Domain stolen while hosted at GoDaddy: Help!

Topic

New Reply

Short version: My locked domain name of ten years was, without my knowledge or permission, unlocked and transferred to someone in China.

Long version:

7/7/2003 – I registered a domain name (like 5BG.com) that has been parked at Go Daddy for ten years. Along with several other domains. Some have web sites, some don’t.

My domain was set to automatically renew and I had checked the “locked” box.

Early 2013 – I was contacted by a company “5th Bride Games” that asked if I wanted to sell the domain. I responded once to say I’d think about it and how to set a price.

[*]Is this related to what happened next? I don’t know, but may be pertinent.

5/7/13 – The domain was set to automatically renew in July and Go Daddy sent me an offer to “renew now and save 15%” or something like that.

5/12/13 6AM – Go Daddy sent me an email that I had requested the status of 5BG.com be changed to “unlocked” –
“You do not need to respond to this email. If, however, you think this change may have been made in error or fraudulently, please contact us within 15 days.”

5/12/13 4PM – I sent a notice to Go Daddy –

[*] “When I look at my list of domains I do NOT see 5BG.com
[*]I never gave permission for it to lapse or be transferred
[*]Network Solutions lists another owner (Chinese, “owned since 7/7/2002″ which is one day after I registered it)
[*]Please fix the problem and notify me.”

5/17/13 – Go Daddy responded –
[INDENT]“Although we requested that the current registrar reinstate you as the registrant, they have indicated that they will not assist with the return of the domain name(s). As the losing registrar, we no longer have control over the domain name(s). Likewise, any ICANN transfer is the responsibility of the gaining registrar. Therefore, you will need to contact the current registrar if you feel the transfer was handled improperly.
Any dispute over the registration of the domain name(s) will need to be sent to the registrant, current registrar, through an ICANN-approved arbitration provider (http://www.icann.org/en/dndr/udrp/approved-providers.htm) or the local court system.
Regards,Alex H, Transfer Disputes, Go Daddy”[/INDENT]

HELP!

[*]What can I do? What is my recourse?
[*]Can any third party unlock any domain and transfer it away from the original owner?
[*]Would another hosting company be safer? I selected Go Daddy many years ago because they were inexpensive and they had direct phone calls for tech support. I have not had any other problems with them but this obviously upsets me.

======================
For anyone interested in more details on the domain name –

[*]I am keeping the actual domain name private because I am nervous this post might trigger complexities in resolving this
[*]The “like 5BG” was an abbreviation for another domain “like 5 Bright Girls” that failed to get funded, but I’ve held onto the domain names just in case
[*]I am willing to report the actual domain name in a PM

Reply | Quote

Replies

Was the domain transferred before expiration? Did it expire? What exactly happened?

Reply | Quote

Was the domain transferred before expiration? Did it expire? What exactly happened?

It doesn’t (or wouldn’t have) expired until July. But it was set to automatically renew.

[*]How could anyone “unlock” a registered domain at Go Daddy?
[*]How could anyone transfer a domain without authorization from Go Daddy?

Reply | Quote

Hi Hobkirk

Network Solutions (who I believe registers all domains) usually send email confirmations whenever there is a change to the registration information. In the absence of such emails, my guess is that it is a GoDaddy issue.

Having said that, with all the news about and Chinese cyberespionage, if there is a Chinese subsidiary / link to Network Solutions – the compromise could have taken place there.

I know the above is not much help to you, but it would be worth a try using the link that “ruirlb” provides in his post of 2013-05-22 06:36
http://support.godaddy.com/help/article/6040/accepting-or-declining-a-transfer-to-another-registrar?locale=en

Mike

Reply | Quote

I wish you the best of luck. This same thing happened to my wife about 5 years ago. I was never able to figure out the exact mechanism used to steal the site, but NO ONE was of any help. Oddly enough, GoDaddy was involved. Her site was stolen by a Russian, and some research at the time revealed this person had hundreds of registered domains. The whole thing was quite embarrassing as she is a Christian author and the new owner put up a porn site. About two weeks after the renewal date had passed, I received an email offering to let me buy the site back for $10,000. We decided to pass. The porn site was kept alive for 2 years and then allowed to lapse. We have not re-registered the name.

