Kim Roach's website got hacked! Is nobody safe?

82 replies
Hello!

I have received the following email from a top IM guru called Kim Roach:

"You may have noticed that our site has been down for a bit. 6 days ago a hacker got into our registrar (NameCheap.com) and transferred BuzzBlogger.com to a different registrar...."


To all warriors: this is a strong reminder to change passwords regularly and backup your websites.
#hacked #kim #roach #safe #website
  • Profile picture of the author RedShifted
    Never seen her site, but I'm guessing it was built on wordpress.


    Just a wild guess. =]
    {{ DiscussionBoard.errors[7759961].message }}
    • Profile picture of the author CyberAlien
      Originally Posted by RedShifted View Post

      Never seen her site, but I'm guessing it was built on wordpress.


      Just a wild guess. =]
      WordPress wouldn't have anything to do with a registrar transfer
      {{ DiscussionBoard.errors[7759970].message }}
      • Profile picture of the author NatesMarketing
        People hack into FBI databases and such.

        Yes, there are precautions to take, but if someone really wanted to hack your site, they would.
        {{ DiscussionBoard.errors[7759975].message }}
        • Profile picture of the author Young Financier
          Originally Posted by NatesMarketing View Post

          People hack into FBI databases and such.

          Yes, there are precautions to take, but if someone really wanted to hack your site, they would.
          Exactly. Government sites, and even the Federal Reserve's site was hacked, so I wouldn't act surprised over an IM'er site being hacked.
          {{ DiscussionBoard.errors[7760597].message }}
          • Profile picture of the author marketinguk
            Originally Posted by Sean T Alexandre View Post

            Exactly. Government sites, and even the Federal Reserve's site was hacked, so I wouldn't act surprised over an IM'er site being hacked.
            For goodness sake READ what Kim actually wrote like I posted above in bold. Her domain was hacked and moved away from her Namecheap account. Her site has not been touched.

            Why are like half the posters talking about site hacks, wordpress hacks and security etc. It has nothing to do with what really happened here. Oh yeah and the title of the thread is equally inaccurate. :rolleyes:
            {{ DiscussionBoard.errors[7760634].message }}
            • Profile picture of the author RedShifted
              Originally Posted by Joel Ross View Post

              For goodness sake READ what Kim actually wrote like I posted above in bold. Her domain was hacked and moved away from her Namecheap account. Her site has not been touched.

              Why are like half the posters talking about site hacks, wordpress hacks and security etc. It has nothing to do with what really happened here. Oh yeah and the title of the thread is equally inaccurate. :rolleyes:

              I don't undershtand.

              Are you saying that the hacker hacked into wordpress then got in to her domain and moved her hacked wp site to another registra? :confused:

              hack hack hack
              wp wp wp

              I'm sorry I still stop now.
              {{ DiscussionBoard.errors[7760712].message }}
          • Profile picture of the author trapybp
            Hey, glad to see this topic(though I am little off topic) I have been in and out of affiliate marketing, and I spent time and money to build wordpress sites, and my site were hacked both times... I actually made my first sale on one of my sites and it was hacked the next day... So I just gave up... Now I am back, but would like to hear more about security, anyone know of any ways other than what has already been said? because I would hate for this to happen a third time...
            {{ DiscussionBoard.errors[7760645].message }}
      • Profile picture of the author mojojuju
        Originally Posted by Chase Watts View Post

        WordPress wouldn't have anything to do with a registrar transfer
        It could very well have something to do with it.

        Realize that it's fairly common for people to reuse passwords. For some people their email password is their facebook password, and it's also their online banking password - and their hosting control password, and so on...

        Knowing that people reuse passwords in this way, a hacker can exploit a Wordpress site, gain the webmaster's database password, and the hacker will essentially have the password for that webmaster's email account, bank account, facebook account - or namecheap account.

        This can and does happen.
        Signature

        :)

        {{ DiscussionBoard.errors[7761389].message }}
        • Profile picture of the author Kingfish85
          Originally Posted by mojojuju View Post

          It could very well have something to do with it.

          Realize that it's fairly common for people to reuse passwords. For some people their email password is their facebook password, and it's also their online banking password - and their hosting control password, and so on...

          Knowing that people reuse passwords in this way, a hacker can exploit a Wordpress site, gain the webmaster's database password, and the hacker will essentially have the password for that webmaster's email account, bank account, facebook account - or namecheap account.

          This can and does happen.
          Still has nothing to do with Wordpress. What if it were a Joomla site? Would it become Joomla's fault? what your describing is a USER error and not a problem with the website or any software, or even something that's been exploited. I also wouldn't go as far as calling a guess password an exploit, because it's not.
          {{ DiscussionBoard.errors[7761503].message }}
          • Profile picture of the author mojojuju
            Originally Posted by Kingfish85 View Post

            Still has nothing to do with Wordpress. What if it were a Joomla site? Would it become Joomla's fault? what your describing is a USER error and not a problem with the website or any software, or even something that's been exploited.
            I didn't say that it was a Wordpress specific problem.

