware that I have a keylogger or similar virus on my laptop, so it really wasn't hard for them to see my new logins, no matter how strong they were. Every time when I logged into some account, they knew my logins but they didn't do anything that will make me suspicious that my account has been hijacked.

      Since my laptop is infected, I'm not using it anymore and I will send it to computer forensics if this issue doesn't resolve soon.

      Regarding hosting account, they didn't take control over it, they just use logins to download a whole website and install it on their server. I still have a website which will be ready soon.

      I never had similar issues and I wasn't very careful. I advise people not to make my mistake...
  • Banned
    Well, that's quite a loss. It looks like a lot of time went into the site.
    • [1] reply
  • Don't spend money taking your laptop to a forensics expert, just run a virus scanner on it and get rid of the key logger. If you cannot get your domain back, then move on, learn your lesson from it and learn to lock your new domain.
    • [1] reply

    • I would go to Geeks to Go and get your computers checked out. They are very good. There is usually a 3 day backlog but their help is free. Just follow instructions.
      • [ 1 ] Thanks
  • Banned
    [DELETED]
  • Hi,
    I just registered and paid through paypal a lifetime membership with indigitalworks.com, it was shortly after as I noticed I couldn't log in when I did a search via google which landed me straight here!
    So what are my options now Goran?
  • Hi,
    I just registered and paid through paypal a lifetime gold membership with indigitalworks.com (worth 97$), it was shortly after as I noticed I couldn't log in when I did a search via google which landed me straight here!
    So what are my options now Goran?
    • [1] reply
    • I'm sorry... I suggest you to open a PayPal dispute for this transaction. I have sent you a PM with more details.
  • Banned
    [DELETED]
  • [DELETED]
  • Visit this site:
    3w.allexperts.com/user.cgi?m=6&catID=3072&expID=86566&qID=5023682

    I have already told him that you will want to discuss this issue with him directly in a follow up question, so he is expecting you to contact him.

    Go to 3w.allexperts.com/user.cgi?m=4&expID=86566&catID=3072
    and get some help from him!

    Have a nice day =)

    remember to change the "3w" to "www"
    I cant post a link yet ==''
    • [ 1 ] Thanks
    • [1] reply
    • I'm sorry to hear what has happened. Actually I was kind of pissed about what you did to your site and never dreamed it had been hacked.

      I just thought you had somehow lost your mind and I removed all your links from my sites. I even went back and found the posts I had written and deleted them.

      Now I'm really pissed because I just assumed you lost your mind.
      • [ 1 ] Thanks
      • [1] reply
  • so sorry to hear about the problems I am a member of indigitalworks .com so please keep me informed as to when the site is set up correctly.
    Thanks
    vivi62
    • [ 1 ] Thanks
  • HI Goran,
    i have a gold membership and i want to know if there is
    something new about indigitalworks?
    i also want to recommend this software:


    from malware- that is how they stole your website they just entered your computer with malware that delivers them your passwords of your account in the hosting provider and others passwords.this software also
    notice me whenever some one or some malware is trying to get access to my compuer and get blocked by (it is not affiliate link!)
    i also want to ask you about indigitalworks
    i am getting this report every 20 min!! from webmaster@indigitalworks.com
    do you now something about this???
    one more thing you still have your hosting account and theyBackup your site every week so you can use your backup to open the new site if you dont get your domain Back!
    Hope This Help,
    Avi
    • [ 1 ] Thanks
    • [1] reply
    • Hi Goran,
      i see that the site is going down for some time and then goes up!
      please update us your membership subscribers!
      ps. use my recommendation in my previous post!
      Thanks
      Avi
      • [ 1 ] Thanks
  • You still have some work to do on your coding. Just had a friend who uses your sight tell me that when he logged out he was redirected to the original indigitalalworks.com website.
    • [ 1 ] Thanks
  • I apologize to all InDigitalWorks members for not warning them on time about this issue. Scammer has deleted our members database, right after he transferred a domain...

    New website is finally setup and we’ve managed to restore the database. Due to huge number of products, it took little longer than we thought. We will continue to do business like nothing happened (although it will be hard). Website will be updated with new products every day, same as it was indigitalworks.com.

    Until we resolve this issue, our new temporarily URL is www.idplr.com.

    Thank you,
    Goran
  • Hello,

    I had the same issue before and hell these hackers really takes the wind out of you specially if you are on a good run.

    I Would suggest as a security measure is to use the gmail sms 2 step verification process . Really did the job of having a secured account. . . Furthermore, now you woulod know if someone is accessing the account without your knowledge.