Reply | Quote

Who was registered as the owner and domain administrator? To allow a domain transfer, the administrator for the domain needs to agree.

GoDaddy states this: http://support.godaddy.com/help/article/6040/accepting-or-declining-a-transfer-to-another-registrar?locale=en

So, unless someone acted as you, only GoDaddy could do it. It seems to me your domain was stolen. If your domain was worthy enough money, I would probably be looking at suing GoDaddy and trying to get the domain name back through ICANN (although I would probably not be holding my breath).

Reply | Quote

Who was registered as the owner and domain administrator? To allow a domain transfer, the administrator for the domain needs to agree.

GoDaddy states this: http://support.godaddy.com/help/article/6040/accepting-or-declining-a-transfer-to-another-registrar?locale=en

So, unless someone acted as you, only GoDaddy could do it. It seems to me your domain was stolen. If your domain was worthy enough money, I would probably be looking at suing GoDaddy and trying to get the domain name back through ICANN (although I would probably not be holding my breath).

[*]I was the owner and administrator
[*]So yes, I think this is called stealing
[*]I assume someone must have gone into my account, gotten past the password (“very strong” on most testers but certainly not unbreakable), and did their dirty deed

I posted in the Lounge because I wanted some heavyweight opinions. I was flabbergasted when this happened. And it makes me think that this could happen to any domain registered with Go Daddy. Or is it any domain registered with anyone?

Reply | Quote

Wikipedia: Domain hijacking > Description

Domain hijacking can be done in several ways, generally by exploiting a vulnerability in the domain name registration system or through social engineering.

The most common tactic used by a domain hijacker is to use acquired personal information about the actual domain owner to impersonate them and persuade the domain registrar to modify the registration information and/or transfer the domain to another registrar, a form of identity theft. Once this has been done, the hijacker has full control of the domain and can use it or sell it to a third party.

Responses to discovered hijackings vary; sometimes the registration information can be returned to its original state by the current registrar, but this may be more difficult if the domain name was transferred to another registrar, particularly if that registrar resides in another country. In some cases the original domain owner is not able to regain control over the domain.

The legal status of domain hijacking remains unclear. It is analogous with theft, in that the original owner is deprived of the benefits of the domain, but theft traditionally regards concrete goods such as jewelry and electronics, whereas domain name ownership is stored only in the digital state of the domain name registry, a network of computers. There are no specific laws regarding domain hijacking, nor any law that specifically holds the domain name registrar responsible for allowing the registrant information to be modified without the permission of the original registrant. In some cases there may be recourse under trademark law, but not all domain names are (or can be) registered as trademarks.

Reply | Quote

I am sure there are people at GoDaddy that could easily control the domain from within, without the need to hack into your account. It is even possible that this was done by an employee, on his own volition, without “corporate malfeasance”. Have you looked at the possibility of filing a complaint using GoDaddy’s own mechanisms? There must be a way to report wrongdoing by its employees or file some complaint about their own services?

I would also fill a complaint with ICANN: http://www.icann.org/en/about/learning/faqs

If GoDaddy does not provide a way to fix this, probably the courts are the place to solve this…

Is this possible with any registrar? I would believe so, but doing it would prove any registrar unfit for the role and law enforcement and ICANN should know about it.

Reply | Quote

Hi

See this, though:

http://support.godaddy.com/groups/go-daddy-customers/forum/topic/9-domains-stolen-from-my-godaddy-account/

I’m not sure how to use it but I am sure the various consumer protection groups in the US would be interested..

Reply | Quote

Hi

I also found:

http://www.famousbloggers.net/domain.html <- see the advice in here! It appears sound!

Reply | Quote

Great Link, Brett. Thanks for sharing.
The key difference here – the 2nd registrar cooperated.

Reply | Quote

Good luck getting any help or satisfaction from GoDaddy!!