            Originally Posted by Kingfish85 View Post

            I also wouldn't go as far as calling a guess password an exploit, because it's not.
            I also wouldn't either.

            What I described was how hackers can gain access to one password - whether that be through hacking email, exploiting Wordpress, or finding a wallet with a password written on paper inside - and then use that password to gain access to other things, because people reuse passwords.
            Signature

            :)

            {{ DiscussionBoard.errors[7761535].message }}
            • Profile picture of the author AprilCT
              I just read Kim's email. She has a temporary site up and running until she gets her real url back for all those who enjoy reading her site. You can go here:
              http://www.buzzblogger.org

              I certainly hope it's taken care of promptly for her.
              {{ DiscussionBoard.errors[7761595].message }}
  • Profile picture of the author marketinguk
    Wow that is nasty for sure and yeah I can see that her site is down. If it's down for too long it could be a problem in terms of existing content remaining in Google etc. unless she has backed things up sufficiently of course.

    There seems to be a bit of confusion here, this seems to be a registrar hack rather then a website hack. Anyway, that's pretty scary as someone must have got her registrar login details.

    Thanks for the heads up OP!
    {{ DiscussionBoard.errors[7760146].message }}
  • Profile picture of the author kursat
    I will agree that even if you changed your password regularly, someone can still hack the site. These guys can enter goverment sites which has probably the hardest codes to break. Solution...Back up files and upload them again.
    {{ DiscussionBoard.errors[7760156].message }}
    • Profile picture of the author marketinguk
      Originally Posted by NatesMarketing View Post

      People hack into FBI databases and such.

      Yes, there are precautions to take, but if someone really wanted to hack your site, they would.
      Originally Posted by kursat View Post

      I will agree that even if you changed your password regularly, someone can still hack the site. These guys can enter goverment sites which has probably the hardest codes to break. Solution...Back up files and upload them again.
      Okay this error is getting out of hand. Kim said this: "6 days ago a hacker got into our registrar (NameCheap.com) and transferred BuzzBlogger.com to a different registrar...."

      This has nothing to do with a website hack but a registrar hack and a thief transferring the domain away and probably pointing the DNS away from her site. Nevertheless it's nasty for her I hope they can recover her domain for her. Assuming she still has her content she could be fine, but we'll see what happens I guess.
      {{ DiscussionBoard.errors[7760174].message }}
      • Profile picture of the author sbucciarel
        Banned
        Originally Posted by Joel Ross View Post

        Okay this error is getting out of hand. Kim said this: "6 days ago a hacker got into our registrar (NameCheap.com) and transferred BuzzBlogger.com to a different registrar...."

        This has nothing to do with a website hack but a registrar hack and a thief transferring the domain away and probably pointing the DNS away from her site. Nevertheless it's nasty for her I hope they can recover her domain for her. Assuming she still has her content she could be fine, but we'll see what happens I guess.

        Beat me to it. Her website was NOT hacked. Her domain was stolen. Don't know how they got into her registrar account, but they did and transferred her domain to another registrar.
        {{ DiscussionBoard.errors[7760378].message }}
        • Profile picture of the author Karen Blundell
          Originally Posted by sbucciarel View Post

          Beat me to it. Her website was NOT hacked. Her domain was stolen. Don't know how they got into her registrar account, but they did and transferred her domain to another registrar.
          I'm guessing she may have used her login details for Namecheap elsewhere which is why it really is best not to use the same login details that you would on other membership sites - and use some form of password management system to keep track of all your various logins

          I hope she gets her domain back!
          Signature
          I love life!
          ---------------
          Free Web Tools
          {{ DiscussionBoard.errors[8017393].message }}
  • Profile picture of the author Alex Blades
    If the Pentagon can be hacked, anything can...

    Nothing is hack proof, but I would recommend you do is go to https://api.wordpress.org/secret-key/1.1/salt/ and genrate some salt strings and use those as passwords.

    Example:

    Signature
    I live for myself and answer to nobody!
    {{ DiscussionBoard.errors[7760187].message }}
    • Profile picture of the author RobinInTexas
      Originally Posted by Alex Blades View Post

      If the Pentagon can be hacked, anything can...

      Nothing is hack proof, but I would recommend you do is go to https://api.wordpress.org/secret-key/1.1/salt/ and genrate some salt strings and use those as passwords.

      Example:


      You don't need passwords that long. A password 12-15 characters long is impossible to crack on the web.

      I could use pass***word+++++

      and you would never be able to crack it using brute force.

      How Secure Is My Password?
      Signature

      Robin



      ...Even if you're on the right track, you'll get run over if you just set there.
      {{ DiscussionBoard.errors[8016767].message }}
      • Profile picture of the author Farish
        Originally Posted by RobinInTexas View Post

        You don't need passwords that long. A password 12-15 characters long is impossible to crack on the web.

