IT.COM

Our domain has been stolen

Spaceship Spaceship
Watch

yudiarnanda

Established Member
Impact
45
On April 8th I logged into my WordPress, when I logged in an error appeared that my username and email were not registered there, I checked the database but my username and email were there.

I checked Whois, and the DNS has changed to Cloudflare's DNS, I'm using InMotion Hosting, but my domain is still on Godaddy. I can't log in to Godaddy, I recovered my account at changeupdate.com, after I get my Godaddy account back, I checked on the activity that my account was added with a mobile phone number for 2-step verification on March 31st. I checked my domain, freedesignresources.net is also gone.

They also stole my cPanel and changed all the passwords, so I don't get notified when the domain is transferred. I contacted Godaddy on April 9th and was advised to email [email protected], I got a reply:

The Undo Department cannot investigate claims regarding unauthorized account access. If your account was reviewed and determined to be compromised, the domain will be returned to the account as part of the review process.

Then again get a reply like this:

We apologize for any confusion, the Undo Department cannot investigate claims regarding unauthorized account access.

I chatted with several agents, they advised me to send another email. I've emailed six Godaddy departments several times:

On the 17th I got a reply, and I was advised to email [email protected] regarding my case. Then on the 22nd, I asked again to the agent via chat about the last email I sent to [email protected], they said I would get a reply email within 24 hours. After 24 hours I didn't get an email reply, on the 23rd I asked again to another agent, why haven't received a reply, they said couldn't find my ticket, so I was advised to send another email again to [email protected] or [email protected].

Why They can't find my ticket? I've emailed six departments of Godaddy at different times, all emails I sent from April 9 to April 23 were suggested by the Godaddy team on live chat.

I contacted the six departments of Godaddy many times. But did not get a satisfactory answer. What should I do now?
 
15
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
0
•••
6
•••
How in the world did someone get access to both your GoDaddy domain account and your InMotion hosting account/CPanel?

That's insane, even for the standard "giving it away like candy" customer service reps.
 
2
•••
How in the world did someone get access to both your GoDaddy domain account and your InMotion hosting account/CPanel?

That's insane, even for the standard "giving it away like candy" customer service reps.
Compromised email account is the likely culprit. From there, an attacker can scan thru the inbox and see any possible accounts, then use the “Forgot Password” feature on many sites to change the password and gain entry.
 
3
•••
2
•••
0
•••
0
•••
How in the world did someone get access to both your GoDaddy domain account and your InMotion hosting account/CPanel?

That's insane, even for the standard "giving it away like candy" customer service reps.

I don't know how, but it happened, I didn't receive any notification either from Godaddy or InMotion Hosting. But I didn't lose my InMotion account, they hijacked my cPanel.
 
1
•••
Compromised email account is the likely culprit. From there, an attacker can scan thru the inbox and see any possible accounts, then use the “Forgot Password” feature on many sites to change the password and gain entry.
Yes, I think so.
 
0
•••
@Joe Styler @Paul Nicks

Can you take a look at this?

Brad

Can you follow up on this @Joe Styler @Paul Nicks? I also spoke with Daniel from InstantShift about this, we had the same case, but the domain was transferred to another registrar, it took him only a week to get the domain back

My domain just transferred to another Godaddy account, I don't think it took a long time to verify my case.
 
0
•••
freedesignresources .net it has 30K Alexa, so its valuable website with lower value domain.

yes just wanted to make sure of name...cause its my understanding 90percent stolen names are due to name value only. of which this has none.

if I understand correctly the thief wishes to profit.off existing biz yes?
 
0
•••
yes just wanted to make sure of name...cause its my understanding 90percent stolen names are due to name value only. of which this has none.

if I understand correctly the thief wishes to profit.off existing biz yes?

Yes, He asked me to pay $5000 for my domain. He said:

Don't have money to buy the domain? I have a proposition for you. I'll keep the site until I earn $5000. Then I will gift the domain to you. You can't come to a conclusion by constantly complaining. If you don't stop complaining, I'll sell the space to someone else. Then you will try to buy from him with very high sums.
 
Last edited:
1
•••
On April 8th I logged into my WordPress, when I logged in an error appeared that my username and email were not registered there, I checked the database but my username and email were there.

I checked Whois, and the DNS has changed to Cloudflare's DNS, I'm using InMotion Hosting, but my domain is still on Godaddy. I can't log in to Godaddy, I recovered my account at changeupdate.com, after I get my Godaddy account back, I checked on the activity that my account was added with a mobile phone number for 2-step verification on March 31st. I checked my domain, freedesignresources.net is also gone.

They also stole my cPanel and changed all the passwords, so I don't get notified when the domain is transferred. I contacted Godaddy on April 9th and was advised to email [email protected], I got a reply:



Then again get a reply like this:



I chatted with several agents, they advised me to send another email. I've emailed six Godaddy departments several times:

On the 17th I got a reply, and I was advised to email [email protected] regarding my case. Then on the 22nd, I asked again to the agent via chat about the last email I sent to [email protected], they said I would get a reply email within 24 hours. After 24 hours I didn't get an email reply, on the 23rd I asked again to another agent, why haven't received a reply, they said couldn't find my ticket, so I was advised to send another email again to [email protected] or [email protected].

Why They can't find my ticket? I've emailed six departments of Godaddy at different times, all emails I sent from April 9 to April 23 were suggested by the Godaddy team on live chat.

I contacted the six departments of Godaddy many times. But did not get a satisfactory answer. What should I do now?

Every time I contact the live chat, I am always given a promise by the agent that my case will be processed. Some say the Advance team will reply to emails asking for purchase receipts and other evidence, others say my domain will be back in 24-48 hours.