In the security community they have a really bad rep for hosting anything & everything but never responding to confirmed & well documented reports of drive-by malware, illegal activities, spammers or abuse. They are averse to anything that requires them to actually DO something unless they can charge for it! Their biggest money grabbing disservice to the public is their “Domains by Proxy” registration service that hides & blocks access to ALL information about a domain registrant without a court order 😡

Regrettably domain name theft can happen with a lot of registrars BUT it should NOT be possible. A reputable registrar will not transfer a domain name for a specified time period (usually at least 48 hours) & only after they have sent an email to the address they have for you & received confirmation back that you did initiate the transfer. To comply with all that, a thief, after hacking into your account, would need to change at least your email address (& possibly your password) before initiating the domain name transfer. Those changes should trigger at least one email to your original address asking for confirmation! The whole sequence should raise huge red flags with ANY decent registrar!

What can you do?
Contact the new registrar yourself & accuse their registrant of theft.
Contact ICANN & initiate a dispute BUT, if the new registrar is out of their jurisdiction, they may not be able to help.

Good luck, I’m afraid you’ll need it :rolleyes:

Reply | Quote

I feel your pain. I had a personal website registered with Microsoft for 7 or 8 years. It started oiut as a freebee part of live office (or something like that), with only the ability to use MicroSoft templates. I wanted more control so after a year I paid the annual registration fee for the domain. All was happy until last summer (6 months before renewal) I received an email from a Chinese company trying to bill me $50 for the upcoming year’s registration. I was puzzled, and I ignored it. A month later, 5 months before expiry, my website disappeared from my domain and was replaced with a placeholder page. I contacted Microsoft and was told that the domain had been transferred, and they were no longer doing the hosting / registrations. Nothing they could, or would do. Not worth the expense and energy to chase some Chinese hijacker for a website that basically hosted personal and family stuff anyhow. The most major annoyance was that my Windows 7 phone (there’s another story) was / is tied to the hijacked domain’s primary email account. *sigh* So I lost my domain and my email, and my wife’s email. The calendar and contacts still exist, for the time being anyhow. If that lasts 6 more months I’ll be happy emough – then I can throw the phone, calendar, contact list, and domain event into the trash bin, where they all belong.
There – now I feel better!

Reply | Quote

“Go Daddy sent me an email that I had requested the status of 5BG.com be changed to “unlocked” ”
How was this request initiated? Via email? Via website?

Every time I have transferred domains from one registrar to another I had to unlock the domain. One can not request a domain to be unlocked without supplying either secret code or other passwords to the registrar so that they have some authentication.

As well I have had to generate a token from the loosing registrar (GoDaddy in this case) and give the gaining registrar the token for the transfer to proceed.

Something sounds fishy on GoDaddy’s side here. How strong of a password did you have on your GoDaddy account? Did you have private whois enabled for this domain when it was registered with GoDaddy?

Reply | Quote

Here is my 2 cents. I do not let the registrars “hide” registration because I can Always go to WhoIs and see my information and if it is correct.

I suggest making a YouTube Video about the problem and call out GoDaddy. They Can and Should product the paper trail of who, what, when, and how the domain was changed and that you have auto renewed it from get go.

YouTube videos have worked for me to expose fraud, lack of customer service, and complete lack of service period. Best of luck to you.

Reply | Quote

BTW – I’d have your computer thoroughly checked for spyware. Use a couple of well respected online tools like ESET’s to get other “opinions”. There is the possibility they got your password that way. Then unlocking and transferring is easy.

Although its possible they’ve hacked GoDaddy and use that to take domains for customers.

Reply | Quote

This has just happened to me – Google offered a cheap domain registration for some apps thing that I never got much use of – it appears they registered the domain via – you guessed – GoDaddy. In May I was warned to tick “auto renew” in the impenetrable Google admin page – I did so. Last week I discovered the site displaying a Nike holding page. I could not gain access to Godaddy account. Yesterday I sent photo ID and all the data asked for to reassign Godaddy password. This morning Godaddy tell me I am not the registered owner of the domain and the matter is closed. “Who is” shows a chinese owner who acquired the name on 5th July – just about the time I began to move to move the name to a new host (oddly enough). So Godaddy is implicated and as far as I can see the Mighty Google is implicated. I expect an offer to purchase my domain name back ay day now – not a lot of use to anyone else at is is based on my name. Had a new set of business cards printed three months ago featuring the domain name and now have a magnetic strip on my car advertising -in effect – Nike. Thanks Godaddy – thanks Google.