        I could use pass***word+++++

        and you would never be able to crack it using brute force.

        How Secure Is My Password?
        This website is based off an average computer's processing power.

        The botnet that cloudflare recently blocked had around 100000 computers attacking wordpress.

        As botnets get used more and more in attacks password length after a certain point is less likely to matter.

        The only positive about the botnet is that it is hit so hard it is more likely to take the webserver offline than break into it.

        Also people need to stop using the username admin. Leaving it be, makes things a lot easier to break into.
        {{ DiscussionBoard.errors[8017312].message }}
  • Wow, nasty. Security is important!!
    Signature
    Make Big Money in South Florida Real Estate!
    Our real estate team takes your online and offline generated home buyer and seller leads, and converts them into BIG money in return. We're currently looking for international partners located in UK, Russia, China, Brazil, and more. PM me today for more information. Start earning what your worth by creating a niche in real estate.
    {{ DiscussionBoard.errors[7760197].message }}
  • Profile picture of the author celente
    I learnt this lesson back in 2007. Thought no hacker could touch me, WRONG!, they are out there people, and My opinion is hackers are always one step ahead, so u have to just TRY to stay 1 step ahead of them, change passwords, host passwords and do it every month, as they have brute force software these guys, and can steal lots of your details and then do whatever they wish.
    {{ DiscussionBoard.errors[7760225].message }}
  • Profile picture of the author Ephrils
    Scary!

    This made me log in to make hosting account and make sure everything is ok. I get minor hack attacks every now and then so this will definitely make me secure the walls better around my domains!
    {{ DiscussionBoard.errors[7760230].message }}
  • All you have to do is get into enom for her account and start aprove a transfer. That is one reason not to use one same username/password, the way people get it they have something with account then try to use that one form the back office to log into your other accounts.
    Signature
    soon people... Relax...
    {{ DiscussionBoard.errors[7760233].message }}
  • Profile picture of the author KimboJim
    Security is great and all, but I'm going to echo what everyone else really has: your website can always be hacked.

    Sure, good security can keep a newbie hacker from getting into your website, and you might even be able to stop a professional hacker from stealing your information.

    However, if a large hacking organization wants your website down or defaced, then they'll do it. Social engineering, brute force attacks and infiltrating ports and servers will work if done enough. Pros know how to get into any website.

    Burger King (their Twitter account was hacked last week), FBI, Pentagon, state departments and so on. They've all been hacked at least once. If you know how to talk to computers, then you can make servers sing.
    {{ DiscussionBoard.errors[7760251].message }}
  • Profile picture of the author mike gregory
    Yep, happened to me only a month ago. It was lucky for me I had regularly been backing up daily and was able to restore files and database.

    In my case it was a malware on my computer. Running regular virus scans and malwarebytes helps and going with what others have said with regards regular password changes was advised by hostgator, who really helped me out of my sticky situation.

    But like everyone else says, if they want to hack they will hack!
    {{ DiscussionBoard.errors[7760255].message }}
  • Profile picture of the author bkkmma
    Lock your domains, folks.
    Signature
    Selling guest posts in the health niche on an aged, PR3 site with a legit link from HuffPo for only $17 a pop. Limit of 10 available per month. PM if interested. Permanent sitewides for $45 (Limit of 8 EVER.)
    {{ DiscussionBoard.errors[7760263].message }}
  • Profile picture of the author Jason Kanigan
    Couple of options for those who are interested in Wordpress site security.

    First you can use the Limit Login Attempts plugin (Free). It blocks brute force attacks by locking people out after a preset number of attempts.

    Second you can search for WP Hack Alert, which is a WSO on this forum (and very inexpensive). It is a plugin that tells you when someone is messing with your site. Gives you the chance to do something about it, or find out before your customers do (and see that ugly image the hackers put there).

    Also, always, always change your user name from "admin"--delete that account--and make your password something nobody would ever guess.

    Even doing this won't help sometimes. I had a site hacked in through a wiki plugin! The intention was for people to create their own logins and content (approved by me, of course)--imagine my surprise when someone was sending hundreds of emails an hour through the plugin! The hosting company shut the account down and I had to restore the site...without the plugin.

    So it's not always the front door that the hacker gets in by. But something like Hack Alert would tell that code had been changed, and let you know.
    {{ DiscussionBoard.errors[7760272].message }}
    • Profile picture of the author Lloyd Buchinski
      Originally Posted by Jason Kanigan View Post

      Couple of options for those who are interested in Wordpress site security.
      Are you one of those speed readers by any chance?

      This topic has nothing to do with wordpress security. It was a domain registration hack.

      Don't worry, it's nothing compared to some of my misunderstandings.
      Signature

      Do something spectacular; be fulfilled. Then you can be your own hero. Prem Rawat

      The KimW WSO

      {{ DiscussionBoard.errors[7760314].message }}
  • Profile picture of the author J Bold
    Yes, no one is safe.

