Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.

Post New Thread Reply

Register GFY Rules Calendar Mark Forums Read
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed.

 
Thread Tools
Old 10-10-2014, 07:37 AM   #1
InfoGuy
80/20 Rule
 
InfoGuy's Avatar
 
Industry Role:
Join Date: Apr 2010
Location: Los Angeles
Posts: 3,050
Security Breaches at Moniker

On Monday, Moniker sent out this email with the subject "Increased Security - Password Resets [########]".

Quote:
Dear Valued Client,

With the recent ShellShock vulnerability making headlines in addition to the numerous instances of security breaches around the world each week, security is an ever increasing concern.
We also saw an increased attempt to access Moniker accounts by brute force attacks.

And we at Moniker are taking this very seriously.

Accordingly, we are implementing new protocols to better protect our clients and their assets.

As part of this process, you will be required to reset your account password while adhering to stronger minimum password requirements.

You will now need to use a more secure password combination at least eight characters in length and including three of these four attributes:

* Lowercase characters
* Uppercase characters
* Numerical digits
* Special characters

We have proactively reset your password and login credentials for sub-accounts to reflect this changes.


The new password for your account ######## is as follows #############.

Please find below passwords for the sub accounts that we found in your settings:

##### #############


Please reset your passwords to one of your own choosing that meets the new password requirements at your earliest convenience.

As an added layer of protection, we will be implementing other security enhancements including a two-step authentication system and system lock out should a user make multiple unsuccessful attempts to login in.

We appreciate your cooperation in this process and hope you understand the necessity. If you have any questions please contact support by visiting the Moniker support center -http://www.moniker.com/moniker/customer-support or by phone:

Toll free in the U.S. and Canada: 800-688-6311
Outside the U.S. and Canada: 954-607-1294

---

Moniker Online Services, LLC
2320 NE 9th St. Ft Lauderdale, Fl 33304
Toll-free in the U.S. and Canada: 1-800-688-6311
International: 1-954-607-1294

Email: [email protected]

Web: http;//www,moniker.com


CEO: Bonnie Wittenburg

Member of the KEYDRIVE GROUP
http;//www,keydrive,lu
This morning Moniker sent out another email with the subject "Ongoing security measures".

Quote:
Moniker recently underwent a system-wide password reset to implement security improvements as a result of recent activity within several accounts. We would like to address these issues and respond to various articles and comments about security breaches at Moniker.

We take all reasonable steps to ensure the protection of domain names managed on our platform and understand that the safety and security of your assets is of upmost importance. With that in mind, we constantly assess system vulnerabilities and work towards quick resolutions to known issues.

In the past several weeks, we have seen suspicious activity on our platform which included login attempts to various accounts from unknown sources. We have reason to believe credentials to the accounts in questions may have been obtained through exploitation of the Heartbleed Bug published earlier this year.

In addition to suspicious activity, there have been brute force attacks against Moniker accounts resulting in unauthorized domain name transfers. Our staff is working diligently to identify instances of unauthorized transfers and to revert them as soon as possible. To date, we have recovered any domain that was transferred without authorization.

We encourage you to notify us immediately if you feel your account has been compromised or if you believe you are missing domains; however, we are confident all such cases have been identified.

Contact support at [email protected].

Sincerely,

The Moniker Team

Moniker Online Services, LLC
2320 NE 9th St. Ft Lauderdale, Fl 33304
Toll-free in the U.S. and Canada: 1-800-688-6311
International: 1-954-607-1294

Email: [email protected]

Web: http;//www,moniker.com

CEO: Bonnie Wittenburg

Member of the KEYDRIVE GROUP
http;//www,keydrive,lu

Last edited by InfoGuy; 10-10-2014 at 07:39 AM..
InfoGuy is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-10-2014, 07:53 AM   #2
BlackCrayon
Too lazy to set a custom title
 
BlackCrayon's Avatar
 
Join Date: Jun 2003
Location: Ottawa
Posts: 19,624
don't worry, they're only stealing 2, 3 letter .com's and short 1 word .coms.. lol

moniker has become a huge joke that isn't funny.
__________________
you don't know you're wearing a leash if you sit by the peg all day..
BlackCrayon is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-10-2014, 11:49 AM   #3
InfoGuy
80/20 Rule
 
InfoGuy's Avatar
 
Industry Role:
Join Date: Apr 2010
Location: Los Angeles
Posts: 3,050
Those clowns at Moniker don't even follow their own advice. They weakened the strength of my password when they reset it by only using the first three types of characters.