Reply | Quote

The fact that GoDaddy notified you of the domain being unlocked (and thus able to be transferred) and you did nothing will probably be their out. They notified you.

How the culprits managed to get it unlocked is the curious part. I would suspect impersonation and using some sort of lost password thing. But obviously a total lack of care on GoDaddys part. Lifting a domain thats not locked is much easier.

GoDaddy uses a non-standard interface and process. I transferred a friends domain off GoDaddy and it took a bit of digging to find how. The help files did not tell you how to leave. I refuse to use GoDaddy. For reasons others mention but also because they encourage a lot of the hostage domain activity and spam sites that crosslink each other but have no value except Google Ad revenue. I can think of a long list of issues actually. Crap on the web is commonly hosted by them.

Don’t know what to suggest on the stolen domain other than contacting ICANN. A Youtube video exposing GoDaddy would not be a bad idea also. I had no idea this was going on with locked domains. But I would definitely move my domains to a more reputable registrar. Who wants to support organizations that abuse their customers and their market space?

Here’s the ICANN page that seems to cover this:
http://www.icann.org/en/help/dndr/tdrp

Reply | Quote

The fact that GoDaddy notified you of the domain being unlocked (and thus able to be transferred) and you did nothing will probably be their out. They notified you.

How the culprits managed to get it unlocked is the curious part. I would suspect impersonation and using some sort of lost password thing. But obviously a total lack of care on GoDaddys part. Lifting a domain thats not locked is much easier.

GoDaddy uses a non-standard interface and process. I transferred a friends domain off GoDaddy and it took a bit of digging to find how. The help files did not tell you how to leave. I refuse to use GoDaddy. For reasons others mention but also because they encourage a lot of the hostage domain activity and spam sites that crosslink each other but have no value except Google Ad revenue. I can think of a long list of issues actually. Crap on the web is commonly hosted by them.

Don’t know what to suggest on the stolen domain other than contacting ICANN. A Youtube video exposing GoDaddy would not be a bad idea also. I had no idea this was going on with locked domains. But I would definitely move my domains to a more reputable registrar. Who wants to support organizations that abuse their customers and their market space?

Here’s the ICANN page that seems to cover this:
http://www.icann.org/en/help/dndr/tdrp

Try to make your Youtube video as funny as possible, so that it will go viral.

Group "L" (Linux Mint)
with Windows 8.1 running in a VM

Reply | Quote

The fact that GoDaddy notified you of the domain being unlocked (and thus able to be transferred) and you did nothing will probably be their out. They notified you.

How the culprits managed to get it unlocked is the curious part. I would suspect impersonation and using some sort of lost password thing. But obviously a total lack of care on GoDaddys part. Lifting a domain thats not locked is much easier.

GoDaddy uses a non-standard interface and process. I transferred a friends domain off GoDaddy and it took a bit of digging to find how. The help files did not tell you how to leave. I refuse to use GoDaddy. For reasons others mention but also because they encourage a lot of the hostage domain activity and spam sites that crosslink each other but have no value except Google Ad revenue. I can think of a long list of issues actually. Crap on the web is commonly hosted by them.

Don’t know what to suggest on the stolen domain other than contacting ICANN. A Youtube video exposing GoDaddy would not be a bad idea also. I had no idea this was going on with locked domains. But I would definitely move my domains to a more reputable registrar. Who wants to support organizations that abuse their customers and their market space?

Here’s the ICANN page that seems to cover this:
http://www.icann.org/en/help/dndr/tdrp

Delayed response – They notified me I had “unlocked” it and I responded within hours. The domain name was already gone.

Reply | Quote

Hi,

I’m with the Internet Society in New York. We are an at-large structure within ICANN

I noticed your tale of woe and forwarded it to the North American At Large Regional Organization (NARALO).

Alan Greenberg of the ICANN At-Large Advisory Committee asks that, if the problem has not been resolved, you get in touch with him directly.