    Even Apple just reported they'd been hacked.

    Major retailers have been hacked and thieves got access to millions of credit cards. My mother got a letter because her card may have been compromised.

    Hackers are out there hacking all the time.
    {{ DiscussionBoard.errors[7760327].message }}
  • Profile picture of the author Kingfish85
    Namecheap account was hacked? Wordpress needs more security! :rolleyes:
    {{ DiscussionBoard.errors[7760446].message }}
    • {{ DiscussionBoard.errors[7760585].message }}
      • Profile picture of the author Kingfish85
        Originally Posted by higherluv View Post

        Would a dedicated server help? Hopefully there's a way...
        What does this have to do with a hosting account, server, wordpress site etc? Did you read the post, or any of the posts other than the title?? :confused:
        {{ DiscussionBoard.errors[7760591].message }}
        • Profile picture of the author higherluv
          Originally Posted by Kingfish85 View Post

          What does this have to do with a hosting account, server, wordpress site etc? Did you read the post, or any of the posts other than the title?? :confused:
          LOL, are you OK, bud?? YOU read her post more carefully and what it had to do with like maybe a domain name... :p
          {{ DiscussionBoard.errors[7760652].message }}
          • Profile picture of the author Kingfish85
            Originally Posted by higherluv View Post

            LOL, are you OK, bud?? YOU read her post more carefully and what it had to do with like maybe a domain name... :p
            What are you talking about?
            {{ DiscussionBoard.errors[7760796].message }}
            • Profile picture of the author higherluv
              Although the OP posted about the website getting hacked, it was several repliers that pointed out it had to do with hacking of the domain registry, not the website actually getting hacked, or hacking wordpress/hosting (at least that's what I gathered...).

              That's why I was questioning about the dedicated server thing (re domain names) - I'm not sure whether or not this is a solution to the domain name registry hacking issue and I was hoping someone out there would share their opinion...
              {{ DiscussionBoard.errors[7760849].message }}
              • Profile picture of the author Kingfish85
                Originally Posted by higherluv View Post

                Although the OP posted about the website getting hacked, it was several repliers that pointed out it had to do with hacking of the domain registry, not the website actually getting hacked, or hacking wordpress/hosting (at least that's what I gathered...).

                That's why I was questioning about the dedicated server thing (re domain names) - I'm not sure whether or not this is a solution to the domain name registry hacking issue and I was hoping someone out there would share their opinion...
                No, it has nothing to do with a server, reseller account, shared hosting account, gmail account or a HostGator account or anything related to their website.

                The persons "namecheap" domain account was compromised.

                While the OP titled the thread with a misleading title, it clearly states:

                6 days ago a hacker got into our registrar (NameCheap.com) and transferred BuzzBlogger.com to a different registrar....
                It's not a solution - not even remotely. I'm sure your question was just an innocent question if you're unsure, but in this forum there's way too much of:

                OP: Hi my website was hacked.

                Some random poster: Oh, you need a dedicated server.

                They're not related.
                {{ DiscussionBoard.errors[7760871].message }}
                • Profile picture of the author higherluv
                  Originally Posted by Kingfish85 View Post

                  No, it has nothing to do with a server, reseller account, shared hosting account, gmail account or a HostGator account or anything related to their website.

                  The persons "namecheap" domain account was compromised.

                  While the OP titled the thread with a misleading title, it clearly states:



                  It's not a solution - not even remotely. I'm sure your question was just an innocent question if you're unsure, but in this forum there's way too much of:

                  OP: Hi my website was hacked.

                  Some random poster: Oh, you need a dedicated server.

                  They're not related.
                  OK - juuuust checking...
                  {{ DiscussionBoard.errors[7763549].message }}
                  • Profile picture of the author DJXA
                    This kind of attack isn't uncommon, especially for sites with a lot of traffic. The forum for a very large community I'm part of had the exact same thing happen last year.

                    Some hackers in Russia hacked their account and transferred the domain to another company and then tried to sell it back to the rightful owners for $25,000. They also managed to steal the DB, and while they were in control of the site they kept it up and changed all the ads so they were getting the revenue for a giant site.

