better check your namecheap accounts - GoFuckYourself.com

thommy · 07-24-2018, 05:54 AM

today a 2 of my publishers had a similar problem with hacked namecheap accounts.

account owner and password have been changed and all domains transfered.
after that blackmail-mail was send to the original owners pay 5 bitcoins within 24 hours.

namecheap support seems to be not very helpful.
livesupport useless and dumb.

up to now I can not say how it was possible to hack this accounts as they are at 2-factor authentication. but i will post it here as soon I find out.

check your namecheap accounts and try to use every security they offer.

also make a cc forwarding for any emails you might get from namecheap to a second
mailaccount because none of my publisher found a mail from namecheap in their regular mailaccounts. so i assume that the hack starts with a hack on the email-account, than they confirm the change and delete the message after.

Bladewire · 07-24-2018, 06:32 AM

Thanks for the heads up

MrBottomTooth · 07-24-2018, 06:34 AM

Disturbing if 2 factor was enabled.. Hopefully namecheap helps the original owners get their shit back. Hopefully nothing is compromised on namecheaps end.

Brian mike · 07-24-2018, 06:35 AM

Thanks for the heads up

thommy · 07-24-2018, 07:22 AM

Quote:

Originally Posted by MrBottomTooth

Disturbing if 2 factor was enabled.. Hopefully namecheap helps the original owners get their shit back. Hopefully nothing is compromised on namecheaps end.

update:
looks like this was caused by a local trojan with a keylogger (that´s why 2 way authentication wasn´t secure enough).

namecheap for now locked the accounts. hope also that there is nothing else compromised because both publishers are really big ones with a lot of good traffic.
hope that it will end up only in a lot of work to change everything and build better security.

my biggest wish is to have 5 minutes with such a guy in one room.
after this 5 minutes he would never do that again.

Ramp · 07-24-2018, 07:22 AM

edited...... missed some info

Arnox · 07-24-2018, 07:27 AM

I'm not sure how a local trojan would have made 2FA not secure enough. Can you reset 2FA on NameCheap and it won't alert the 2FA device?

blackmonsters · 07-24-2018, 07:30 AM

Checking mine now.

Google Expert · 07-24-2018, 07:51 AM

Quote:

Originally Posted by thommy

up to now I can not say how it was possible to hack this accounts as they are at 2-factor authentication. but i will post it here as soon I find out.

Just accept the fact that you're a dumbass who shouldn't be allowed on the interwebs.

Klen · 07-24-2018, 08:57 AM

Quote:

Originally Posted by MrBottomTooth

Disturbing if 2 factor was enabled.. Hopefully namecheap helps the original owners get their shit back. Hopefully nothing is compromised on namecheaps end.

Any 2fa can be broken if your ride on session, that was recently discovered.

Klen · 07-24-2018, 08:57 AM

Quote:

Originally Posted by Arnox

I'm not sure how a local trojan would have made 2FA not secure enough. Can you reset 2FA on NameCheap and it won't alert the 2FA device?

By riding on session. And here is how it works: let's say i have trojan on your PC, and i have access to your browser cookies. So, you login into system, using the 2FA device, and then i copy your cookie into my browser,and i get instant access. This works only as long cookie is valid, so if you click logout it wont work anymore, but if you leave browser without deleting cookie, it will be compromised.

thommy · 07-24-2018, 04:35 PM

Quote:

Originally Posted by Google Expert

Just accept the fact that you're a dumbass who shouldn't be allowed on the interwebs.

thanks for this comment what shows again what clueless idiot you are.

thommy · 07-24-2018, 04:37 PM

Quote:

Originally Posted by KlenTelaris

By riding on session. And here is how it works: let's say i have trojan on your PC, and i have access to your browser cookies. So, you login into system, using the 2FA device, and then i copy your cookie into my browser,and i get instant access. This works only as long cookie is valid, so if you click logout it wont work anymore, but if you leave browser without deleting cookie, it will be compromised.

with a keylogger in the trojan there are also a few other ways.
no matter on what device you receive the pin you have to type it into the website.

Arnox · 07-25-2018, 06:24 AM

Quote:

Originally Posted by KlenTelaris

By riding on session. And here is how it works: let's say i have trojan on your PC, and i have access to your browser cookies. So, you login into system, using the 2FA device, and then i copy your cookie into my browser,and i get instant access. This works only as long cookie is valid, so if you click logout it wont work anymore, but if you leave browser without deleting cookie, it will be compromised.

Yeah, that's a whole new level of compromised. It'd be nice if they did what crypto exchanges do with Google Auth: every transaction you need to use your 2FA. Logging in 2FA simply isn't enough.

beerptrol · 07-25-2018, 06:35 AM

Quote:

Originally Posted by Google Expert

Just accept the fact that you're a dumbass who shouldn't be allowed on the interwebs.

