I've noticed a recent wave of GODADDY domains getting hijacked... - GoFuckYourself.com

BradBreakfast · 09-16-2012, 03:07 AM

Yesterday HowardForums.com was hijacked from their GoDaddy domain management account. HowardForums is a extremely popular technology and cellular telephone forum.

As you may recall, MyVidster.com was also hijacked for about a week before they were able to recover their domain. A week of downtime. Insane. They were also registered through GoDaddy.

MachoMoe.com, a gay bareback pirate tube site who was registered though GoDaddy was hijacked as well. They have since (unfortunantly) also recovered their domain.

Three different domains, three completely different owners, two different niches. Hijacked. What they did have in common was they were all three registered at GoDaddy. These are just the domains I know about, but I am sure there are more. They all have been transferred to another registrar, and DNS changed to FreeDNS which forwards to a affiliate click scam website. All three have the same attack M.O. and forward to the same site. I am 100% sure it's the same attackers for all three. Is there keylogging malware going around targeting GoDaddy customers or is it an internal GoDaddy security issue?

If it's a security issue on GoDaddy's part... their new SMS authentication scheme won't work. Until it's figured out what is going on, in-case it's a malware attack I recommend everybody enable GoDaddy's SMS Authentication until they can transfer away. I suggest Name.com they also have free two factor authentication, and are not so huge they are "out of touch" like GoDaddy so obviously is. Their phone support (I've called only once) also was able to quickly help me with minimal hold time. The blonde chick at the other end knew all the relevant domain lingo and how to help me, it was quite a painless call.

What the hell is going on?

BradBreakfast · 09-16-2012, 03:17 AM

Here are some more recent examples:

http://domaingang.com/domain-news/ap...-domain-names/

http://www.distressedvolatility.com/...ame-heist.html

http://zebida.com/main/domains-stolen/

http://www.domainerss.com/blog/tag/stolen-domains/

http://robbiesblog.com/hackers-steal-domain-ezq-com/200

http://bestcheapaffordablewebhosting...-than-godaddy/ (reseller issue)

Most people may say this is a fluke, and that because GoDaddy is so huge, this is bound to happen to a few domains here and there... but I think there is more to this story. Many different domains stolen, and it's all the same M.O. (method of operation).

acctman · 09-16-2012, 03:52 AM

it's not GoDaddy, people are not locking there domains. Too much happens when a domain is transferred. It's easy to blame GoDaddy but if the person who stole the domain was able to gain access to the email address set for HowardForums.com then hijacking the domain would be as simple as sending a forgotten password request. You can't fault godaddy for that. The new SMS feature may help when notifying of account changes, but I'd like to know if howardforums over looked any Emails from Godaddy notifying of domain changes.

ErectMedia · 09-16-2012, 10:11 AM

You will hear about GoDaddy more as they are the biggest. Most thefts occur from email phishing, using weak passwords or using free email accounts that get hacked.

If you have enough domains you can get an executive account rep at GoDaddy. My rep has to call me at a phone number not listed in whois and I have to do something like give him a password, sing a song etc... whatever you want it to be. Without giving him that info we set up nothing can move out of my account even if I give ya my login/password without that phone call being made from him and me giving out the correct info.

baddog · 09-16-2012, 11:35 AM

It is always easier to just blame someone else.

09-16-2012, 03:07 AM	#1
BradBreakfast Confirmed User Join Date: Feb 2008 Posts: 415	I've noticed a recent wave of GODADDY domains getting hijacked... Yesterday HowardForums.com was hijacked from their GoDaddy domain management account. HowardForums is a extremely popular technology and cellular telephone forum. As you may recall, MyVidster.com was also hijacked for about a week before they were able to recover their domain. A week of downtime. Insane. They were also registered through GoDaddy. MachoMoe.com, a gay bareback pirate tube site who was registered though GoDaddy was hijacked as well. They have since (unfortunantly) also recovered their domain. Three different domains, three completely different owners, two different niches. Hijacked. What they did have in common was they were all three registered at GoDaddy. These are just the domains I know about, but I am sure there are more. They all have been transferred to another registrar, and DNS changed to FreeDNS which forwards to a affiliate click scam website. All three have the same attack M.O. and forward to the same site. I am 100% sure it's the same attackers for all three. Is there keylogging malware going around targeting GoDaddy customers or is it an internal GoDaddy security issue? If it's a security issue on GoDaddy's part... their new SMS authentication scheme won't work. Until it's figured out what is going on, in-case it's a malware attack I recommend everybody enable GoDaddy's SMS Authentication until they can transfer away. I suggest Name.com they also have free two factor authentication, and are not so huge they are "out of touch" like GoDaddy so obviously is. Their phone support (I've called only once) also was able to quickly help me with minimal hold time. The blonde chick at the other end knew all the relevant domain lingo and how to help me, it was quite a painless call. What the hell is going on? __________________ GetClicky - The World's Most Advanced Real Time Ajax-based Analytics

09-16-2012, 03:17 AM	#2
BradBreakfast Confirmed User Join Date: Feb 2008 Posts: 415	Here are some more recent examples: http://domaingang.com/domain-news/ap...-domain-names/ http://www.distressedvolatility.com/...ame-heist.html http://zebida.com/main/domains-stolen/ http://www.domainerss.com/blog/tag/stolen-domains/ http://robbiesblog.com/hackers-steal-domain-ezq-com/200 http://bestcheapaffordablewebhosting...-than-godaddy/ (reseller issue) Most people may say this is a fluke, and that because GoDaddy is so huge, this is bound to happen to a few domains here and there... but I think there is more to this story. Many different domains stolen, and it's all the same M.O. (method of operation). __________________ GetClicky - The World's Most Advanced Real Time Ajax-based Analytics Last edited by BradBreakfast; 09-16-2012 at 03:27 AM..

09-16-2012, 10:11 AM	#4
ErectMedia Confirmed Chicago Pimp Industry Role: Join Date: Aug 2004 Location: Chicago Posts: 7,100	You will hear about GoDaddy more as they are the biggest. Most thefts occur from email phishing, using weak passwords or using free email accounts that get hacked. If you have enough domains you can get an executive account rep at GoDaddy. My rep has to call me at a phone number not listed in whois and I have to do something like give him a password, sing a song etc... whatever you want it to be. Without giving him that info we set up nothing can move out of my account even if I give ya my login/password without that phone call being made from him and me giving out the correct info. __________________ Domain Name Registration Web3 Domains Last edited by ErectMedia; 09-16-2012 at 10:14 AM..

09-16-2012, 03:52 AM	#3
acctman Confirmed User Join Date: Oct 2003 Location: Atlanta Posts: 2,840	it's not GoDaddy, people are not locking there domains. Too much happens when a domain is transferred. It's easy to blame GoDaddy but if the person who stole the domain was able to gain access to the email address set for HowardForums.com then hijacking the domain would be as simple as sending a forgotten password request. You can't fault godaddy for that. The new SMS feature may help when notifying of account changes, but I'd like to know if howardforums over looked any Emails from Godaddy notifying of domain changes.

09-16-2012, 11:35 AM	#5
baddog So Fucking Banned Industry Role: Join Date: Apr 2001 Location: the beach, SoCal Posts: 107,090	It is always easier to just blame someone else.