better check your namecheap accounts

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • thommy
    Confirmed User
    • Jun 2003
    • 5469

    #1

    better check your namecheap accounts

    today a 2 of my publishers had a similar problem with hacked namecheap accounts.

    account owner and password have been changed and all domains transfered.
    after that blackmail-mail was send to the original owners pay 5 bitcoins within 24 hours.

    namecheap support seems to be not very helpful.
    livesupport useless and dumb.

    up to now I can not say how it was possible to hack this accounts as they are at 2-factor authentication. but i will post it here as soon I find out.

    check your namecheap accounts and try to use every security they offer.

    also make a cc forwarding for any emails you might get from namecheap to a second
    mailaccount because none of my publisher found a mail from namecheap in their regular mailaccounts. so i assume that the hack starts with a hack on the email-account, than they confirm the change and delete the message after.
    Open for handpicked publishers and advertisers:
    www.trafficfabrik.com
  • Bladewire
    StraightBro
    • Aug 2003
    • 56228

    #2
    Thanks for the heads up


    Skype: CallTomNow

    Comment

    • Brian mike
      #Alberta51
      • Oct 2014
      • 8735

      #3
      Thanks for the heads up
      Tube - Cam - Escorts - Top List
      Menu Tab - Banner - Header Link - Blog Post
      DM me

      Comment

      • thommy
        Confirmed User
        • Jun 2003
        • 5469

        #4
        Originally posted by MrBottomTooth
        Disturbing if 2 factor was enabled.. Hopefully namecheap helps the original owners get their shit back. Hopefully nothing is compromised on namecheaps end.


        update:
        looks like this was caused by a local trojan with a keylogger (that´s why 2 way authentication wasn´t secure enough).

        namecheap for now locked the accounts. hope also that there is nothing else compromised because both publishers are really big ones with a lot of good traffic.
        hope that it will end up only in a lot of work to change everything and build better security.

        my biggest wish is to have 5 minutes with such a guy in one room.
        after this 5 minutes he would never do that again.
        Open for handpicked publishers and advertisers:
        www.trafficfabrik.com

        Comment

        • Ramp
          Confirmed User
          • Nov 2006
          • 4464

          #5
          edited...... missed some info

          Comment

          • Arnox
            Confirmed User
            • Sep 2009
            • 2169

            #6
            I'm not sure how a local trojan would have made 2FA not secure enough. Can you reset 2FA on NameCheap and it won't alert the 2FA device?
            Need Text? X Copywriters | Adult Writing Service - [email protected]

            Comment

            • blackmonsters
              Making PHP work
              • Nov 2002
              • 20984

              #7
              Checking mine now.

              Your neighbor will murder you with frogs
              Click here

              Comment

              • Google Expert
                Webmaster
                • Jun 2004
                • 14294

                #8
                Originally posted by thommy
                up to now I can not say how it was possible to hack this accounts as they are at 2-factor authentication. but i will post it here as soon I find out.
                Just accept the fact that you're a dumbass who shouldn't be allowed on the interwebs.

                Comment

                • Klen
                  • Aug 2006
                  • 32235

                  #9
                  Originally posted by MrBottomTooth
                  Disturbing if 2 factor was enabled.. Hopefully namecheap helps the original owners get their shit back. Hopefully nothing is compromised on namecheaps end.
                  Any 2fa can be broken if your ride on session, that was recently discovered.

                  Comment

                  • Klen
                    • Aug 2006
                    • 32235

                    #10
                    Originally posted by Arnox
                    I'm not sure how a local trojan would have made 2FA not secure enough. Can you reset 2FA on NameCheap and it won't alert the 2FA device?
                    By riding on session. And here is how it works: let's say i have trojan on your PC, and i have access to your browser cookies. So, you login into system, using the 2FA device, and then i copy your cookie into my browser,and i get instant access. This works only as long cookie is valid, so if you click logout it wont work anymore, but if you leave browser without deleting cookie, it will be compromised.