    Here is a YT video bout that: YouTube - Broadcast Yourself. Hope that helps out a bit.
    • [ 1 ] Thanks
  • run a PPV ad on the site telling everyone it is a fake and it was stolen
    • [ 3 ] Thanks
    • [2] replies
    • Step 1.

      First of all you need to start a DMCA (Digital Millenium Copyrights Act) take down notice on your original site.

      To do this you need to conatct the current hosting provider of Indigitalworks.

      The details are below:

      • Hosting: host the domain indigitalworks.com
      • IP Address: 176.9.108.206
      • Name Servers: ns2.7plr.com, ns1.7plr.com
      Write out your DMCA take down notice and sign it and make sure it explains everything needed for the host provider to act upon it and remove the old site from there hosting.

      For more info on writing a DMCA visit here> DMCA Letter - How to write, prepare and send

      Once the site has been removed or suspended by its current host it will give you some peace of mind and perhaps stop anyone falling victim to having there email addresses harvested and hacked into when joining the stolen site, not to mention lots of credit card numbers being logged.

      Step 2.

      Contact PayPal and explain to them exactly what has happened and that they are putting there customers at risk by allowing IndigitalWorks.com to be operated by thieves.

      Include evidence that the site was yours including any screen shots past payments perhaps processed via PayPal would help.

      This should make PayPal act in shutting down the payment processor which is what is currently being used on IndigitalWorks.

      Step 3.

      Write a formal letter to your original registrant and email expalining what has happened to the site and demand it be transfered back immediately without delay or you will begin legal proceedings against your current registrar and mention this will cost them money as you have full evidence of the theft and evidence that they have not acted as they should, provide all evidence when making this claim of theft to them.

      Tell them they have 5 days to transfer the site back to your control panel and that they must also lock the site so its cant be moved again for now.

      Step 4.

      Look up and contact a legal professional that deals with internet fraud and get some solid advice.

      Good luck!
      • [ 2 ] Thanks
    • What a unique idea!
      • [1] reply
  • @raleigh

    Thanks but this wouldn't help in my case. My laptop has been infected by a trojan who steals logins and sends them to the thieves... That's how they managed to get into all my online accounts.
    • [3] replies
    • any ideas on when, where, or how this trojan got on your laptop? Maybe it was a dodgy email or something. If you can find that, maybe it would help you trace the hackers?
      • [ 1 ] Thanks
      • [1] reply
    • I would suggest running your laptop in safe mode with networking, if you have spyware doctor run it in both inteligent mode then full mode before restarting, then run again in normal mode.

      Run anti maleware bytes, as well as cc cleaner.

      Or take it to a repair shop and get them to remove everything from the registry.
      • [ 1 ] Thanks
    • Hey Goran.

      As for GMail 2-step verification for login, if it's available in Croatia (I don't know if it is or not), it might actually work even on an infected computer. Why? Because right now, I can give you my login ID and my password to my GMail account and you could not gain access to it.

      I'm sure that's got some people wondering why. If someone logs in from a computer that has not logged in to GMail before, I receive a text -- not a text like FB sends, but a text with a 6 digit code in it that I then have to enter into the new computer (and that 6 digit code is valid only ONCE). Once that code is entered, I can access my Google accounts. If it's never entered, I can't access my Google accounts. Once it's entered, it can't be used again on a different device or on the same device. So, if the keylogger sends them your access code that you were texted and try to use it, they still can't get in.

      Of course, all this only works if you can receive texts from Google with your access code. You might actually want to look into that to see if it works in your area. It can't hurt to add that extra level of security - I know I feel better about my Google account security. It may be a false sense of security, but I do feel better about it.

      James Dunn
      Athens, GA USA
      • [ 1 ] Thanks
  • Bro thats is just awful, really dont have any advice just got your email notifying me of the situation.

    I guess the best thing you can do is inform current customers and I guess if a number of us place a report on sites like :

    Code:
    ripoffreport.com
    Then hopefully the site looses value and atleast these jerks wont profit from it.

    Good luck!
    • [ 1 ] Thanks
  • @ MarketingMonkey, thanks!

    Regaring my laptop, I'm not cleaning it until this issue resolves. I'm using another one..
    • [2] replies
    • This may not be the most ethical approach but given the situation you are in I would do it.

      Head over to some b-l-a-c-k, h-a-t, f-o-r-u-m-s and hacking forums.

      A quick google search will get you the best ones up in know time.

      Let people know whats happened and see if anyone there is willing to help take down the original IndigitalWorks site. If it was me I would want to bury the old site until I had it back in my hands.

      Id rather it was a smoldering wreck than have someone else profit from my hard work. Kinda like sinking your ship as pirates board lol.

