I got a major URL hijacked. I need help. Major Help.
 

here's what's happened to me over the last 24 hours or so.

I'm no programer. I'm a marketer.

One of my gallery urls (easy-dater.com - don't load this url- full of trogran installs now) somehow got the resister changed. It was with dotster. I THOUGHT it was locked down - I got no email conformation on the transfer from dotster at all - the url just suddenly dissapeared to install hell. Ok shit happens, I can deal with that.

The Hijacker was using amateurpages and tripleXcash, Now PLEASE don't blain these people at all, I'm not panicing about this part, icqs have been sent to these companies to have the account shut down, and as these are good honest companies I'm sure they were not aware of this at all and would not support a hijacker in any way shape form or fashion. I could make a phone call to get that done immediatly but I just sent them icqs cause as long as that's dealt with in the next few days that's cool as this part isn't a panic situation. No worries there.

I tried to contact dotster, my register - all phone numbers and teck support is out till monday. 24 hours of hell so far......UGGGGGG

I tried to contact the new registar - in india - they say they can't do anything till monday. Same agrivation

In the mean time i loose MILLIONS of hits a day and tens of thousands of dollars in pre-paid ads and pre-purchased bandwidth, not to mention all my archive placements on the galleries is lost forever - 2 years worth of submitting gone - that was a great steady revenue source to say the least that cannot be replaced.

To put it lightly this hurt me BADLY. No i'm not bankrupt, I have many ventures, but this one was basically whipped out and I can't even get ahold of either registar to do anything about it - i have to sit here till monday loosing everything i built up to this THEIF. Life goes on.

So here's what REALLY pissing me off though. I find the web host the hijacker used and is sending all my traffic though. I tell them about the hijack and I know - to them it's "he said she said" but here's the thing, I told them a lawsuit will occur and i know that up to this point they really didn't know anything about this, but now that they do know and the hijacker has 5 auto installs (nasty ones too) and FALSE WHO IS info (obviously false too) on the urls so please take down the urls. That is immediatly undisputable and reason to suspend an account and take a page down. I get a bit of a run around and then finally get an email from them that says

"I have contacted the server administrator and asked him to remove the domain for the time being until the situation is resolved.
Hopefully he will be able to take care of this shortly, but I was unable to reach him by phone. I will let you know when we hear back from him."

ok - this ADMITS they agree the site needs to come down, but WHAT THE FUCK? They have 24/7 teck support - HOW FUCKING SIMPLE IS IT TO PULL THE GOD DAMN PLUG on this site? It's got false who is and over 5 nasty autoinstalls on it - a no brainer to cancel this account. It's still up - it's been several hours now since I got that email. Needless to say I'm MORE than pissed.

the hosting company is eviservers http://www.ev1.net/english/contact/index.asp


Does anyone here know HOW to get this site down? the longer it stays active the more damage it does to me. I'm open to ANY ideas at this point as my fustration level is beyond redline now.

damn. that is beyond fucked up

THANK GOD I live in Canada and can't get a handgun - if I could they would be dead bodies in piles all around me right now

Ouch... sue your registrar.

Wow that sucks major ass, but im not sure you'll be able to do much at this time or until around tuesday considering most registers take off weekends and any other day they can. Only thing you could do is ddos your own website so whoever jacked it from you can't benifit from it. Either way good luck.


ok, i drank to much. Excuse this confusing thread with its rambling and spelling errors.

WOW that is fucked up! Anyone at your hosting co. might help you?

time for a ddos

its the same guy that took out your forum and also thehun

i can try - they are full of disclaimers though but still, it's pretty fucked up. That's a LONG RANGE THING, right now all I see is the short term problem - getting the site down.

sorry to here that :(

Whoever calls the shots in your company is an idiot :1orglaugh

Sleazy see if you can get a dedicated account rep and stuff.

Best of luck to ya, everyone insisted that the new rules would not be a problem but obviously that is not the case. :disgust

iframedollars.biz

my hosting company would bury the bodies of anyone I killed with what i pay them- but the url isn't AT my hosting company anymore - it was changed at the register - nothing to do with my hosting company.

Damn, that would fuck shit up.

can you take him out?

Damn... I thought I was having a bad day.

Last time I checked, Canadians can own handguns

Hate to tell you this sleazy but you maybe out of luck on Monday to as it's a holiday for most here in the states. Martian Luther King Day..

Good Luck Sleazy... sorry to hear about the shit man :disgust

I can take him to a dinner and a movie. Or where you hoping for a ddos? Just list the sites and ill get on it :Graucho

Ev1 is run by pretty good guys. Go into their forums boards and post the whole story - and I'll bet either the CEO (headsurfer) or one of the customer server managers will help you.

They have a very active bulletin board.

Good Luck, what a nightmare.

That sucks Sleazy. I hate to hear that happened to you.

mmm a theory on how registar got changed and now email got there.

thanks to the new domain law or whatever you want to call

no reply to tranfer email entitles them to transfer

maybe email got fucked on trash can by outlook or email filters (notification of transfer email) and you did not catch it so they were entitled to it.

i noticed filters filter most emails sent from scripts.

