gooddomains

not good :-(

grimmdaddy

I assure you, Peaches is a good friend, but she does not work for me, i couldn't afford her;)

donsimon

I'm the product development manager at directNIC, call me the head techie.

We log everything, so I will give you the description of what happened here. On January 28th, somebody (205.152.129.X) logged into account A, went to the transfer security page and unlocked all of the domains, they then went in and changed 2 contacts. At this point, I am assuming they went to registrar A and submitted transfers for some domains. We received requests about the transfers on January 30, then we sent an email to verify that they wanted to transfer the domains away and the same person who changed the information above approved the transfers.

Then somebody (193.188.105.X) from another IP address came in and changed the email address on those 2 contacts back to what they originally where before they logged in.

The email addresses were changed to [email protected], and then changed back to what they originally were.

So was this a hack, personally, not on our end. The person already knew the username/password when they logged into the account. I could be wrong, but I bet what may be happening is people may be reusing the same usernames/passwords in different places and somebody is not playing nice. I could be wrong, but you never know.

Shoot me an email and I'll see what I can do tomorrow, I know enom is not around today, I just tried to call them.

Send me an email to donny AT intercosmos.com

Donny

Peaches

LOL! I don't now nor have I EVER worked for them. No need to pretend.

I was with Netsol at the beginning - back in the days when domains were $100. Besides being total idiots about their process, I also ended up with several domains that weren't mine. Neither I nor the rightful owner could ever get them moved over. It was a simple typo where some idiot there put in my customer number instead of the correct owner's.

Then I went with another adult webmaster owned service. After having 3 domains of mine mysteriously changed to THEIR contact information and no response from them after several trouble tickets, emails and phone calls, I contacted Directnic, moved my domains there and I've been happy as a pig in shit ever since. In fact, it's probably been over 2 years that I've been there. IF there has been a problem (and I can only think of 2 - both my fault) I have been able to get a response immediately.

However, if I do indeed work for them, could you please get my paycheck from them for me? I seem to be working for free.

Peaches

I work for pictures of sexy man legs

Pipecrew

I like directnic alot, one of the few companies that will fight for you and try to get your stuff back, makes sense a ton of the adult companies are with them.. I just wish I knew better when I had a couple domains at registerfly and they got hijacked.

digifan

Wow that's good news, hats off to Peaches and Directnic!

__________________
[email protected]
Webair Rocks

Peaches

LOL, I had nothing to do with it Well, except for my pathetic attempts to get pictures of Grimm's legs....

SmokeyTheBear

I was seriously considering removing my domains !!! thanks for the quick reply directnic

__________________
hatisblack at yahoo.com

donsimon

Well, keep my address incase something happens ever. I personally normally don't check gfy much anymore, just not enough time. But once grimm told me about it I was reading.

So just email me if you need anything.

Donny
directNIC.com

Tipsy

The above is why I continue to pay a little extra to use Directnic

__________________
Ignorance is never bliss.

Newton - XXXAmigoz

Absolutely delightful .. Directnic are superb

__________________
SIG TOO BIG! Maximum 120x60 button and no more than 3 text lines of DEFAULT SIZE and COLOR. Unless your sig is for a GFY top banner sponsor, then you may use a 624x80 instead of a 120x60.

Alex Xe

i did not like directnic. I lost one .tv domain name because they have problems in software to renew .tv domains at this time.

BluMedia

wow very cool. Having all my domains with you guys I was really concerned but posting on here has restored my confidence with you guys.

Thanks,
Mark

__________________
IntenseCash - If you can't convert us then you might want to look for a new job
.
BrokeStraightBoys.com converting 1:124 stats counted by Nats

arg

It's been a while since I've used directnic, but it sounds like you're not notifying owners of account changes. I apologize if I'm mis-assuming, but if change notices aren't being sent, I think that should be reconsidered. This could have provided an alert about the hijacking attempt before the transfer occurred, even if a hacker did break into the account. The drawback is it can be annoying to domain owners getting too many change notices, but that can be tempered by combining multiple change notices into consolidated messages.

To explain what I mean about change notices, when one or more domains are unlocked, locked, or have contacts, name servers, or other data changed, email the account holder's email address, as well as the current admin contact(s) of the domain(s) in question (if they're different from the account owner's address). Not one message per domain, because if a person does a bulk change, that gets annoying, but a single message saying "these domains were unlocked," or if it's more than a couple hundred, just saying "1,317 domains had their admin email contact changed." Also changes to the account info itself should be similarly confirmed by email.

While I understand this was a hacker who got into the account, I think the registrars who are repeatedly losing domains to hijackers share some similar security weaknesses like this. Try changing domain details at Godaddy for an example of notifying domain owners...they have more domains registered than Directnic or Dotster, but I don't recall anybody reporting hijack losses from them on GFY. It could be coincidence, since the number of hijackings is still very small, but I think things like this can make a big difference.

Thanks for posting details Donny. I'll send this by email in case you don't check back here.

Snake Doctor

I think a good countermeasure to this type of hack would be that if the contact email is changed in the account an email is sent to the previous email account with a confirm link that must be clicked for the change to be processed.

Then we'd get emails from directnic when someone was trying to hack our shit.

__________________
sig too big

DarkJedi

Yeah, that's a pretty good idea.

I got a few domains at godaddy too (God, I hate their interface) but I get a notification email about ANY changes in my account.