                    They rightful owners got their original registrar and law enforcement involved and eventually got control of their domain back, but it took 4 months and the loss of revenue for the owners was tremendous during that time.
                    Signature
                    {{ DiscussionBoard.errors[8014215].message }}
  • Profile picture of the author Bill_Z
    That sucks. That's why I like the registrars that ask security questions that you must answer whenever you make a significant change to any domain you own. Of course if they compromise even that you can't do anything about it, but I bet it was just her PW that got compromised so just another level of security could have saved her.
    {{ DiscussionBoard.errors[7760536].message }}
    • Profile picture of the author Kingfish85
      Originally Posted by Bill_Z View Post

      That sucks. That's why I like the registrars that ask security questions that you must answer whenever you make a significant change to any domain you own. Of course if they compromise even that you can't do anything about it, but I bet it was just her PW that got compromised so just another level of security could have saved her.
      ^This. Paypal also has multi-factor authentication that many people do not use. You can have a token or something such as sending a text message to a phone.
      {{ DiscussionBoard.errors[7760555].message }}
  • Profile picture of the author Steve L
    Ever since I installed a Wordpress security plugin, I've noticed people trying to hack into my site from every corner of the Earth. The hackers are definitely busy which is why you need to take every precaution possible.
    {{ DiscussionBoard.errors[7760643].message }}
  • Profile picture of the author Randall Magwood
    That's crazy. Makes me want to update my password right now. Kim i hope your site gets back safe and into order soon.
    Signature
    {{ DiscussionBoard.errors[7760664].message }}
  • Profile picture of the author tomerep
    maybe it was the "anonymous" that hit him. i dont know about them but I think they can hack anyone, anything on the net. they are that smart. for sure no one is safe. the anonymous can even hack government sites, how much more just an ordinary site. but this is what you should think, why would they even waste their time hacking your site? :p if they want to hack something rich, then they would hack a bank. see my point?
    {{ DiscussionBoard.errors[7760776].message }}
  • Profile picture of the author SEMaster
    WOW, first time i'm hearing this hacker attacks on domain registrar. before i was throught hackers can only access to website databases and public_html directory.
    {{ DiscussionBoard.errors[7760926].message }}
  • Profile picture of the author KevL
    Ouch!!!! that's not good. Having to constantly update wordpress version etc is one thing but I'd never think of my registrar account getting hacked!!
    Signature
    SEO Kev
    Small business SEO / Web Marketing Tips.
    {{ DiscussionBoard.errors[7760936].message }}
  • Profile picture of the author Malcolm Thomas
    It just goes to show that no site is invincible to getting hacked and such. Hopefully everything turns out alright
    {{ DiscussionBoard.errors[7760969].message }}
  • Profile picture of the author FreshAndThemes
    When it comes to registrar hacks there really is nothing YOU personally can do about it apart from picking the right company but even the best systems have loop wholes.

    When i had my own private server i got over 2Million infiltration attempts every day from the far east (Mainly china). There is definitely a cyber war going on at all times. Just stay vigilant change the things you have control over watch the things you have no control over even more carefully
    {{ DiscussionBoard.errors[7760991].message }}
    • Profile picture of the author jamiebarclay
      Ouch, I have had a wordpress site hacked but never a registrar site. Poor Kim she is a great marketer and produces great content. I hope she recovers the site.
      Signature

      Jamie Barclay

      {{ DiscussionBoard.errors[7761112].message }}
  • Profile picture of the author Sue McDonald
    Yes I got that email this morning and it just shows what can happen. She is fortunate to have found out about it so quickly. It shows that you have to be constantly aware that you need tight security but I also have to agree that if they can hack the FBI - they can hack site.
    {{ DiscussionBoard.errors[7761609].message }}
  • Profile picture of the author Anish
    My site got hacked too and I think I still may be suffering due to it, lol. Well, someone hacked into my primary WP blog's FTP, inserted some odd code somewhere that showed random pharma & adult links on every page ONLY to Google bot's user agent (so it was invisible to myself & other normal viewers). My rankings had been falling down and I had no idea why. Once I happened to check google's cached page of my site and I was like, wtf are these links? Took a good deal of time to figure it out and delete that piece of code.

    Security's definitely important. Just as big corporate towers have well-paid guards, we gotta have a premium internet security firewall & antivirus, along with website protections.
    {{ DiscussionBoard.errors[7762435].message }}
  • {{ DiscussionBoard.errors[7762449].message }}
  • Profile picture of the author Beatrice
    Beat me to it. Her website was NOT hacked. Her domain was stolen. Don't know how they got into her registrar account, but they did and transferred her domain to another registrar.
    I stand corrected. Thanks for the clarification.
    Signature
    FREE Video to Build Your Website:

    http://www. createmyownwebpage.net

    This Step-by-Step video guide will show you how to buil your website from scratch!(For FREE)
    {{ DiscussionBoard.errors[7762576].message }}
  • Profile picture of the author rodneys
    [DELETED]
    {{ DiscussionBoard.errors[7767564].message }}
    • Profile picture of the author agmccall
      Forgive me for being cynical, but, does anyone think this was a publicity stunt.

      First Namecheap was hacked and the only domain they took was buzzblogger.com.

      There are many domains from people here that get more traffic and have make more money than buzzblogger.com.

      Why did they target her, what was so special.

      Any time I make even the simplest change to my domain account I get an email. and all the emails state that if I did not make the change to go to the site. even if I change my account email, I get an email to the address I set up with the account.

      Again, that brings up the point that if the hackers infiltrated namecheap so deep then why just her account.

