I got a major URL hijacked. I need help. Major Help. - Page 5 - GoFuckYourself.com

Varius · 01-16-2005, 03:42 PM

Short-term, the way I see it is you have two main options to get it down.

1) Get someone to ddos the site, since the host can't even reach their sysadmin I doubt they will be able to stop the attack.

2) Get someone to hack their registrar login, change the dns back to you, change their password so they can't go back and change it until atleast monday.

Those are the only short-term options I could see for you.

KCat · 01-16-2005, 03:49 PM

Call EV1 directly. I used to have a box there & there TOS is very clear on hosting viruses, trojans etc. They probably won't want to get into the hijack issue, but might suspend the account based on the other nastiness.

pxxx · 01-16-2005, 03:53 PM

That sucks, it kills me to see stuff like this happen to people.

pussyluver · 01-16-2005, 04:17 PM

Quote:

Originally Posted by Ron Bennett

Only Registrar-Lock protects one from bogus Registrar Transfers. Account passwords, etc are meaningless in this context - they only protect one's account at their current domain registrar.

The new domain registrar is who makes the transfer request - this is the step, in which one would assume logically, the "losing" domain registrar would be required to confirm the request, etc ... but the system does NOT work like that ... if the domain transfer isn't explicitedly rejected, it happens AUTOMATICALLY!

To make matters worse, a recent ICANN policy change Nov-12-2004 strongly discourages "losing" registrars from requiring any email acknowledgement from the registrant ... so now, not only do domain transfers happen automatically unless explicitely canceled (this part has long been true), the registrant need not be notified at all!

Oh, and hang on tight for the best way to "hijack" domains still isn't widely used yet ... which way is that ... by using the Whois Data Problem Reports System ... now one can actually get grab many nice domains they want, often LEGALLY!

Fortunately, WDPRS still isn't widely known by domain hijackers, but be aware this is a security hole EVEN BIGGER ... because NOT even Registrar Lock protects one's domains from being deleted in as little as *15 days* and subsequently registered by someone else (ie. the hijacker, etc). Ie. A missing country-code in the phone number field is a legitimate reason to file a Whois Data Problem Report - everyone has their correct country code in their Whois, right? LOL! ... point is many domains are vulnerable to this type of attack.

For more information on WDPRS ... see http://wdprs.internic.net/ and also do a search for WDPRS on Google / DNForum.com ...

Ron

The whois at http://wdprs.internic.net/ will confirm wether you have a registrar-lock or not.

Great post Ron - Thanks

AgentCash · 01-16-2005, 04:28 PM

I didn't read this thread all the way through so someone may have posted about it but Panix - New York's oldest ISP just had their domain hijacked in a similar fashion. They were also using Dotster.

http://it.slashdot.org/article.pl?si...tid=172&tid=17

Frank The Tank · 01-16-2005, 04:46 PM

trust smokey sleazy hes a good guy ...

worse comes to worse get a kiddie hacker to kick his ass

s9ann0 · 01-16-2005, 04:51 PM

not locking domains bit of a newbie

QuaWee · 01-16-2005, 05:00 PM

that sucks man, good luck with dealing with the moron

Dirty D · 01-16-2005, 06:07 PM

This is a registrar problem....

I am sure you will get it sorted out, but it will take a week or so.

I got FUCKED by a registrar last year named JOKER.COM
150+ domains shut off for over a week.
The joke was on me for using them for my domain registrations.

NEVER use joker.com as a registrar
If you do have domains at Joker.com, move them immediately.

pussyluver · 01-16-2005, 06:09 PM

Cause the trolls wanna know:

Registration Service Provided By: QNIC
Contact: [email protected]
Website: www.qnic.com
Abuse Desk Email Address: [email protected]

Domain Name: EASY-DATER.COM

Registrant:
None
None ([email protected])
None 123
None
null,12345
AF
Tel. +1.123456789

Creation Date: 12-Feb-2002
Expiration Date: 12-Feb-2009

Domain servers in listed order:
ns1.suspended-domain.com
ns2.suspended-domain.com

Administrative Contact:
None
None ([email protected])
None 123
None
null,12345
AF
Tel. +1.123456789

Technical Contact:
None
None ([email protected])
None 123
None
null,12345
AF
Tel. +1.123456789

Billing Contact:
None
None ([email protected])
None 123
None
null,12345
AF
Tel. +1.123456789

Status:SUSPENDED
Note: This Domain Name is Suspended. In this status the domain name is
InActive and will not function.

If this one was fake drama - dam good job.

Ron Bennett · 01-16-2005, 06:42 PM

While on the topic of newbies and registrar-lock ...

GFY.COM and GOFUCKYOURSELF.COM appear to be UNlocked too ... thus are extremely vulnerable to being hijacked.

Ron

pushpills · 01-16-2005, 07:17 PM

you didn't back it up in 2 years? you've spent 30% of those years posting on gfy but couldnt take the time to do a backup of the site?

Basic_man · 01-16-2005, 07:23 PM

Holy shit man ! That sucks big time ! I feel sorry for you about that

Hope you'll find the fucker and FUCK HIM !!!

gornyhuy · 01-16-2005, 08:02 PM

Do us all a favor and start a class action suit against ICANN and get everyone who's ever been domain-jacked to join in.

I feel your pain (to a much lesser degree) my biggest SE revenue domain by far got banned by yahoo due to some fucker making a duplicate site and playing those games. Massive instant overnight loss.

Donny · 01-16-2005, 08:36 PM

I highly recommend directnic for domain registrations.