He is at alan.greenberg (at) mcgill.ca

Regards

Joly MacFie.

Reply | Quote

For what it’s worth, my family business has used BlueHost for a few years, with no problems. Renewal is automatic and the domain has remained secure. BlueHost uses several types of authentication apparently not applied as standard defaults by GoDaddy. Just my own experience, but the link to the blog in Post #9 in this thread also references BlueHost and implies their security is better than GoDaddy.

wwwhatsup (Post # 19) seems to be offering a good path toward solving this isue, and that offer should be followed in this case.

-- rc primak

Reply | Quote

I purchased two domain names in 2006 through GoDaddy, but I hated their user interface, and their advertising, and transferred out of there to Blue Host within a month. The transfer went smoothly, I still have one of the domains parked, but as part of my hosting package, Blue Host pays for that domains registration and I pay for the one I use. Their security is good, I have always found them responsive either via messaging or when calling and every issue (and there have only been a couple, early on) I had was handled with one phone call. And GoDaddy still makes me ill…

Reply | Quote

It is becoming obvious that standard password protected websites have an increasing level of risk. GoDaddy.com has a two-step verification that seems to work well and might prevent domain thefts that require access to your account. Generally, two-step verification requires a phone number that will be sent a unique code for each time you want access to the account. After hearing the horror stories for important websites, including G-mail, I decided it was worth the increased inconvenience. You may wish to look into it for your account (and any other important account you do not want hi-jacked). A noted technology writer, Mat Honan, has this harrowing story of his own experience and what he did to restore his digital identity. See http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/.

Reply | Quote

I’m just curious: are you still doing business with GoDaddy?

If so, why?

I’ve been with 1and1.com for years with negligible problems, all of which were immediately resolved with just a phone call.

AL

Reply | Quote

I’m just curious: are you still doing business with GoDaddy?

If so, why?

I’ve been with 1and1.com for years with negligible problems, all of which were immediately resolved with just a phone call.

AL

1and1 has not given me any problems either but they are getting expensive for domain names, going up to $14.99/year now. I am looking to move some I am siting on but GoDaddy certainly isn’t going to be on my list.

Reply | Quote

… but GoDaddy certainly isn’t going to be on my list.

Know that feeling. Toyota couldn’t pay me to own one. 😉

Reply | Quote

Toyota couldn’t pay me to own one. 😉

Own one what? We weren’t talking about Toyota here, were we?

-- rc primak

Reply | Quote

Some of my domains have been on GoDaddy for over 7 years with nary a single, solitary problem whatsoever. I’m just saying. 🙂

(Also have some with Register.com for over 12 years now, also with never a single problem).

Reply | Quote

Sure hope not. 😉

Reply | Quote

Sure hope not. 😉

I know the Toyota comment just a joke, but my 2005 used Prius has been no joke. Even with two Recall scares (both not found to be an issue in my vehicle) at over 170,000 miles, this little car does just fine. The Hybrid Battery is working well, and I can’t argue with 47 miles to the US Gallon in city driving. FWIW, it’s the gas-only Toyotas from the early 2001-2010 period which had the serious safety recalls.

-- rc primak

Reply | Quote

Glad you like it.

Reply | Quote

It is unfortunate that things like this do happen. Here are some tips to help prevent this from happening:

[*]Correct Registration – Keep your domain name’s contact information current. A domain name is like a car – the name on the title determines who registered it, not the person who paid for it. In the domain name world, the Whois database contact information is the title. Make sure:

[*][*]You enter correct and valid information in the registrant, administrative, technical, and billing contact fields.
[*][*]The listed registrant is the exact person or entity you want to have legal rights over the domain name.
[*][*]You have a valid business license for the listed company and a government-issued photo ID for the person listed as the registrant. That way, if you do lose access to your account or domain name, you can validate registration of the domain name in the future.

[*]Administrative Email Address – The administrative contact email address has the authority to approve a transfer of the domain name to another registrar. Do not allow the email address to become outdated or expire because this allows someone else to sign up for the email address, providing easy access to the account and domain name.