      I am just playing devils advocate

      al
      Signature

      “To succeed, jump as quickly at opportunities as you do at conclusions.”
      – Benjamin Franklin

      {{ DiscussionBoard.errors[8008813].message }}
      • Profile picture of the author kindsvater
        Al, seriously. You brought up an old thread to accuse Kim of fraud and perpetuating a publicity stunt. Why would you do that?

        Someone got into her account at Namecheap and apparently transferred her domain.

        No one said anything about a general Namecheap hack.

        For example: I get ahold of your WF account, log in, and change your password and also your signature to refer to my website. That doesn't mean someone generally hacked the forum and randomly picked your account to manipulate.

        .
        {{ DiscussionBoard.errors[8008912].message }}
        • Profile picture of the author agmccall
          Originally Posted by kindsvater View Post

          Al, seriously. You brought up an old thread to accuse Kim of fraud and perpetuating a publicity stunt. Why would you do that?

          Someone got into her account at Namecheap and apparently transferred her domain.

          No one said anything about a general Namecheap hack.

          For example: I get ahold of your WF account, log in, and change your password and also your signature to refer to my website. That doesn't mean someone generally hacked the forum and randomly picked your account to manipulate.

          .
          I am so sorry for not believing everything I read on the internet.

          I did not accuse anyone of anything, I merely asked a question.

          Like I said though, if any changes are made with domains they must be confirmed by the email on file, this includes email changes. If the perp was able to bypass this, then, yes it was a namecheap hack and not a account hack.

          You may blindly follow if you wish, but I will question when I feel a question should be asked.

          2 months is not old, by the way
          Signature

          “To succeed, jump as quickly at opportunities as you do at conclusions.”
          – Benjamin Franklin

          {{ DiscussionBoard.errors[8012150].message }}
          • Profile picture of the author sbucciarel
            Banned
            Originally Posted by agmccall View Post

            I am so sorry for not believing everything I read on the internet.

            I did not accuse anyone of anything, I merely asked a question.

            Like I said though, if any changes are made with domains they must be confirmed by the email on file, this includes email changes. If the perp was able to bypass this, then, yes it was a namecheap hack and not a account hack.

            You may blindly follow if you wish, but I will question when I feel a question should be asked.

            2 months is not old, by the way
            Google domain hijacked. It happens a lot.
            Domain hijacking - Wikipedia, the free encyclopedia


            Did Goran also pull a publicity stunt?
            http://www.warriorforum.com/main-int...ite-fraud.html
            {{ DiscussionBoard.errors[8012522].message }}
          • Profile picture of the author davezan
            Originally Posted by agmccall View Post

            Like I said though, if any changes are made with domains they must be confirmed by the email on file, this includes email changes. If the perp was able to bypass this, then, yes it was a namecheap hack and not a account hack.
            By NameCheap hack, do you mean their (overall) system was compromised?

            Here's a thing: if the email address on file is broken into, that allows the thief to:
            a) take control of the account and whatever domain name in it, and b) obtain all
            emails without informing the actual owner what's going on. In essence, what's a
            so-called convenient means of notification or so is also an inherent flaw.

            I speak from having worked on the registrar side in a previous life. And yes, what
            happened to Kim Roach is essentially an account "hack" rather than that of the
            registrar itself.

            (If you consider one's account being broken into as a sign of overall weakness in
            a registrar's overall system, then you might be shocked to know that just about
            every other registrar - Go Daddy, Dynadot, NameCheap - use that kind of system
            as well. Few of them offer paid options as extra security measures, though.)

            While registrars don't have control over things like their customers' computers or
            their third party email addresses (i.e. GMail, Yahoo), they keep their customers'
            accounts safe (for the most part) as long as they're within their control to do so.
            Signature

            David

            {{ DiscussionBoard.errors[8013761].message }}
          • Profile picture of the author livo
            Originally Posted by agmccall View Post

            2 months is not old, by the way
            Like I said though, if any changes are made with domains they must be confirmed by the email on file, this includes email changes. If the perp was able to bypass this, then, yes it was a namecheap hack and not a account hack.

            Like you say if changes are made with domains they must be confirmed by email.

            But two of my sites were hacked recently and i never recieved an email?
            Signature


            {{ DiscussionBoard.errors[8016264].message }}
            • Profile picture of the author Kay King
              I am so sorry for not believing everything I read on the internet.

              I did not accuse anyone of anything, I merely asked a question.
              Problem is - you asked the question in a thread last active over two months ago. What's the point of questioning now?
              Signature

              Saving one dog may not change the world - but forever changes the world of one dog.

              {{ DiscussionBoard.errors[8016347].message }}
            • Profile picture of the author RobinInTexas
              Originally Posted by livo View Post

              Like I said though, if any changes are made with domains they must be confirmed by the email on file, this includes email changes. If the perp was able to bypass this, then, yes it was a namecheap hack and not a account hack.

              Like you say if changes are made with domains they must be confirmed by email.