Quote:
As part of this process, you will be required to reset your account password while adhering to stronger minimum password requirements.

You will now need to use a more secure password combination at least eight characters in length and including three of these four attributes:

* Lowercase characters
* Uppercase characters
* Numerical digits
* Special characters
And let's not forget that this isn't Moniker's first time to do a system wide password reset due to account security concerns. On June 19, 2013, Moniker sent out an email with the subject "Security Notice: Service-wide Password Reset".

Quote:
Moniker?s Operations & Security team has discovered and blocked suspicious activity on the Moniker network that appears to have been a coordinated attempt to access a number of Moniker user accounts.

As a precaution to protect your domains, we have decided to implement a system-wide password reset. Please read the below instructions to create a new password. You will not be able to access your Moniker account until these steps are taken.

In our security investigation, we have found no evidence that domains have been lost or transferred out. We also have no evidence that any confidential or credit card information has been compromised.

While our password encryption measures are robust, we are taking additional steps to ensure that your personal data and domains remain secure. This means that, to be absolutely sure of the security of your account, we are requiring all users to reset their Moniker account passwords.
Please reset your password by following the directions below.

1) Go to Moniker.com and click the ?Sign In? button in the upper right hand corner of the home page. Select the ?Forgot Your Password? link.

2) You will be directed to a page to ?Retrieve? your Moniker Account Password. When prompted, enter your account number and click ?Submit?.

3) You will be directed to a page that displays the message below. You will receive an email from Moniker. Please follow the instructions in this email to complete the password reset.

As recent events with other large services have demonstrated, this type of activity is becoming more common. We take our responsibility to keep your domains and personal data safe very seriously, and we're constantly enhancing the security of our service infrastructure to protect our customers. We feel it is also important to be clear that we view this as attempted illegal activity and have taken steps to report this to the appropriate authorities.

There are also several important steps that you can take to ensure that your data on any website, including Moniker, is secure:
? Avoid using simple passwords based on dictionary words
? Never use the same password on multiple sites or services
? Never click on 'reset password' requests in emails that you did not request

Thank you for taking the time to read this email. We sincerely apologize for the inconvenience of having to change your password, but, ultimately, we believe this simple step will result in a more secure experience. If you have any questions, please do not hesitate to contact Moniker Support. Our support team is standing by to assist at 800-688-6311 or outside the U.S. and Canada: 954-607-1294.

Drake Harvey
Chief Operations Officer
Moniker.com
Moniker has acknowledged in their latest emails that domains were fraudulently transferred out, so it's quite possible that personal and credit card info may have also been compromised. It wouldn't surprise me to get that announcement next week.
InfoGuy is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-10-2014, 03:51 PM   #4
fogfever
Confirmed User
 
fogfever's Avatar
 
Join Date: Apr 2007
Posts: 1,245
Wow, Moniker has definitely gone downhill.
Wonder how many domains under management they have lost this year.
fogfever is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-10-2014, 04:08 PM   #5
avalanche
Confirmed User
 
avalanche's Avatar
 
Industry Role:
Join Date: Feb 2005
Location: SoCal
Posts: 1,922
Moniker is a complete joke now.

And, they make it a pain to transfer out. They don't send a confirmation email allowing you to confirm transfers, only option is to decline it, so it takes 7-10 days to move a domain out.
__________________
Avalanche

CherryPimps - Daily Pornstars, LIVE and more!
avalanche is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-10-2014, 04:09 PM   #6
BlackCrayon
Too lazy to set a custom title
 
BlackCrayon's Avatar
 
Join Date: Jun 2003
Location: Ottawa
Posts: 19,624
Quote:
Originally Posted by fogfever View Post
Wow, Moniker has definitely gone downhill.
Wonder how many domains under management they have lost this year.
over 100,000 from one client alone last month.
__________________
you don't know you're wearing a leash if you sit by the peg all day..
BlackCrayon is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-10-2014, 04:11 PM   #7
TrashyGirl
Confirmed User
 
TrashyGirl's Avatar
 
Industry Role:
Join Date: Apr 2010
Posts: 1,400
Quote:
Originally Posted by avalanche View Post
Moniker is a complete joke now.