[*]Login Regularly – Be vigilant: Regularly log in to your customer account and make sure your account and domain name contacts are correct. If your domain name is with us, you might consider Domain Monitoring. This service alerts you via email when your domain name’s settings change.

[*]Lock Your Domain Name – To prevent unauthorized transfers to another registrar, lock your domain name from within your account. To help prevent your domain name from being moved out of your account, consider Protected Registration. Your domain name can be upgraded to add this enhancement. If your domain is with another registrar, you may only have the ability to lock your domain.

[*]Secure Email – Keeping your email secure is key to keeping your domain name safe. Remember the following:

[*][*]Use a secure email address. Free email accounts might be easy targets for unauthorized access.
[*][*]Create your password using a complex series of letters, numbers, and symbols.
[*][*]Change your password frequently to deter possible hackers intending to steal your domain name.

[*]Antivirus/Spyware – To prevent key-logging software from capturing your user names and passwords and delivering your information to unauthorized persons, install antivirus/spyware software. Update your antivirus/spyware software periodically.

[*]Be a Human Firewall – DO NOT give your customer account login, password, credit card, or shopper PIN information to anyone, including your webmaster. Webmasters NEVER need direct access to your domain name. They need access to your hosting account login and password. Use the Account Administrator feature of your account to grant access levels to others who need to manage domain names in your account.
[/LIST]

If you find something that isn’t correct or receive a notification of a change that you didn’t do please email Undo@GoDaddy.com as soon as possible. If you have a domain that has been removed, please contact TransferDisputes@GoDaddy.com. The faster you are able to send the email, the higher chance we have at recovering the change/transfer. Replies usually come by the following business day. If you have any questions, please let me know or you can also contact our 24/7 support.

-James R. Social Media Specialist @ GoDaddy.com,LLC

Reply | Quote

Thank you James.

Reply | Quote

Bluehost has an excellent reputation. Register.com as well. I’ve used TRK for clients as well as some local hosts. Some people who database sensitive info feel they should use off-shore hosts but i’m not sure that makes much difference. A client used a Philippine host that associated her domain with some porn sites to gain secondary add revenue.

It’s nice that Bluehost includes domain registration for excellent rates. If your needs are simple and your site modest, that can be fine. But if you anticipate a strong commercial site and evolving needs, it can be useful to manage your domains separately from your web site host. That way, you can seamlessly migrate at any time. But again, you want an established organization. If you do register your domains though your web host, you might want to check who their domain registrar is. Some like register.com and tucows are well established. Some less so.

I’ll also note that some country domains (2 letter) have become more popular lately. The better ones are managed properly (like .it and .ca) but some like .tv and .ta are wide open and managed by small overseas companies. I’d be a little careful about betting your business on one of those. A secondary domain maybe…

Reply | Quote

Thanks, James. Great set of tips.
Domain locking should be quite sufficient if the system is set up properly and people follow some of the other points you mention. For example, most registrars lock domains by default now.

It’s not uncommon for people to send the setup email to their web designers. It often includes all passwords when domain service is included.

However, personally I’ve had several bad experiences with GoDaddy, mainly extracting clients with troubles there. I can appreciate a larger business with more customers will tend to have more troubles but GoDaddy was not cooperative and at the time, the transform process was well buried as was the procedure. I knew what needed to be done but not how to find the settings. Most hosts use CPanel or similar, a well designed web management platform. GoDaddys is less than intuitive, to put it mildly.

I also prefer complete services at a good price, such as BlueHost or TRK. That way, simple changes can be easily effected. GoDaddy however tends to nickel and dime you. The mentioned Protected Registration would be an example.

But as they say – your mileage may vary. I’ve met a few who like GoDaddy and I’ve been very happy with Toyota. 😉

Reply | Quote

But as they say – your mileage may vary. I’ve met a few who like GoDaddy and I’ve been very happy with Toyota. 😉

TOYOTA – The One You Ought To Avoid

😀

Reply | Quote

http://windowssecrets.com/forums/showthread//154322-Domain-stolen-while-hosted-at-GoDaddy-Help!?p=911255&viewfull=1#post911255

Reply | Quote