Says the biggest dumbass! Stick with what you're good at...sucking dick!!

thommy · 07-25-2018, 06:46 AM

Quote:

Originally Posted by Arnox

Yeah, that's a whole new level of compromised. It'd be nice if they did what crypto exchanges do with Google Auth: every transaction you need to use your 2FA. Logging in 2FA simply isn't enough.

the point here was that it was the local computer what was infected.
it was a very good made DCMA mail with a link (what is in the original mail also like that).

so be aware of obvious DCMA complaints.

looks like this is a new trick what is targeting adult websites with content because they get this kind of stuff quite often.

Matyko · 07-25-2018, 06:55 AM

Thanks for the heads up! However I left NC some time ago I still have a few domains there. Turned on Two-Factor Authentication.

shake · 07-25-2018, 07:09 AM

Quote:

Originally Posted by Matyko

Thanks for the heads up! However I left NC some time ago I still have a few domains there. Turned on Two-Factor Authentication.

What are you using these days?

I was mostly using enom, but they just doubled their prices on me

Looking for a new register to use.

OneMillionGirls · 07-25-2018, 09:22 AM

oh no man

Arnox · 07-25-2018, 09:25 AM

Quote:

Originally Posted by shake

What are you using these days?

I was mostly using enom, but they just doubled their prices on me

Looking for a new register to use.

Google Domains is fantastic. I'm willing to pay slightly more if it's a no-bullshit domain host. They give you just what you need and that's it. Light and clean. It's the 21 Naturals of registrars.

Google Expert · 07-25-2018, 09:34 AM

Quote:

Originally Posted by beerptrol

Says the biggest dumbass! Stick with what you're good at...sucking dick!!

You've mistaken me for your boyfriend Bladewire.

07-24-2018, 05:54 AM	#1
thommy Confirmed User Industry Role: Join Date: Jun 2003 Location: Switzerland / Germany / Thailand Posts: 5,469	better check your namecheap accounts today a 2 of my publishers had a similar problem with hacked namecheap accounts. account owner and password have been changed and all domains transfered. after that blackmail-mail was send to the original owners pay 5 bitcoins within 24 hours. namecheap support seems to be not very helpful. livesupport useless and dumb. up to now I can not say how it was possible to hack this accounts as they are at 2-factor authentication. but i will post it here as soon I find out. check your namecheap accounts and try to use every security they offer. also make a cc forwarding for any emails you might get from namecheap to a second mailaccount because none of my publisher found a mail from namecheap in their regular mailaccounts. so i assume that the hack starts with a hack on the email-account, than they confirm the change and delete the message after. __________________ Open for handpicked publishers and advertisers: www.trafficfabrik.com

07-24-2018, 06:32 AM	#2
Bladewire StraightBro Industry Role: Join Date: Aug 2003 Location: Monarch Beach, CA USA Posts: 56,229	Thanks for the heads up __________________ Skype: CallTomNow

07-24-2018, 06:34 AM	#3
MrBottomTooth Confirmed User Join Date: Sep 2009 Posts: 5,795	Disturbing if 2 factor was enabled.. Hopefully namecheap helps the original owners get their shit back. Hopefully nothing is compromised on namecheaps end. __________________ Get Paid Per Email Like The WEGCASH Days!!!!

07-24-2018, 06:35 AM	#4
Brian mike #Alberta51 Industry Role: Join Date: Oct 2014 Location: USA Territory (Alberta) Posts: 8,434	Thanks for the heads up __________________ Tube - Cam - Escorts - Top List Menu Tab - Banner - Header Link - Blog Post DM me

07-24-2018, 07:27 AM	#7
Arnox Confirmed User Industry Role: Join Date: Sep 2009 Location: Radelaide Posts: 2,162	I'm not sure how a local trojan would have made 2FA not secure enough. Can you reset 2FA on NameCheap and it won't alert the 2FA device? __________________ Need Text? X Copywriters \| Adult Writing Service - [email protected]

07-24-2018, 07:22 AM	#6
Ramp Confirmed User Industry Role: Join Date: Nov 2006 Posts: 4,464	edited...... missed some info

07-24-2018, 07:30 AM	#8
blackmonsters Making PHP work Industry Role: Join Date: Nov 2002 Location: 🌎🌅🌈🌇 Posts: 20,542	Checking mine now. __________________ Make Money with Porn

07-25-2018, 06:55 AM	#17
Matyko PsyHead Industry Role: Join Date: Aug 2005 Location: Hungary Posts: 8,671	Thanks for the heads up! However I left NC some time ago I still have a few domains there. Turned on Two-Factor Authentication. __________________ -=- Register with our ref link and we help you with the setup! -=- AdSpyglass.com - Double your profit from brokers

07-25-2018, 09:22 AM	#19
OneMillionGirls Confirmed User Industry Role: Join Date: Apr 2017 Posts: 949	oh no man __________________ Make Money with OneMillionGirls - Join the New Era of PERFECTION & DirtyTalk