                    Comment

                    • thommy
                      Confirmed User
                      • Jun 2003
                      • 5469

                      #11
                      Originally posted by Google Expert
                      Just accept the fact that you're a dumbass who shouldn't be allowed on the interwebs.

                      thanks for this comment what shows again what clueless idiot you are.
                      Open for handpicked publishers and advertisers:
                      www.trafficfabrik.com

                      Comment

                      • thommy
                        Confirmed User
                        • Jun 2003
                        • 5469

                        #12
                        Originally posted by KlenTelaris
                        By riding on session. And here is how it works: let's say i have trojan on your PC, and i have access to your browser cookies. So, you login into system, using the 2FA device, and then i copy your cookie into my browser,and i get instant access. This works only as long cookie is valid, so if you click logout it wont work anymore, but if you leave browser without deleting cookie, it will be compromised.
                        with a keylogger in the trojan there are also a few other ways.
                        no matter on what device you receive the pin you have to type it into the website.
                        Open for handpicked publishers and advertisers:
                        www.trafficfabrik.com

                        Comment

                        • Arnox
                          Confirmed User
                          • Sep 2009
                          • 2169

                          #13
                          Originally posted by KlenTelaris
                          By riding on session. And here is how it works: let's say i have trojan on your PC, and i have access to your browser cookies. So, you login into system, using the 2FA device, and then i copy your cookie into my browser,and i get instant access. This works only as long cookie is valid, so if you click logout it wont work anymore, but if you leave browser without deleting cookie, it will be compromised.
                          Yeah, that's a whole new level of compromised. It'd be nice if they did what crypto exchanges do with Google Auth: every transaction you need to use your 2FA. Logging in 2FA simply isn't enough.
                          Need Text? X Copywriters | Adult Writing Service - [email protected]

                          Comment

                          • beerptrol
                            Confirmed Asshole
                            • Feb 2003
                            • 12722

                            #14
                            Originally posted by Google Expert
                            Just accept the fact that you're a dumbass who shouldn't be allowed on the interwebs.

                            Says the biggest dumbass! Stick with what you're good at...sucking dick!!
                            “If we are to have another contest in the near future of our national existence, I predict that the dividing line will not be Mason and Dixon's but between patriotism and intelligence on the one side, and superstition, ambition and ignorance on the other.”
                            -- Ulysses S. Grant

                            Comment

                            • thommy
                              Confirmed User
                              • Jun 2003
                              • 5469

                              #15
                              Originally posted by Arnox
                              Yeah, that's a whole new level of compromised. It'd be nice if they did what crypto exchanges do with Google Auth: every transaction you need to use your 2FA. Logging in 2FA simply isn't enough.
                              the point here was that it was the local computer what was infected.
                              it was a very good made DCMA mail with a link (what is in the original mail also like that).

                              so be aware of obvious DCMA complaints.

                              looks like this is a new trick what is targeting adult websites with content because they get this kind of stuff quite often.
                              Open for handpicked publishers and advertisers:
                              www.trafficfabrik.com

                              Comment

                              • Matyko
                                PsyHead
                                • Aug 2005
                                • 8681

                                #16
                                Thanks for the heads up! However I left NC some time ago I still have a few domains there. Turned on Two-Factor Authentication.
                                -=- Register with our ref link and we help you with the setup! -=-
                                AdSpyglass.com - Double your profit from brokers

                                Comment

                                • shake
                                  frc
                                  • Jul 2003
                                  • 4663

                                  #17
                                  Originally posted by Matyko
                                  Thanks for the heads up! However I left NC some time ago I still have a few domains there. Turned on Two-Factor Authentication.
                                  What are you using these days?

                                  I was mostly using enom, but they just doubled their prices on me

                                  Looking for a new register to use.
                                  Crazy fast VPS for $10 a month. Try with $20 free credit

                                  Comment

                                  • OneMillionGirls
                                    Confirmed User
                                    • Apr 2017
                                    • 949

                                    #18
                                    oh no man

                                    Comment

                                    • Arnox
                                      Confirmed User
                                      • Sep 2009
                                      • 2169

                                      #19
                                      Originally posted by shake
                                      What are you using these days?

                                      I was mostly using enom, but they just doubled their prices on me

                                      Looking for a new register to use.
                                      Google Domains is fantastic. I'm willing to pay slightly more if it's a no-bullshit domain host. They give you just what you need and that's it. Light and clean. It's the 21 Naturals of registrars.
                                      Need Text? X Copywriters | Adult Writing Service - [email protected]

                                      Comment

                                      • Google Expert
                                        Webmaster
                                        • Jun 2004
                                        • 14294

                                        #20
                                        Originally posted by beerptrol
                                        Says the biggest dumbass! Stick with what you're good at...sucking dick!!
                                        You've mistaken me for your boyfriend Bladewire.

                                        Comment

                                        Working...