01-16-2005, 03:42 PM	#201
Varius Confirmed User Industry Role: Join Date: Jun 2004 Location: New York, NY Posts: 6,890	Short-term, the way I see it is you have two main options to get it down. 1) Get someone to ddos the site, since the host can't even reach their sysadmin I doubt they will be able to stop the attack. 2) Get someone to hack their registrar login, change the dns back to you, change their password so they can't go back and change it until atleast monday. Those are the only short-term options I could see for you. __________________ Skype variuscr - Email varius AT gmail

01-16-2005, 03:49 PM	#202
KCat Confirmed User Join Date: Sep 2002 Location: PNW Posts: 2,204	Call EV1 directly. I used to have a box there & there TOS is very clear on hosting viruses, trojans etc. They probably won't want to get into the hijack issue, but might suspend the account based on the other nastiness. __________________ ~ 300+ FHGs, 100,000 pics to use plus a rockin' Video of the Day download! ~

01-16-2005, 04:46 PM	#206
Frank The Tank Confirmed User Join Date: Dec 2003 Location: Ireland Posts: 3,225	trust smokey sleazy hes a good guy ... worse comes to worse get a kiddie hacker to kick his ass __________________ aim : titanceltic icq : 307499327 Frank[@]babesandstuff.com

01-16-2005, 05:00 PM	#208
QuaWee Confirmed User Join Date: Jul 2004 Location: boogers Posts: 5,791	that sucks man, good luck with dealing with the moron __________________ i luv mainstream

01-16-2005, 06:07 PM	#209
Dirty D Confirmed User Join Date: May 2002 Location: Paying Webmasters Millions Since 1999 Posts: 4,044	This is a registrar problem.... I am sure you will get it sorted out, but it will take a week or so. I got FUCKED by a registrar last year named JOKER.COM 150+ domains shut off for over a week. The joke was on me for using them for my domain registrations. NEVER use joker.com as a registrar If you do have domains at Joker.com, move them immediately. __________________ Dirty D - ICQ #1326843 - $1 Million Dollars of Bonus Money - 8,000+ FHG! Glory Hole Girlz - Crack Whore Confessions - Tampa Bukkake - Slut Wife Training - Fuck a Fan Electricity Play - Porn Video Drive - Theater Sluts - Skunk Riley - Ukraine Amateurs - Strapon Sessions

01-16-2005, 03:53 PM	#203
pxxx First African GFY Member Join Date: Mar 2004 Location: New Jersey Posts: 12,114	That sucks, it kills me to see stuff like this happen to people.

01-16-2005, 04:28 PM	#205
AgentCash Confirmed User Join Date: Feb 2002 Posts: 720	I didn't read this thread all the way through so someone may have posted about it but Panix - New York's oldest ISP just had their domain hijacked in a similar fashion. They were also using Dotster. http://it.slashdot.org/article.pl?si...tid=172&tid=17

01-16-2005, 04:51 PM	#207
s9ann0 Confirmed User Join Date: Sep 2001 Location: Boston Posts: 4,873	not locking domains bit of a newbie

01-16-2005, 06:09 PM	#210
pussyluver Clueless OleMan Join Date: Mar 2003 Location: ICQ - 169903487 Posts: 11,009	Cause the trolls wanna know: Registration Service Provided By: QNIC Contact: [email protected] Website: www.qnic.com Abuse Desk Email Address: [email protected] Domain Name: EASY-DATER.COM Registrant: None None ([email protected]) None 123 None null,12345 AF Tel. +1.123456789 Creation Date: 12-Feb-2002 Expiration Date: 12-Feb-2009 Domain servers in listed order: ns1.suspended-domain.com ns2.suspended-domain.com Administrative Contact: None None ([email protected]) None 123 None null,12345 AF Tel. +1.123456789 Technical Contact: None None ([email protected]) None 123 None null,12345 AF Tel. +1.123456789 Billing Contact: None None ([email protected]) None 123 None null,12345 AF Tel. +1.123456789 Status:SUSPENDED Note: This Domain Name is Suspended. In this status the domain name is InActive and will not function. If this one was fake drama - dam good job.

01-16-2005, 06:42 PM	#211
Ron Bennett Confirmed User Join Date: Oct 2003 Posts: 1,653	While on the topic of newbies and registrar-lock ... GFY.COM and GOFUCKYOURSELF.COM appear to be UNlocked too ... thus are extremely vulnerable to being hijacked. Ron __________________ Domagon - Website Management and Domain Name Sales

01-16-2005, 07:17 PM	#212
pushpills Confirmed User Join Date: Jan 2004 Location: CHICAGO Posts: 3,700	you didn't back it up in 2 years? you've spent 30% of those years posting on gfy but couldnt take the time to do a backup of the site?

01-16-2005, 07:23 PM	#213
Basic_man Programming King Pin Industry Role: Join Date: Oct 2003 Location: Montreal Posts: 27,360	Holy shit man ! That sucks big time ! I feel sorry for you about that Hope you'll find the fucker and FUCK HIM !!! __________________ UUGallery Builder - automated photo/video gallery plugin for Wordpress! Stop looking! Checkout Naked Hosting, online since 1999 !

01-16-2005, 08:02 PM	#214
gornyhuy Chafed. Join Date: May 2002 Location: Face Down in Pussy Posts: 18,041	Do us all a favor and start a class action suit against ICANN and get everyone who's ever been domain-jacked to join in. I feel your pain (to a much lesser degree) my biggest SE revenue domain by far got banned by yahoo due to some fucker making a duplicate site and playing those games. Massive instant overnight loss. __________________ icq:159548293

01-16-2005, 08:36 PM	#215
Donny As you wish... Industry Role: Join Date: May 2002 Posts: 13,754	I highly recommend directnic for domain registrations.