I don't know which one to believe. Meanwhile, until now I haven't received any response from Godaddy that my case will be processed. I just sent an email and told stories about my case without any results. I've lost my domain since March 31, and it's been almost 1 month without any progress. Pathetic.
 
1
•••
If you can prove that the domain and hosting account is yours and the case is not solved yet, then Godaddy and InMotion are guilty of taking part with the hackers.
I m sure they have geolocation and other data to see the hacker location, device and browser.

If you have access to hosting, just go and close the site with htpaswd file, edit from database any suspicious emails and delete unknown users if any, install Wordfence if you not have it already.

Not sure what access the hacker have so he blackmail you in this way, as I understand he have only the domain control, right?
If the domain was moved between Godaddy accounts, then they know who is the hacker, they should reveal his data publicly so we will know who is that lazy d**k.
 
Last edited:
1
•••
Yes, He asked me to pay $5000 for my domain. He said:
Have you filed a police report? It seems to me this is justified here.

This must be highly stressful for you. I hope that you are successful in promptly getting your domain name back.
 
9
•••
So I had a look at DomainIQ. It appears the last record change was Apr 4, 2022. So I suspect that is the date it was taken over.

The domain name itself still seems to be at GoDaddy, just the nameservers changed as you note. That should mean that return would be easy once GoDaddy establish the ownership.

As far as I can see there is no lock, other than the standard transfer lock, on the name. I would have thought your emails/support chats would at least trigger them to make it so the domain name can't move.

Bob
 
Last edited:
1
•••
Compromised email account is the likely culprit. From there, an attacker can scan thru the inbox and see any possible accounts, then use the “Forgot Password” feature on many sites to change the password and gain entry.

Sure, but it's surprising a person would use the exact same email on all of his services. I mix mine up just to make it harder if one them is stolen through social engineering.

And all my emails are on my phone, so if I get even the slightest issue with passwords or access (even false-positives) I immediately investigate online and with service providers.

The CSRs be giving it away like candy, and the entire world is trying to steal 24/7, so you really need to be proactive.
 
Last edited:
2
•••
yes just wanted to make sure of name...cause its my understanding 90percent stolen names are due to name value only. of which this has none.

if I understand correctly the thief wishes to profit.off existing biz yes?
domain rating and domain authority is extremely high with low spam score a x,xxx name i would say even without the website
 
0
•••
domain rating and domain authority is extremely high with low spam score a x,xxx name i would say even without the website

so what would u do with this name without website...if u paid it 4fig? parking money or something? cause strictly as name without rankings etc it has no value
 
1
•••
so what would u do with this name without website...if u paid it 4fig? parking money or something? cause strictly as name without rankings etc it has no value
it helps with ranking when you decide to develop it even without the website if you monitor dropcatch auctions some random domains with double hyphens go for high hundreds only for the da and dr metrics
 
0
•••
If you can prove that the domain and hosting account is yours and the case is not solved yet, then Godaddy and InMotion are guilty of taking part with the hackers.
I m sure they have geolocation and other data to see the hacker location, device and browser.

If you have access to hosting, just go and close the site with htpaswd file, edit from database any suspicious emails and delete unknown users if any, install Wordfence if you not have it already.

Not sure what access the hacker have so he blackmail you in this way, as I understand he have only the domain control, right?
If the domain was moved between Godaddy accounts, then they know who is the hacker, they should reveal his data publicly so we will know who is that lazy d**k.

I can prove that I am the owner of that domain. I have proof of payment in both Godaddy and Paypal accounts. They don't have hosting access, so I'm assuming they took my files and then moved them to their hosting. I tried to log in to WordPress, but my username was not found there.

They only control the domain, it should be easy for GoDaddy to find out who stole my domain.
 
2
•••
Have you filed a police report? It seems to me this is justified here.

This must be highly stressful for you. I hope that you are successful in promptly getting your domain name back.

I haven't made a police report yet. I was very frustrated, and Godaddy's response was not what I expected.

So I had a look at DomainIQ. It appears the last record change was Apr 4, 2022. So I suspect that is the date it was taken over.

The domain name itself still seems to be at GoDaddy, just the nameservers changed as you note. That should mean that return would be easy once GoDaddy establish the ownership.

As far as I can see there is no lock, other than the standard transfer lock, on the name. I would have thought your emails/support chats would at least trigger them to make it so the domain name can't move.

Bob

Yes, on April 4th, they changed DNS. I guess it will be easy for Godaddy to verify and return the domain to my account
 
2
•••
Sure, but it's surprising a person would use the exact same email on all of his services. I mix mine up just to make it harder if one them is stolen through social engineering.

And all my emails are on my phone, so if I get even the slightest issue with passwords or access (even false-positives) I immediately investigate online and with service providers.

The CSRs be giving it away like candy, and the entire world is trying to steal 24/7, so you really need to be proactive.

I use a different email on all services for my domain. unfortunately, the email I use is on the same hosting, so they can access it.
 
0
•••
Every time I contact the live chat, I am always given a promise by the agent that my case will be processed. Some say the Advance team will reply to emails asking for purchase receipts and other evidence, others say my domain will be back in 24-48 hours.

I don't know which one to believe. Meanwhile, until now I haven't received any response from Godaddy that my case will be processed. I just sent an email and told stories about my case without any results. I've lost my domain since March 31, and it's been almost 1 month without any progress. Pathetic.

Cases like this really need to be escalated to higher levels. The first level of support is not really designed to handle complex cases like this.

Hopefully Paul or Joe can get this back on track.

Brad
 
Last edited:
4
•••
Back