• Our Domain was stolen.

    *9/18 update* No change, GoDaddy is still waiting for Aust Domains to respond. I wonder if Aust Domains normally takes this long to respond to other kinds of requests. Please! Give us back our stolen domain!

    *9/17 update* I asked GoDaddy for an update today. They're waiting for Aust Domains, the registrar with the stolen domain to get back to them with some information. It's been more than 24hrs so I hope Aust Domains acts soon. Please! Give us back our stolen domain!


    Hi everyone and welcome to our temporary domain. As I'm sure you've noticed HowardForums is currently located at the temporary domain www.howardforum.com (no "s"). In case you can access this on some of your computers and not others, it will take a few hours for the changes to propagate throughout the internet.

    In the meantime, do not access the site via www.howardforums.com unless you hear otherwise from me.

    Unfortunately, our domain was stolen over the weekend and I'm currently working with my registrar, GoDaddy on getting it back. While I initially thought GoDaddy wouldn't do anything till Monday, after a a few hours they got back to me. Since then, they have been working with me to get the domain back so kudos to them helping me on the weekend.

    Our stolen domain was transferred away to http://www.austdomains.com.au/ so GoDaddy is waiting for them to respond. Hopefully things will go smoothly so we can get our domain back.

    In case you're wondering our forum data is unrelated to the domain so it is safe.

    How did this happen? My GoDaddy account is attached to a family member's email. I did this so that our domains would be safe in case anyone ever tried to break into MY email. While the family member's email is used for other things it doesn't have anything else to do with the forum besides the domain. Last week, we were forced to log into this email at a hotel business center in order to print out something. Normally, I know better but we were in a bind. I suspect our thief was able to capture our email and password using a keylogger then.

    The theif used the email to reset our GoDaddy account and then transferred the domain away. Before they did this they setup filters to automatically delete subsequent emails from GoDaddy. This would keep us from realizing our domain was about to be transferred away plus it would create the illusion that everything is okay.

    Regardless, I apologize to all of you for our downtime and thank you for your support. I'll let you all know more as the situation unfolds.

    Howard Chui
    This article was originally published in forum thread: Our Domain was stolen. started by howard View original post
    Comments 113 Comments
    1. mch's Avatar
      mch -
      The sad thing is, if it hadn't been some relatively high profile website like HowardForums, it would have taken GoDaddy days to straighten it out.
    1. jebr's Avatar
      jebr -
      That explains it. I've been running scans worried that my computer was infected.

      Not cool, GoDaddy.

      Sent from my PantechP9070 using HowardForums
    1. frail's Avatar
      frail -
      To be clear, Go Daddy is not at fault for the domain being stolen. We were initially upset with them because they were going to wait until Monday to look into it. However, we are working with them now to recover the domain.
    1. mch's Avatar
      mch -
      I'm curious. What happened here? Was the domain not locked to prevent transfer? Godaddy account hijacked via password recovery? Password shared across sites? Social engineering?or something more sophisticated?

      Lot's of potential attack vectors. I'm glad that Godaddy eventually came through and was responsive.

      I have never used Godaddy, but am not at all confident that the response of the registrars that I do use would have been any better.
    1. Guest 332's Avatar
      Guest 332 -
      Quote Originally Posted by jebr View Post
      That explains it. I've been running scans worried that my computer was infected.

      Not cool, GoDaddy.

      Sent from my PantechP9070 using HowardForums
      Not see any warning at any times with Eset NOD and MalwaresBytes Anti Malware...
      It's a just redirect to ads pages !
    1. gotanmp3's Avatar
      gotanmp3 -
      GoDaddy was just in the (tech) news recently for an outage caused either by a glitch or a hacker group, depending on who you believe. Either way, if it were me I'd find a competitor. I can't believe they don't have any kind of safeguards in place to prevent this sort of thing from happening.

      I'm not even sure it's fixed yet - I added the site's IP to my hosts file as a quick and dirty fix, lol.
    1. frail's Avatar
      frail -
      Quote Originally Posted by mch View Post
      I'm curious. What happened here? Was the domain not locked to prevent transfer? Godaddy account hijacked via password recovery? Password shared across sites? Social engineering?or something more sophisticated?

      Lot's of potential attack vectors. I'm glad that Godaddy eventually came through and was responsive.