:2 cents:

Get 20-30 people you know to all email the abuse at ev1 and claim that they are getting spam with links to the domain in question.
ev1 is known for unplugging servers when it comes to spam realted things.

you need an intellectual property attorney asap on this imho

and- move to directnic

ICANN's new policy:

In an effort to streamline the domain transfer process, ICANN is imposing new regulations as of November 12, 2004. Section 3 details when and how registrars must handle transfer requests:

"Failure by the Registrar of Record to respond within five (5) calendar days to a notification from the Registry regarding a transfer request will result in a default "approval" of the transfer.

In the event that a Transfer Contact listed in the Whois has not confirmed their request to transfer with the Registrar of Record and the Registrar of Record has not explicitly denied the transfer request, the default action will be that the Registrar of Record must allow the transfer to proceed. "
In non-bureaucratic language, this means that anyone can transfer your domain name to a new registrar and change the contact and nameserver information if you fail to respond to the transfer notification within 5 calendar days (not working days!).

This completely changes the previous system, whereby the transfer was denied if the owner failed to respond.

monday - can't get them sun night

That's fucked up...Fucking scum sucking weasels

i know - there is NOTHING in dotstar in my messages there about this and I got NO email saying this was going to happen - i'm totally stumped as to how they were able to do it.

I know it's nothing to do with your hosting sleazy, I meant that some hosting companies have very smart people that work at them and they could help you. I know mine has and have helped me with issues in the past. (different issue though) but still they might know something you , me , or someone else here does not. :2 cents:

every single one of these lately is all the same sponsor IFRAMEDOLLARS.BIZ

Its not a coincidence

sorry to hear this. these people should spend more time building their own sites than trying to take other peoples.

they do - they gave me a lot of info on him

these fuckers in US?

CoreExpress
OrgID: COEX
Address: 600 W. 7th Street
City: Los Angeles
StateProv: CA
PostalCode: 90017
Country: US

NetRange: 64.69.32.0 - 64.69.47.255
CIDR: 64.69.32.0/20
NetName: COREEXPRESS-BLK-1
NetHandle: NET-64-69-32-0-1
Parent: NET-64-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.CALPOP.COM
NameServer: NS2.CALPOP.COM
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2000-04-11
Updated: 2004-08-06

NOCHandle: ZC46-ARIN
NOCName: ipadmin
NOCPhone: +1-213-627-1937
NOCEmail:

TechHandle: ZC46-ARIN
TechName: ipadmin
TechPhone: +1-213-627-1937
TechEmail:

OrgTechHandle: ZC46-ARIN
OrgTechName: ipadmin
OrgTechPhone: +1-213-627-1937
OrgTechEmail:

no fucking kidding

check the status of your domain.

http://www.internic.net/whois.html

enter your domain name and check the STATUS. What you want to see is this:

Status: REGISTRAR-LOCK.

Registrar-lock means that your domain name is locked and can't be transferred until you manually "unlock" it. A lock keeps any transfer from taking place, so be sure to unlock the domain before you try to transfer it.

Some registrars automatically lock domain names, while others offer it as an option. Check with your registrar to be sure your domain name is safely locked away. There should not be a charge for this service.

you can email our brian and it is possible he will start on this over the weekend if you like. perkins coie is the firm here in s.f..


another thing i see lately are people using the new icann reg's as part of a phishing scheme mail body. they are trying to get your domain account info. be careful all- it's muddy out there lately

1-866-host-time

CalPOP.com, Inc.
600 W. 7th St. Third Floor
Los Angeles, CA 90017
(213) 627-1937 Voice

thats the refresh page have them pull it , its the host

damn sleazy.... im sorry that happened to you.

i hope you get it all straightened out, and that thief gets whats coming to him.

odd - this is the who is I get? Where did you get that one?

[whois.directi.com]
Registration Service Provided By: QNIC
Contact: [email protected]
Website: www.qnic.com
Abuse Desk Email Address: [email protected]

Domain Name: XYBEREROTICA.COM

Registrant:
Xybererotica
Xybererotica ([email protected])
Xybererotica
Xybererotica
null,12345
AF
Tel. +1.23456789

Creation Date: 25-Nov-2004
Expiration Date: 25-Nov-2008

Domain servers in listed order:
ns1.xybererotica.com
ns2.xybererotica.com
ns3.xybererotica.com
ns4.xybererotica.com


Administrative Contact:
Xybererotica
Xybererotica ([email protected])
Xybererotica
Xybererotica
null,12345
AF
Tel. +1.23456789

Technical Contact:
Xybererotica
Xybererotica ([email protected])
Xybererotica
Xybererotica
null,12345
AF
Tel. +1.23456789

Billing Contact:
Xybererotica
Xybererotica ([email protected])
Xybererotica
Xybererotica
null,12345
AF
Tel. +1.23456789

the people you need to talk to is your registrar they can reverse a change instantly

thats the hosts ip owner

the domain is still active so your registrar can reverse that but wake someone up

Oh Sleazy, that sucks :( I hope you get it straightened out soon. This kind of stuff always happens on three day weekends it seems :(

Well quit crying about it on here and do somthing about it

wow that's fucked up, I really have no idea why they changed everything so that we all have to 'lock' our domains. It now is only easier to steal for domainthieves...
I have my domains locked, but still alot of people don't.