And, they make it a pain to transfer out. They don't send a confirmation email allowing you to confirm transfers, only option is to decline it, so it takes 7-10 days to move a domain out.
Thnx (indirectly) for this tip, I'm trying to get a few domains out of that sinking ship and hadn't been able to.
__________________
TrashyGirl is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-10-2014, 04:41 PM   #8
suesheboy
Confirmed User
 
suesheboy's Avatar
 
Industry Role:
Join Date: Nov 2002
Location: FL - TN/NC
Posts: 5,210
They swore today on the phone no domains were lost.
suesheboy is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-10-2014, 05:24 PM   #9
InfoGuy
80/20 Rule
 
InfoGuy's Avatar
 
Industry Role:
Join Date: Apr 2010
Location: Los Angeles
Posts: 3,050
Quote:
Originally Posted by BlackCrayon View Post
over 100,000 from one client alone last month.
That's a major task considering there isn't a bulk feature to request EPP codes.
InfoGuy is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-10-2014, 05:39 PM   #10
woj
<&(©¿©)&>
 
woj's Avatar
 
Industry Role:
Join Date: Jul 2002
Location: Chicago
Posts: 47,883
Quote:
Originally Posted by InfoGuy View Post
That's a major task considering there isn't a bulk feature to request EPP codes.
they actually do have that feature...
you can go to "my domains", then select all, then "export auth codes"...
__________________
Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000
Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager
Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager
woj is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-10-2014, 05:44 PM   #11
BlackCrayon
Too lazy to set a custom title
 
BlackCrayon's Avatar
 
Join Date: Jun 2003
Location: Ottawa
Posts: 19,624
Quote:
Originally Posted by suesheboy View Post
They swore today on the phone no domains were lost.
FMA who has an amazing portfolio of names lost a few three letter .com's and a couple 1 word .com's. i believe they still have not gotten back the ones that were transferred out of moniker. after this happened, they moved their 100,000 plus domains to uniregistry.com.
__________________
you don't know you're wearing a leash if you sit by the peg all day..
BlackCrayon is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-10-2014, 05:54 PM   #12
AaronM
Too lazy to set a custom title
 
AaronM's Avatar
 
Industry Role:
Join Date: Oct 2001
Location: ┌∩┐ ◣_◢ ┌∩┐
Posts: 46,905
I've posted a couple Moniker fail threads in the past but bitch as I might, I kept giving hem chances to improve. That all ended last month.

Fuck Moniker

From: Marti Johnson <[email protected]>
Date: Fri, Sep 26, 2014 at 1:52 PM
Subject: Moniker Privacy


Hi Aaron,

I understand that you previously had a special rate for your privacy.

We are no longer able to provide such a rate unless you are planning to transfer ? in additional domains.

Let me know if that is the case and I will have an account manger take a look at your rates.

Best Regards,

Marti


_________________________________

Marti,

I don't recall asking for an email from you. In fact, I specifically asked for a phone call and was told I would receive one this morning. Not only is your company once again not following through as they said they would but 1:52pm is an afternoon thing, not a morning one.

Anyway....

When I brought my domain portfolio to Moniker, you had employees who cared and this great thing called "Customer Service." Unfortunately, all that has vanished over the years and today Moniker is nothing short of another piece of trash company supplying half assed service and failing to honor the agreements they previously made. It's bad enough that you raised my domain prices and I had to call to get them lowered only to still pay more than we agreed to but then you added insult to injury by raising my privacy price. All of this with no notifications to me at all.

Bring you more domains? HAHAHAHAHA!!!

You're privacy service fails. I'm not sure why I even pay a buck for it, let alone $4.

What happened to me having a personal rep who cared?

What happened to the domains of mine you lost?

On a scale of 1 to 10, your previous system was about a 3. Your new system is far worse, providing horrible options and limitations.