      I have never used Godaddy, but am not at all confident that the response of the registrars that I do use would have been any better.
      As mentioned in the announcement Howard posted: "Someone hacked into the domain administrator's email and transferred the domain away from our registrar. After they transferred the domain away, they setup filters to delete subsequent emails so that we wouldn't be alerted."
    1. mch's Avatar
      mch -
      Sorry, missed that.

      I suppose some kind of two factor auth on the email address would have prevented this. I wish more and more sites would offer google authenticator or something similar (Google, Facebook, Dropbox, Amazon AWS are all using the exact same algorithm as and are compatible with google authenticator for 2-factor auth)

      Then again, it is always easy to say stuff like this after the fact.
    1. alpinestars's Avatar
      alpinestars -
      Quote Originally Posted by mch View Post
      Sorry, missed that.

      I suppose some kind of two factor auth on the email address would have prevented this. I wish more and more sites would offer google authenticator or something similar (Google, Facebook, Dropbox, Amazon AWS are all using the exact same algorithm as and are compatible with google authenticator for 2-factor auth)

      Then again, it is always easy to say stuff like this after the fact.
      +1

      Was just about to suggest this until I saw your post.
    1. Gumbochief's Avatar
      Gumbochief -
      Howard obviously paid no heed to the tale of Gizmodo editor Mat Honan.
      I very much doubt he missed the story of Honan being hacked. I have been using 2FA on my accounts supporting it, ever since.
    1. mdancy's Avatar
      mdancy -
      wow.. that is insane! good luck with today and getting it back. Glad that you do backups
    1. CA's Avatar
      CA -
      Looks like a weekend from hell! J/K.

      Howard accessed the relevant email attached to the domain via a public terminal at a Hotel, he imagines a keylogger was installed at this location.
      Think Roboform for keyless entry

      And

      AppFor for the win!
      http://appfog.com/

    1. YoDude's Avatar
      YoDude -
      Good luck and all speed with repairs dude.

      Can/should individual passwords be changed if we access our profiles from the no "s" url?
    1. mch's Avatar
      mch -
      Quote Originally Posted by Gumbochief View Post
      Howard obviously paid no heed to the tale of Gizmodo editor Mat Honan.
      I very much doubt he missed the story of Honan being hacked. I have been using 2FA on my accounts supporting it, ever since.
      I think most of us have been in the situation where we do something in the face of need that is somewhat risky.

      There are still way too many services that don't provide for some form of multi-factor auth. The ones that support it are a minority: a number of the MMO companies (Trion, Blizzard, etc.), Paypal/Ebay, google, dropbox, facebook, AWS, some banks.

      The nice thing about google authenticator in particular, is it that the client side and server side are open source. Companies with sufficient resources can implement it in a few weeks. Dropbox literally did.

      Imagine if 2FA were a standard, and you could use the same soft token for almost all websites, even websites where the motivation to compromise an account is low like HoFo. 2FA isn't a silver bullet, but it does raise the bar on attacks.

      The other thing that is probably best practice here is to use a email account backed by 2FA that is only used for domain registrations. I've been planning to do this kind of thing myself for my domains, but admittedly haven't yet. It still needs to be monitored, so yet another email account to deal with. You still need to worry about the recovery options for _that_ account though.

      It's so easy to get caught by a single moment of carelessness/desperation or by forgetting a particular attack vector. It is going to happen to almost all of us at some point.
    1. OpenWave's Avatar
      OpenWave -
      This is complete BS! The registrar austdomains.com.au and nameservers afraid.org are aware of the situation but still let this POS capitalize on these spammy redirects. You would think that based on the information so far that the registrar would change the nameservers knowing there is an ongoing investigation.
      You would also think that there would be safeguards in place to prevent this from happening such as credit card info and security questions NOT visible in your registrar's profile.
      Look at the registrar Fabulous with the safeguards they have in place.
      Simply put, any "property" on the net should be protected by the registrar's. Make things simple, you buy the domain name through them they should ensure it's safety.
      Should a domain name registrar be held responsible for domains stolen from accounts ?