              But two of my sites were hacked recently and i never recieved an email?
              If they get into namecheap, all they have to do is change the admin email before they attempt to transfer.

              It's a bigger problem at namecheap, because namecheap in not an ICANN registrar, she has to deal with ENOM and Namecheap and wherever new registrar is.
              Signature

              Robin



              ...Even if you're on the right track, you'll get run over if you just set there.
              {{ DiscussionBoard.errors[8016781].message }}
          • Profile picture of the author livo
            Originally Posted by agmccall View Post

            I am so sorry for not believing everything I read on the internet.

            I did not accuse anyone of anything, I merely asked a question.

            Like I said though, if any changes are made with domains they must be confirmed by the email on file, this includes email changes. If the perp was able to bypass this, then, yes it was a namecheap hack and not a account hack.

            You may blindly follow if you wish, but I will question when I feel a question should be asked.

            2 months is not old, by the way
            Like you say if changes are made with domains they must be confirmed by email.

            But two of my sites were hacked recently and i never recieved an email?
            Signature


            {{ DiscussionBoard.errors[8016448].message }}
      • Profile picture of the author Craig B
        Originally Posted by agmccall View Post

        Forgive me for being cynical, but, does anyone think this was a publicity stunt.

        First Namecheap was hacked and the only domain they took was buzzblogger.com.

        There are many domains from people here that get more traffic and have make more money than buzzblogger.com.

        Why did they target her, what was so special.

        Any time I make even the simplest change to my domain account I get an email. and all the emails state that if I did not make the change to go to the site. even if I change my account email, I get an email to the address I set up with the account.

        Again, that brings up the point that if the hackers infiltrated namecheap so deep then why just her account.

        I am just playing devils advocate

        al
        That doesn't make any sense considering that Kim gets a lot of traffic that isn't from here. She has lost a lot of organic traffic because of the ordeal. If you look at Buzzblogger.com and Buzzblogger.org on Alexa you will realize how much it has hurt her traffic.

        Most sites aren't IM related and, therefore, you wouldn't hear about them being hacked on here. So how do you know there weren't other sites hacked?

        Maybe she used the same password for her NameCheap account and email. We don't know.

        I'm sure Kim hasn't come forward with the details because of NameCheap. If she goes public with the details, NameCheap could find out and be less cooperative with helping her out. I wouldn't mention the details either.
        {{ DiscussionBoard.errors[8012255].message }}
        • Profile picture of the author agmccall
          Originally Posted by Craig B View Post

          That doesn't make any sense considering that Kim gets a lot of traffic that isn't from here. She has lost a lot of organic traffic because of the ordeal. If you look at Buzzblogger.com and Buzzblogger.org on Alexa you will realize how much it has hurt her traffic.

          Most sites aren't IM related and, therefore, you wouldn't hear about them being hacked on here. So how do you know there weren't other sites hacked?

          Maybe she used the same password for her NameCheap account and email. We don't know.

          I'm sure Kim hasn't come forward with the details because of NameCheap. If she goes public with the details, NameCheap could find out and be less cooperative with helping her out. I wouldn't mention the details either.
          In your post you use words like "Maybe" and "If" because, like me, you do not know. But, the difference is that I "Ask" questions to find out.

          You mention buzzblogger.com and .org but you do not mention her site that opened up just about the time she stopped posting to those sites, MyTrafficMentor.com

          I got the email about the hack, and gave the new .org site with assurance that things would go on, but they did not, everything has now gone to the new site.

          Here is another question I have. When this "Saga" finally unfolds and she fights and wins her site back. And, because in the time she has been fighting for her site she has put all her time and effort into mytrafficmentor.com Now, after much debate with herself, she has decided to part with Buzzblogger.com

          I wonder how much she will get for it.

          Disclaimer: I am on Kims list, and I am a full member of The Traffic Dashboard, and when and if she releases version 2 of Traffic Dashboard I will buy it.
          Signature

          “To succeed, jump as quickly at opportunities as you do at conclusions.”
          – Benjamin Franklin

          {{ DiscussionBoard.errors[8012428].message }}
          • Profile picture of the author Craig B
            Originally Posted by agmccall View Post

            In your post you use words like "Maybe" and "If" because, like me, you do not know. But, the difference is that I "Ask" questions to find out.

            You mention buzzblogger.com and .org but you do not mention her site that opened up just about the time she stopped posting to those sites, MyTrafficMentor.com

            I got the email about the hack, and gave the new .org site with assurance that things would go on, but they did not, everything has now gone to the new site.

            Here is another question I have. When this "Saga" finally unfolds and she fights and wins her site back. And, because in the time she has been fighting for her site she has put all her time and effort into mytrafficmentor.com Now, after much debate with herself, she has decided to part with Buzzblogger.com

            I wonder how much she will get for it.