However, the single biggest fail is your customer service itself and at this point, I've had more than enough. You won't receive another dime from me. Yesterday I found a new home for my domains and get this....A live person answered the phone on the 2nd ring! I explained my frustrations with Moniker to which they informed me they have been transferring thousands of domains from you to them recently for the very same reasons. Then they gave me better pricing than you ever have and at this point, I've only registered a single domain there. The rest of my domains will be transferred from you as they come up on renewal.

Congratulations on taking Moniker from the top line company it once was and successfully running it into the shitter.

No need to respond, in fact, please don't.
AaronM is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-10-2014, 06:15 PM   #13
armysmoke
Confirmed User
 
armysmoke's Avatar
 
Industry Role:
Join Date: Oct 2013
Posts: 2,605
I moved my domains out of Moniker when they were hit.
armysmoke is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-10-2014, 06:32 PM   #14
BlackCrayon
Too lazy to set a custom title
 
BlackCrayon's Avatar
 
Join Date: Jun 2003
Location: Ottawa
Posts: 19,624
Quote:
Originally Posted by AaronM View Post
I've posted a couple Moniker fail threads in the past but bitch as I might, I kept giving hem chances to improve. That all ended last month.

Fuck Moniker

From: Marti Johnson <[email protected]>
Date: Fri, Sep 26, 2014 at 1:52 PM
Subject: Moniker Privacy


Hi Aaron,

I understand that you previously had a special rate for your privacy.

We are no longer able to provide such a rate unless you are planning to transfer ? in additional domains.

Let me know if that is the case and I will have an account manger take a look at your rates.

Best Regards,

Marti


_________________________________

Marti,

I don't recall asking for an email from you. In fact, I specifically asked for a phone call and was told I would receive one this morning. Not only is your company once again not following through as they said they would but 1:52pm is an afternoon thing, not a morning one.

Anyway....

When I brought my domain portfolio to Moniker, you had employees who cared and this great thing called "Customer Service." Unfortunately, all that has vanished over the years and today Moniker is nothing short of another piece of trash company supplying half assed service and failing to honor the agreements they previously made. It's bad enough that you raised my domain prices and I had to call to get them lowered only to still pay more than we agreed to but then you added insult to injury by raising my privacy price. All of this with no notifications to me at all.

Bring you more domains? HAHAHAHAHA!!!

You're privacy service fails. I'm not sure why I even pay a buck for it, let alone $4.

What happened to me having a personal rep who cared?

What happened to the domains of mine you lost?

On a scale of 1 to 10, your previous system was about a 3. Your new system is far worse, providing horrible options and limitations.

However, the single biggest fail is your customer service itself and at this point, I've had more than enough. You won't receive another dime from me. Yesterday I found a new home for my domains and get this....A live person answered the phone on the 2nd ring! I explained my frustrations with Moniker to which they informed me they have been transferring thousands of domains from you to them recently for the very same reasons. Then they gave me better pricing than you ever have and at this point, I've only registered a single domain there. The rest of my domains will be transferred from you as they come up on renewal.

Congratulations on taking Moniker from the top line company it once was and successfully running it into the shitter.

No need to respond, in fact, please don't.
So where are you moving your domains to?
__________________
you don't know you're wearing a leash if you sit by the peg all day..
BlackCrayon is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-10-2014, 06:40 PM   #15
AaronM
Too lazy to set a custom title
 
AaronM's Avatar
 
Industry Role:
Join Date: Oct 2001
Location: ┌∩┐ ◣_◢ ┌∩┐
Posts: 46,905
Quote:
Originally Posted by BlackCrayon View Post
So where are you moving your domains to?
NameSilo.com
AaronM is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-10-2014, 07:06 PM   #16
InfoGuy
80/20 Rule
 
InfoGuy's Avatar
 
Industry Role:
Join Date: Apr 2010
Location: Los Angeles
Posts: 3,050
Quote:
Originally Posted by BlackCrayon View Post
FMA who has an amazing portfolio of names lost a few three letter .com's and a couple 1 word .com's. i believe they still have not gotten back the ones that were transferred out of moniker. after this happened, they moved their 100,000 plus domains to uniregistry.com.
With the size and quality of his portfolio, it makes sense to operate his own registrar.
InfoGuy is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-10-2014, 07:17 PM   #17
armysmoke
Confirmed User
 
armysmoke's Avatar
 
Industry Role:
Join Date: Oct 2013
Posts: 2,605
Quote:
Originally Posted by AaronM View Post
NameSilo.com
armysmoke is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-11-2014, 09:28 AM   #18
RummyBoy
Confirmed User
 