IPK

great post argy

__________________
DomainerResource.com
strategies for monetizing and investing in domain names...

pradaboy

I agree with arg... a notice should be sent when anything vital has been changed. I think even RegisterFly does that and we all know they're not safe lol.

I have recently decided to keep all my own names @ Moniker, they do not allow any transfers away from them without prior notice and verification. Also NO hijacks have been attempted/succeeded on domains @ Moniker.

__________________
Media Buyer - Sell me your traffic!
FREE to register domains...
Better than 99% of the crap sold here!

grimmdaddy

How many do you want, warning, i dont shave my legs;)

BluMedia

I think entering a pin code to transfer domains as an option would be great. This would go well with the other security features you already have.

Mark

__________________
IntenseCash - If you can't convert us then you might want to look for a new job
.
BrokeStraightBoys.com converting 1:124 stats counted by Nats

vicki

domainnamesystems also has one of only 10 people in the world who have a degree in computer security forensics working for them ;)

__________________
If at first you do succeed - try to hide your astonishment.

HR merchant accounts from 3.45%
solid biz since 98
victoriakozub AT gmail.com
skype: victoria.kozub | ICQ: 74296746

pradaboy

sounds impressive

__________________
Media Buyer - Sell me your traffic!
FREE to register domains...
Better than 99% of the crap sold here!

donsimon

I'll respond to everything below.

Actually we are notifying customers when their account information is changed, we have been for about 3 years. And actually nothing else can be changed until they verify that their information is correct when we send them an email. But that is on an account level, when you get to a domain level things start to get a little more complex.

We already have this in place as well, but since on average we have 75,000 nameservers + contacts changed a day on average, the annoyance factor was starting to kick in for our customers. This whole process is being revamped right now and it should be done on Thursday. The big problem is do you who do you notify? The owner of the account or the domain admin contact? What happens if the email bounces? Should everything be rolled back? There are many considerations that need to be taken into account, but this still does not solve the problem of somebody getting their yahoo/hotmail email account hacked. But something will be in place by Thursday afternoon which will be very different that what anybody offers today.

The reason you don't hear about many Godaddy highjacked domains here, is because many adult webmasters don't have their domains registered with Godaddy. In the past 6 months, I know of 5 domains that were legit highjackings. This one which is still very interesting, 2 yahoo email account hacks and 2 hotmail account hacks. The second 2 nobody can stop, the first one we can slow down, but if the owner of the domain has correct information on Thursday this will never happen again. But personally, I think that about 65% of all domains have valid WHOIS information. All the rest is crap, and guess what percentage are usually hacked? That 35%. Then there is a technique that I've seen a few times, that nobody can stop, that we have always attempted to use as a benchmark against any security system we develop. I won't even describe how it works, but I can say that if you had some time, you could probably highjack 30,000 domain in a weekend.

Sorry for the long reply, but just so everybody knows, I do have a very good idea the person was that stole domain and guess what, he's an adult webmaster. Interesting, I wonder if he reads gfy? It's funny when certain people use web-based email clients and don't realize that sometimes web bugs are in the html to see if somebody actually looked at the email or not. Open email via a non-proxy ip address, then click the link in the email 30 seconds later via a proxy ip. Amazing!

Donny

arg

Great that you've got more improvements in the works, whatever they are. I understand many of the challenges you mentioned, though for many there are also mitigating solutions.

Annoyance factor for every change for big domain holders would be huge. Just allow users to reduce the level of notification if they choose to, but by default, have notifications for all the main changes. Just like domains should be locked by default. Which email address to send to? By default, admin and account, just one message if they're the same, two messages if they differ. But again allow an advanced user to choose. Also, consolidating messages would help, some registrars send out thousands of messages for a bulk request on the same account; there are some common sense approaches to reducing annoyance.

I think I'd also consider an auto-relocking feature. If a domain has been unlocked for two weeks, with no transfer requests, send a notice to the user and automatically relock it. Again, the annoyance factor would be huge for certain customers, so allow them to disable auto-relocking, but have it on by default.

I have no idea if Directnic does this, but when a domain is transferred in, I think it should also be automatically locked...some registrars lock all new regs by default, but not transferred-in regs.

Hijacked email, I agree, there's little you can do, especially if a domain is already unlocked. Most registrars have account password protection as well, but when you lose the password, many just send it to the email address, so basically if your email account is compromised, you can lose all your domains. There are added checks you can put in place, but they can be complex and costly, and still aren't foolproof. (Automated phone confirmation, for example, but phone numbers change too).

Your point is taken about relatively fewer webmasters using GoDaddy here...I'm pretty sure directnic has a higher marketshare among GFYers than among domain holders as a whole. Still, I think Godaddy's system would have prevented the sort of hijack in this particular instance.

donsimon

Trust me I know how Godaddy's and most of the other large registrars systems work, and Godaddy's would not have stopped this problem. There are about 15 different things that a person can do to hack an account at any domain registrar.

Some have good systems for security, some I don't even think have security at all.

But about 99.9% of the time, it's registrant error, either the current registrant did something wrong or the new registrant did something wrong. But as a registrar, I can only do so much to protect as many people as I can, and that's what I try to do.

Donny
directNIC.com

donsimon

Just as an FYI, we have implemented all of our security enhancements, I was working on. You can now turn them on in the Customer Settings area once you are logged into directNIC.

Donny
directNIC.com