Well the hosting is definately not from around here...

Tracing route to xybererotica.com [64.69.38.2]
over a maximum of 100 hops:

1 7 ms 16 ms 8 ms 10.113.120.1
2 9 ms 7 ms 7 ms gw03-vlan201.bloor.phub.net.cable.rogers.com [66
.185.90.1]
3 7 ms 46 ms 9 ms gw01.bloor.phub.net.cable.rogers.com [66.185.83.
149]
4 15 ms 7 ms 8 ms gw02.bloor.phub.net.cable.rogers.com [66.185.80.
242]
5 18 ms 16 ms 45 ms igw01.chfdrl.phub.net.cable.rogers.com [66.185.8
1.1]
6 33 ms 55 ms 47 ms if-3-0.core1.CQW-Chicago.teleglobe.net [216.6.16
.1]
7 34 ms 48 ms 32 ms if-1-0.core3.CQW-Chicago.Teleglobe.net [207.45.2
23.181]
8 32 ms 31 ms 35 ms if-7-0.core1.CT8-Chicago.teleglobe.net [66.110.2
7.77]
9 48 ms 34 ms 34 ms so-1-2-0.e1.Chicago1.Level3.net [65.59.88.193]
10 * * 33 ms so-2-1-0.bbr1.Chicago1.Level3.net [209.244.8.9]

11 99 ms 98 ms 126 ms so-0-2-0.bbr2.LosAngeles1.Level3.net [64.159.0.2
46]
12 97 ms 99 ms 98 ms so-11-0.ipcolo2.LosAngeles1.Level3.net [4.68.96.
62]
13 83 ms 82 ms 95 ms unknown.Level3.net [63.209.82.190]
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * 1772 ms 1754 ms gsr12000.calpop.com [64.27.16.17]
18 2541 ms * * gige-wcx1-pos6-0.hostingkuwait.com [64.27.16.26]

19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.

yes i figured that out now . I assumed as much but alot of the companies are obviously the same foreign company

Better yet, send in an anonymous tip to homeland security telling them that the company is a front for Al queda and other Muslim terrorists.

sure it is:

whois 64.69.38.2

OrgName: CoreExpress
OrgID: COEX
Address: 600 W. 7th Street
City: Los Angeles
StateProv: CA
PostalCode: 90017
Country: US

NetRange: 64.69.32.0 - 64.69.47.255
CIDR: 64.69.32.0/20
NetName: COREEXPRESS-BLK-1
NetHandle: NET-64-69-32-0-1
Parent: NET-64-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.CALPOP.COM
NameServer: NS2.CALPOP.COM
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2000-04-11
Updated: 2004-08-06

heres the site that offers the service

http://www.valis.org/usbpp/default.html

It didn't notice the GFY search is working again. Just for reference (and in case the search goes down again), the original thefts were described in the threads at:

http://www.gofuckyourself.com/showth...easy-dater.com
http://www.gofuckyourself.com/showth...easy-dater.com
http://www.gofuckyourself.com/showth...easy-dater.com
http://www.gofuckyourself.com/showth...easy-dater.com

I didn't notice the last thread until today -- Dotster had told me about DirectI wanting the $7 -- I was in shock then, and still in shock today. Registrars screw up, and the victims pay even more, sheesh.

I still recommend OpenSRS (although some other registrars are good too). Microsoft.com and Citicorp.com are both registered at OpenSRS, for example.

Yeah was just checking ARIN. The Kuwait part got me thinking conspiracy theory.

lol what a service

you get your own online checking account
a visa card with a u.s. address
an llc setup
a u.s. ein #
and a u.s. merchant account

all for less than 2 grand .. wow thats not a bad deal , but the feds will eventually come knocking

Doing a whois on all your domains is a pain if you own a few. JulianSosa suggested a script to do a whois and email changes once or twice a day. Good idea.

I get email notifications of any changes now from the registrar That is all I am going to say about that in the thread.

Vox, Homeland Security?? Like they care about porn sites. This is gonna have to affect a big mainstream account or several. Maybe an RK site would get some attention, but don't wish this on anyone.

Look up they didnt just hijack adult domains . The majority of the high profile names were not adult names

50 hijacked domains...

This stuff is unreal.

Matt

again .. my advice, pay 2x for a registration handled by small small companies that dont use auto-authorization shit for domain settings. For the amount of times u'd realistically fool with your domain settings, why risk losing it for their fast service.

Good news...