            Disclaimer: I am on Kims list, and I am a full member of The Traffic Dashboard, and when and if she releases version 2 of Traffic Dashboard I will buy it.
            Even with mytrafficmentor.com the traffic isn't what it use to be and she lost a lot of organic traffic.

            I'm simply pointing out how there is much more to lose than gain with such a "publicity stunt". It just seems so obvious.

            Do you really think she gained that many new readers after making the announcement to her email list? Just look at this thread, the last post was in February and it had barely made it to page 2 before your post. Also, I'm sure many of the viewers already visit her site since she is fairly popular here.

            Now compare that to losing all your organic traffic and backlinks pointing to your site because you can't even redirect the domain.
            {{ DiscussionBoard.errors[8013086].message }}
          • Profile picture of the author Dennis Gaskill
            Originally Posted by agmccall View Post

            In your post you use words like "Maybe" and "If" because, like me, you do not know. But, the difference is that I "Ask" questions to find out.
            No, the difference is you speculated about her character and integrity in public when you questioned if it was a publicity stunt. You probably didn't intend to, but you placed a seed of doubt about her honesty in the minds of many who don't know her that read this thread.
            Signature

            Just when you think you've got it all figured out, someone changes the rules.

            {{ DiscussionBoard.errors[8014409].message }}
  • Profile picture of the author GobBluthJD
    Nobody is safe. Change passwords often, back up everything, beef up security.
    {{ DiscussionBoard.errors[8008914].message }}
  • Profile picture of the author Stripe
    Wow - just wow! Is there no peace to be found in this world anymore?
    {{ DiscussionBoard.errors[8014457].message }}
  • Profile picture of the author seobro
    Here is a word to the wise. I have noticed that people hack controversial web pages.

    For example, no one hacks a site on acne cures. However, a site that sells UFO videos gets hacked every year. Well, you get hackers that post things like - There is no UFO and you are crazy. Basically, not all hackers are motivated by money. Actually many hackers are a frustrated 13 year old that have nothing better to do with their time than post nasty comments on you tube and deface using obscene language your web pages.
    {{ DiscussionBoard.errors[8014505].message }}
  • Profile picture of the author jay walters
    Stolen or hacked, this isn't cool anymore.

    What could be safest and securest thing in

    anyone's site isn't safe. Better be cautious

    and really keep a back up on the files...


    the only thing secure is my chocolate on

    the fridge... wait? did my someone took

    that too... oh nooh!!!
    {{ DiscussionBoard.errors[8014604].message }}
  • Profile picture of the author Craig B
    Another thing I forgot to point out earlier. I noticed that Kim doesn't use privacy registration. I'm not sure if in her case her email was hacked to obtain the domain, but this makes it easier for the hacker as they can see your email associated with the account.

    I always use privacy protection for this reason, in addition to avoiding spam.
    {{ DiscussionBoard.errors[8015998].message }}
  • Profile picture of the author fastcooler
    It is very important to keep all scripts running on server updated and to set all permissions on files correctly. It is also mandatory to have well written .htaccess and robots.txt files.
    {{ DiscussionBoard.errors[8016161].message }}
  • Profile picture of the author greenowl123
    Hackers gonna hack !
    Signature
    Free 40-page eBook "How To Earn With CPA Offers"
    + 14 Free Traffic Training Videos -
    Click here now. (no opt-in required)

    {{ DiscussionBoard.errors[8016189].message }}
  • Profile picture of the author curly sue
    every platform seems to get hacked. I suppose the future is encrypted passwords.
    {{ DiscussionBoard.errors[8016707].message }}
  • Profile picture of the author KhirRahman
    Kim Roach's Buzz blogger is one of my favourite blog. Sad it hacked. But today she set up a new blog. You can check it here mytrafficmentor.com

    Still with great quality of traffic information
    {{ DiscussionBoard.errors[8016742].message }}
  • Profile picture of the author Snowclone
    I recently found a plugin to backup to dropbox daily - Been using it on all my sites ever since. Can't recommend it enough. You never know you'll need to backup until it's too late.
    {{ DiscussionBoard.errors[8017029].message }}
    • Profile picture of the author sbucciarel
      Banned
      Originally Posted by Snowclone View Post

      I recently found a plugin to backup to dropbox daily - Been using it on all my sites ever since. Can't recommend it enough. You never know you'll need to backup until it's too late.
      Her domain was stolen. Backups have nothing to do with that.
      {{ DiscussionBoard.errors[8017048].message }}
  • Profile picture of the author christiangrey
    Banned
    It's always best to change your passwords on a monthly basis, if not sooner. Having daily backups of your site is also essential, especially if your running a blog or a forum where new content will be up each day.
    {{ DiscussionBoard.errors[8017123].message }}
  • Profile picture of the author TravisO
    Everything can be hacked. As long as it is related to computer. You can say no one is safe, but you can be safe by just adding security. Not just 100% though.
    {{ DiscussionBoard.errors[8017259].message }}

Trending Topics