      Just my opinion though.

      Hope it all works out and this 7plr site is defo linked to it, so if anyone has done business with either 7plr or indigitalworks recently then check your PayPal receipt and see if there is any address, name or business name on there as this may help trace the person that has done this.
      • [ 1 ] Thanks
    • Unfortunately dealing with these kind of messes (international and online) gets very time consuming and expensive... even if you are 100% in the right

      There are a few tips I can offer to others to prevent this kind of thing:

      1 - Protect Your Computer
      Always have high quality firewall, anti-virus and anti-spyware software running on your computer and always update. If you don't have a big budget grab something like AVG and make sure you have all defenses turned on. Some of the best software tends to be resource hungry, so people get tempted turn them off... don't!

      2 - Important Info and Gmail/Hotmail/Yahoo Accounts
      Popular email sites like Gmail and Hotmail are not the greatest for security, in part because they are such a big target. NEVER use this kind of easily hacked account for financial or login information. Essentially, anything that you would want kept confidential should be using a more secure email server.

      3 - Domain Registrars and Web Hosts
      Do your research on any registrar or host you are considering - search for reviews/comments people have made about the service recently (past 6 months). Weigh up the value or expected value of the site you plan to register/host against the cost to use that service. If you have a small, fairly basic or short-term type of site you might be happy to take some risks with a cheap service. If you have a well established website that is making good money then factor in how much better reputation for security is worth when choosing a service.


      Quality Host Online is one service that tends to be fairly secure for both hosting and site registration. They are definitely not the cheapest, but worth considering if you have a well established/valuable site you want to protect.

      Namecheap is a good registrar for low-moderate value domains, however I don't use them for high value sites.

      Bluehost is a service I have been using for some sites over the past 10 months and so far I have been happy with it.

      From my own and my clients experiences, some services to avoid are:
      - GoDaddy
      - Hostgator
      - Dreamhost
      • [ 1 ] Thanks
  • Wow Goran,

    Sorry to hear about what happened. I am a customer with a lifetime membership and have the new URL for your new site.

    I hope you get things worked out in your favor.

    John
    • [ 1 ] Thanks
  • Hi, i'm sorry to hear your big loss. you should have transfer your domain registrar to NameCheap before, there were helpful. It is a well known sites and of course it's generating money and that is why someone stole it. I would suggest you to use SiteLock which you can get on some website hosting for less than $13 / year or you can just buy from SiteLock.com which will cost $99 / year. SiteLock will only work on one domain name and you need to buy another one if you want to protect more domain name. I have been using Bluehost and Namecheap since the last time i my website got hacked too. You can try Kaspersky Pure antivirus which have 360 degree protection, find it on eBay for cheaper price. Good luck! i hope you can get it back, i am one of InDigitalWorks.com member too.
    • [ 1 ] Thanks
  • Dear Sir:
    It is troubling to hear what you are suffering. I am working to get my foot into the door of Internet Marketing, so to think it could all be stolen in a day is troubling. I do not know what safeguards you had on your domain name or what safeguards you have on the one you have now. I used godaddy in the past, but became a domain name reseller myself (yahwehdomains.com) so that I could register at my cost and to stop paying so much to godaddy. Regarding safeguards. When I transferred my own domains from godaddy to yahwehdomains.com (my registration service), I had to unlock the domain and also provide a authorization information string of characters. It is emailed to the admin contact of the domain. So once they cracked into your registration, all that was needed was to change the admin contact to an email account that they had access for. I checked using my own domain service and indigitalworks.net is available. Why after so many years, have you not registered it and redirected it to your main site? You can still register it now and use it for your new home a while. If is turns out to be permanent at least you only have a different TLD. I am an OpenSRS reseller. I am a godaddy alternative. The IP address that you received identifies the thief. That is the evidence you need. Trace the IP address to the nation, region, etc. It may or may not be the same as what the whois is pointing at today. The whois should be correct, but a thief is not honest. The IP address is the key to finding the criminal that has stolen from you. Hope this helps.
    • [ 1 ] Thanks
  • Hey Goran,

    I noticed the site had a message, the type from the host like the payment was missed. I had checked back a couple of days later, but when I went to download a product I was brought back to the main menu.

    Today I happened to check my junk mail and found an email linking me here. First I am sorry to hear what happened. I've been hacked on more than one host (two that were mentioned in this thread) and lost accounts because I didn't shut the sites down and notify them... Lessons learned.