      The answer is a resounding yes.
    1. Guest 332's Avatar
      Guest 332 -
      Have you google : sanda.lin11@yahoo.com ...
      This is the email adress of the people who still the domain name ...
      Google ... sanda.lin11@yahoo.com ...
      You see anothers stolen domain in the first result : ( A go daddy domain : webdesignledger.com )
      Use cache :
      http://www.google.ca/url?sa=t&rct=j&...QP6XBku2R8NozQ

      ... Domain Name: WEBDESIGNLEDGER.COM
      Registrar: ONLINENIC, INC.
      Whois Server: whois.onlinenic.com
      Referral URL: http://www.OnlineNIC.com
      Name Server: NS1.AFRAID.ORG
      Name Server: NS2.AFRAID.ORG
      Name Server: NS3.AFRAID.ORG
      Name Server: NS4.AFRAID.ORG
      Status: ok
      Updated Date: 02-sep-2012
      Creation Date: 11-sep-2008
      Expiration Date: 11-sep-2016

      >>> Last update of whois database: Mon, 03 Sep 2012 17:47:28 UTC <<<

      In the past week by the same people !

      Ositandima Sean Okolie sanda.lin11@yahoo.com +31.208932400 +31.208932400
      -
      1043 BP Amsterdam
      Netherlands,NL,NL 85477


      -------------------------------------------------------------

      The sanda.lin11@yahoo.com work ! and used to steal domain name !
      The sanda.lin11@yahoo.com is linked to a afraid.org account !
      The sanda.lin11@yahoo.com is linked to the aussie registar too !

      -------------------
      Have you try Ali Deodate Morey ... you see many others domains steal ... you see anothers yahoo email ... : web.dealer110@yahoo.com... same thing ... the web.dealer110@yahoo.com is linked to a afraid.org account !
      ------------------

      Have see some alternative adress in USA ...

      ... Morey Ali Deodate (webdots.registrars@yahoo.com)
      +1.8086350822
      Fax:
      P. O. Box 395
      Koloa, HI 96756
      US

      -------------------------------

      mmm anothers godaddy stolen : http://who.pho.to/ositandima_sean_okolie/
      themetrust.com
      anothers mail : henrymjones@gmail.com

      -------------------------------

      ... This a big stealer domain group :
      http://whois.domaintools.com/bodyrejuvinators.com ...
      domainebarking168@yahoo.com is associated with about 459 domains ...
      They resell some domain name on sedo !
      mmm anothers ... my english is just bad to call the 1808 number ... again use a yahoo email ... an 1 808 number ... and their speciality is the domain name !
      http://whois.domaintools.com/herbexpert.com
      if you enter herbexpert.com you see you can buy the domain ...
      edit : i have call the 1808 number ... this is a women ... i have say... hey you steal my domain name... just hang up ... no try again
      This is a big scam cie
      The very strange thing is i can't found any others informations ...
      When i search ... i always up to Adventure Enterprises and this people :

      Name:
      Ford, Michael [79 domains use this name]

      Phone
      +1.8086350825 [50 domains use this phone]

      Address:

      P. O. Box 395
      Koloa, Hawaii 96756
      United States


      This is a registred enterprise who sell domain name nd park many domain ...

      -------------------------------

      This people love go daddy and their simple process to export a domain name !

      All info here was found via google

      Many domain listed here have been recovered by their original owner ...

      GOOD LUCK !


      edit : added the infos about the 459 domains
    1. CA's Avatar
      CA -
      What the hell, I'm still getting redirects! Not from hofo notification links though.

      Update

      Sorry my bookmarks all have the s at the end. I wonder if I should just wait or rebuild them.
    1. Humza's Avatar
      Humza -
      Hopefully everything gets completely resolved soon. Thanks for the update.
    1. seekr's Avatar
      seekr -
      Quote Originally Posted by OpenWave View Post
      From:



      HowardForums FaceBook Page

      HowardForums (howardforums) on Twitter

      Here is an article which describes the situation with GoDaddy here.


      I will be transferring all my domains out of GoDaddy this week. From the GoDaddy outage (hack?) last week to this. If your website is stolen should you have to wait a few days to get it back just because it's the weekend?


      Here's the basics you should take into consideration regarding your domain for your reference.
      This is all very good to know. Love the tips.
    1. smsgator's Avatar
      smsgator -
      It's amazing the number of people that log into private accounts (Facebook, e-Mail, etc) over unsecured Wi-Fi networks without using a VPN service. Usually the results are not as catastrophic as this, but it's surprising how many password are stored somewhere in an e-mail.

      I think I have one of the few ISPs that includes VPN termination at no extra cost. Most ISPs don't have it available at all.