The Domain Name is currently resolving to ns1.candidhosting.com & ns1.candidhosting.com, the Name Servers to whihc it was set prior to Transfer.

We have placed a Register Lock on the Domain Name so that no can make any changes to the Domain Name or have it Transferred Away.

You are advised to get in touch with the Transfer Dispute Department at the previous Registrar. They will in-turn contact our Transfer Dispute Specialist at DirectI, to investigate the case.

We understand your anxiety at this time, and hope this case is resolved soon. We appreciate your patience in the interim.

Kind Regards,

Andy
DirectI.com

looks like this matter will be resolved very soon :)

This is downright scary

Yep.. someone should do that.

hijackers should goto jail

The cocksucker who is stealing these domains should be shot and hung.

Looks like your assumptions proved to be right Smoky. The reseller was involved in this and not just the one individual according to DirectI

Sorry to hear this man ! It suck big time !

muff - shoot me an email at donny AT intercosmos.com and I'll take a look at everything in a few hours. Just let me know what domains were taken and I can find every bit of information about the problem.

directi is normally pretty good now since their CEO is the president of the domain registrars group.

Thanks.

Donny
directNIC.com

what the fuck is up with directnic's PIECE OF SHIT security?!!??! If these domains were LOCKED, how were they transferred?

I would imagine the e-mail address was hacked and then the password was obtained in that manor. If that's the case it's not directnic's fault.

I think a easy way to combat this is, number one do not use the same e-mail that is in your whois info as your account info at your registrar.

Then number two I think the registrar should allow you to set up to 3 different e-mails for notification when any changes take place on your account. Registryfly does this and I'd say it would be pretty hard to hack 3 different e-mail accounts. Especially when the hacker wouldn't know two of them unless he gained access to the registrar's data base, but even then the data could be encrypted.

Muff, can you please contact me ?
Same thing happened to me.
I'd like to talk to you.

icq 30 144 710

Sorry, I had to respond to this one, since I wrote the security system myself. Our security system is one of the most secure systems around. It combines ease of use and multiple levels of security at the same time.

First you have the username/password system. Which we require the username and password to be a minimum of 6 characters and both are case sensitive. The password can not be based on any dictionary word, so even passwords like "bitch1" won't work. Now the only other option which I personally use myself is if we required people to have upper, lower, numbers and punctuation. But technically we have people that get confused on what a domain is much less trying to tell them that they have to use upper and lower case letters.

Now we do have some additional security built in, but I won't go into that part.

Then you have the transfer/domain security. Which allows somebody to lock down an individual domain or their entire account. Kind of speaks for itself.

Then if somebody attempts to transfer a domain away that is on normal transfer security we send you an email asking you if you want us to approve it or not. And this email actually goes to 2 different contacts, the person who owns the account and the admin contact of the domain.

So please don't call something a PIECE OF SHIT, when you don't have a clue what you are talking about. Let's not talk about different domain registrars, every registrars is good or bad about something.

Donny
directNIC.com

Donny. Sent you an email.

Talking to Dark Jedi now about his problem.

Just wondering when did this go into affect? my pass is and always was a combo of two dictionary words.. I think I'll change that now that I think about it. But seems old users were not made to use this system?

Would you conceder doing like I posted above and allow users to have 2 back up e-mail address to have notifications sent to on account changes? This way even if the main e-mail address gets hacked The user would still get a notification on the changes by the back up e-mail address.

This address is the address of a company incorporation service who also offers mail forwarding. This is the company - http://www2.valisinternational.com/?pg=defaultbody


Jayson

Unless you were one of the first 100 or so customers we had that should already be in there. but it does take into account what the percentage is of the password. We tried not to make it impossible to get around.

Actually, I'm thinking of something that is similiar to what you mentioned, but may be a little more than that. Since Tuesday is Mardi Gras here, I may not be able to implement it until later this week. But, yes, I will be implementing more security even though both of these occurences that have happened are completely different.

Donny

Huh.. they have been promoted on other adult boards too as an excellent service with this link:
http://www2.valisinternational.com/?pg=defaultbody

yea I'm not sure how old my account is, the domain was registered in 2001. I bought a domain from a guy a year or two back because he was getting out of the biz so I took over his account. I've had the account since then, so he may have been one of your first customers.

Sounds good on the e-mail thing, what I mentioned is just pretty basic stuff. I'm sure a lot could be done to at least put a stop to guys that are hacking e-mail account to gain access.