    After reading through this thread today I went to your new site, I clicked on a product and received the following message:

    Database Error: Unable to connect to the database:Could not connect to MySQL

    Carol
  • Man,

    This is one of my favorite sites. I have a lifetime membership and they are always updating the content. Sucks that this happened.
    • [ 1 ] Thanks
  • Dear sir:
    It may be helpful for you to know how crackers get you, so that you can take measures to prevent being attacked again. Firstly, crackers (people that crack into secure devices), many times rely on human habits: Using the same password in many places, or using a combination of nouns related to you personally: some people use names of pets, children, etc for passwords. The best passwords are random combinations of letters and numbers. Crackers can attack you with a dictionary attack. Using combinations of words from the dictionary and numbers before or after. This method also covers the standard corporate password1 password. Also some database products have default root or admin passwords, never leave it at default. I use a password generator myself written in java. Or I just use the password generator in my hosting control panel running using https (ssl). I notice this forum is all clear text. All of our user names and passwords could be stolen by a man in the middle attack. So if you used the same password here as you did in other places, a cracker could get you that way. I use different passwords different places and I use strong passwords. The password I used on this forum, if stolen by a man in the middle attack, could only hijack me on this forum. It would not crack into all of my accounts.
    • [ 1 ] Thanks
    • [1] reply
    • I'm so sorry to hear of your troubles with your domain. I'm also a lifetime member of yours and a domainer. I truly hope you will find a way to get your property back or at least prevent the hackers from profiting from your hard work.

      One thing does surprise me however...

      I see the Whois server for idplr.com is listed as OnlineNic

      Why are you still using OnlineNic?

      If you think they may be involved; why are you giving them your business? Could it be the membership database?

      It's the only thing that makes sense from what I can tell.

      I'm fairly certain that HostGator can assist you to move your entire site, including the database for free or a very small fee if you switched to one of their hosting plans.

      I really think you should find a new registrar and hosting company.

      I use enom (I'm also a reseller, domainregistryservices.com) for registrations and Hostgator for all my site hosting.
      • [ 1 ] Thanks
  • I still can login to the indigitalworks.com, I am a lifetime goldmembers. I don't even notice any different until I got your email
  • so sorry to hear that.
    goodluck with idplr.com
    • [ 1 ] Thanks
  • Just would like to add the following:

    check this out for more information on who these guys are that hijacked your website
    intoDNS: indigitalworks.com - check DNS server and mail server health

    In there you will find an email address and a domain: possible hijackers email and domain address.

    SOA

    SOA recordThe SOA record is:
    Primary nameserver: ns1.7plr.com
    Hostmaster E-mail address: lookserv.lookserv.com
    Serial #: 2012022202
    Refresh: 86400
    Retry: 7200
    Expire: 3600000 5 weeks
    Default TTL: 86400

    It looks like they also own lookserv.com though name.com

    Contact name.com too.

    Furthermore, on that record sheet you will find more clues to where more of their sites are:

    Reverse MX A records (PTR) Your reverse (PTR) record:
    206.108.9.176.in-addr.arpa -> server7.location003.lserv.management.colo4dallas.c om
    You have reverse (PTR) records for all your IPs, that is a good thing.


    ----

    Ps: contact paypal.com and other merchants and tell them that that site indigitalworks.com is hijacked and now is operating illegally.

    Contact as much merchants as possible.
    Contact and google, yahoo and bing to tell them of the forgery etc.

    --------------
    Investigating further: intoDNS: lookserv.com - check DNS server and mail server health

    There you will find more
    Here is more
    Ultimate Network Information Centre - 64.186.146.106
    They are with vpsland.com
    related sites to hijackers: 7plr.blogspot.com/
    Google sites, ips, whois and records will yield more information.
    • [ 1 ] Thanks
  • Were you using a Mac or a PC? Just curious to know.
  • So this means all of out personal information was also stolen ?????

    Come on!
  • Wow! Unbelievable! I just got your email and I can't believe what I'm reading. I'm beginning to understand the reason Godaddy has all of it's additional security features! WOW! Sorry to hear that bro my heart goes out to you Best Wishes!
    • [ 1 ] Thanks
  • VERY IMPORTANT! It is known that Gmail have been vulnerable to XSS attacks. Google have solved the issue, but if you were a victim you might be still in danger!
    .
    The XSS was setting such rules and all or filtered incoming e-mails can be forwarded to someone else. This is how they highjack any of your other accounts.

    Goran, go check how CSS-tricks.com was was highjacked and managed to get the domain back, there were several other notorious domains stolen as well, it might help.