Join Date: Dec 2009
Posts: 2,157
Quote:
Originally Posted by InfoGuy View Post
With the size and quality of his portfolio, it makes sense to operate his own registrar.
FMA is Future Media Architects. If its true they moved to Uniregistrar, then they moved to Frank Schillings registrar. Schilling is quite trusted around the industry so they are probably worth looking into.

Though, im still a big fan>> http://namecheap.com

Last edited by RummyBoy; 10-11-2014 at 09:31 AM..
RummyBoy is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-11-2014, 09:37 AM   #19
anexsia
Confirmed User
 
anexsia's Avatar
 
Industry Role:
Join Date: May 2010
Posts: 5,735
Use NAMESILO - one of the best domain services right now with some of the cheapest pricing $8.39 and lower for domains and FREE whois privacy for life - plus the backend rocks.
anexsia is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-11-2014, 09:49 AM   #20
woj
<&(©¿©)&>
 
woj's Avatar
 
Industry Role:
Join Date: Jul 2002
Location: Chicago
Posts: 47,883
Quote:
Originally Posted by AaronM View Post
NameSilo.com
did you manage to get some hookup pricing with them, or just retail pricing?
__________________
Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000
Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager
Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager
woj is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-11-2014, 09:59 AM   #21
GAMEFINEST
Make STACK$
 
GAMEFINEST's Avatar
 
Industry Role:
Join Date: Nov 2006
Location: sexy time
Posts: 14,352
I am moving all my site from moniker.com already.
__________________
Compound interest.
GAMEFINEST is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-11-2014, 11:24 AM   #22
InfoGuy
80/20 Rule
 
InfoGuy's Avatar
 
Industry Role:
Join Date: Apr 2010
Location: Los Angeles
Posts: 3,050
Quote:
Originally Posted by RummyBoy View Post
FMA is Future Media Architects. If its true they moved to Uniregistrar, then they moved to Frank Schillings registrar. Schilling is quite trusted around the industry so they are probably worth looking into.

Though, im still a big fan>> http://namecheap.com
Thanks for trying to enlighten me, but I'm not a noob and I already know of FMA, Elequa, Frank Schilling and Uniregistrar.
InfoGuy is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-11-2014, 11:56 AM   #23
AaronM
Too lazy to set a custom title
 
AaronM's Avatar
 
Industry Role:
Join Date: Oct 2001
Location: ┌∩┐ ◣_◢ ┌∩┐
Posts: 46,905
Quote:
Originally Posted by woj View Post
did you manage to get some hookup pricing with them, or just retail pricing?
I didn't even ask for a hookup. I'm happy enough with their retail based on the small number of domains I've moved there. Although, once I've moved more domains to them I'll probably request a better rate.
AaronM is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-11-2014, 08:59 PM   #24
marlboroack
So Fucking Banned
 
Industry Role:
Join Date: Jul 2010
Location: ☣
Posts: 9,327
Never worked with them and never will... Thanks for sharing
marlboroack is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-22-2014, 06:10 PM   #25
HandballJim
Confirmed User
 
HandballJim's Avatar
 
Industry Role:
Join Date: Sep 2008
Location: NYC
Posts: 4,024
It's crazy that the infrastructure of Domains is still like the wild wild west after 20 years. The whole stealing of domains and transferring them out, etc. Do you mean they cannot track a domain name, and easily take it back if it was maliciously taken?
__________________
HOW I MAKE LOTS OF $$$
HandballJim is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Post New Thread Reply
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >

Bookmarks
Thread Tools



Advertising inquiries - marketing at gfy dot com

Contact Admin - Advertise - GFY Rules - Top

©2000-, AI Media Network Inc



Powered by vBulletin
Copyright © 2000- Jelsoft Enterprises Limited.