    All others please spread the word for people to know because tomorrow you can be in the same situation, learn from Martin Niemöller's mistake of not being interested as it was not his problem and remember his words:

    Cheers!
    • [ 1 ] Thanks
    • [1] reply
    • Sorry to hear about your issue as you had (have a great site). Dont know your circumstances, but you should take whatever action you can to recover your domain.
      Thanks
      JJ
      • [ 1 ] Thanks
  • Hello I would like to Point out 2 points . Which are maybe simple but better to prevent in future for other's also . First Goran check if you have the invoice of your Purchase of Domain . If you have it check when your domain is Expiring . If you really did nothing it can be a great Proof for your safety in Court OR before law . Second I must aware all of the members here ; now all of our computers are not safe . Recent threat of the Internet is somebody can Monitor your keyboard stroke . By that they can able to get all your Secured information like credentials ,Credit card number . So try to use " keyscambler tool ". By which nobody able to read anything what you type in your keyboard . Internet is really now a scaring place. Use always antivirus Software for your important websites like this along with firewall .

    I hope you best of Luck and wish you will get back your happiness again.
    • [ 1 ] Thanks
  • Dear sir:
    Regarding the computer used to steal you web site. By using the IP the following information is found:
    ISP:Hurricane Electric
    Organization:Sophidea
    Services: Confirmed proxy server
    Type: Corporate
    Assignment: Static IP

    Geolocation Information
    Country:Anonymous Proxy
    • [ 1 ] Thanks
  • Sorry to hear of your plight Goran

    I have taken a screenshot of reverse internet info on the site. Don't know if it's any use but good luck and thanks for all your work on the site so far. Have been a member for a few years.
    • [ 1 ] Thanks
  • Screen shot didn't paste so info shows IP Address as 50.23.54.92 (32)
    ns1.abcentar.com (34)
    ns2.abcentar.com (34) as of 6/03/2012
    • [ 1 ] Thanks
  • well if members can still login there, start downloading every video/audio file you can (since they are the largest) and bandwidth burn them...

    Sort of a ddos attack from within
    • [ 2 ] Thanks
  • Hey Goran,

    Sorry to hear your misfortune - hope it gets resolved soon. I've been a member since 2011 and my login still works on the new site, thank you. Thought you'd like to know your new site still has links pointing to InDigitalWorks.com in the footer...

    Dave.. ::
    • [ 1 ] Thanks
    • [1] reply
    • This issue has been fixed.

      It's PC, Windows 7.
  • Thanks everyone for help and support. This gives me strength and motivation to continue…

    I’m still shocked with everything what happened. I never dreamed that business, which I’ve been building for almost 5 years, could end up like this.

    I have taken some steps, and we’ll see how it will end.

    Thank you.
    • [1] reply
    • Some links on website are still going to old domain. My concern is that this happened before I could create my affiliate links. Now your site won't let me log in to affiliate site. Click on log in and redirected to main page which has url of indigitalworks.com.
      Any idea when it will all be fixed?
      • [1] reply
  • Banned
    [DELETED]
  • Sorry to hear that.. I was trying to subscribe to your website and I was unable to do so. The next day my friend told me that the site was hijacked..

    I could see that a lot of people gave you few ideas on how to secure your computer.

    I could see that you have the keylogger detected on your computer. Checkout the outgoing traffic of the logger with the help of your firewall.. Delete any present rule and modify the firewall to ask for connection request.

    You can then track to which Email or FTP server the logs are being sent to.
    and regarding gmail being hacked there is 2 step verification which was already suggested to you. It would have definitely helped you . Your password might get keylogged but the code which would be sent to your mobile cant be.. though there is an option to enter a predefined verification code to access your Emails they will first gain the access before getting those codes.
    set up the 2 step verification. Checkout the outgoing traffic and if its around more than 50 mb a day from that particular keylogger than the screenshots are being sent too..
    I hope you get your issue resolved soon..
    • [ 1 ] Thanks
  • Truly sorry to learn of your misfortune. I sincerely hope you achieve a satisfactory resolution. I am one of your customers, and I did receive your email about the theft of you site. (I must confess I didn't know whether or not to trust the email until now that I've seen this thread on this forum. It may be no consolation to you Goran, but your unfortunate experience has taught me a lesson - and I suspect it's had the same effect on other warriors.) I wish the very best of fortune, and hope you find a successful remedy. I wish I could say more and/or do more to help.
    • [ 1 ] Thanks
  • Goran:

    I tried to Download using the new user name and password, but it wouldn't let me.
    Are you aware of this problem?
    I emailed you with no response.
    Steve
  • No response seems to be the name of the game. Have open tickets and ask in this forum. Am I ever going to be able to log into affiliate site and set up my links. The log in buttons on that page just take you out to indigitalworks.com page.
    How about some answers.
    Keith
Join the discussion

Next Topics on Trending Feed