Today, when i try to log into my reseller enom account, i found that my password is rejected... so i go to the system to retrieve it and the system send me a error!!!

So, i sent a email to enom about that.
I do also a whois research on one of our domain name with enom and i found that:
Registration Service Provided By: Darfos Internet Technologies
------}Contact: thu1983@gmail.com
Visit: http://www.thebulkregistry.com


The contact of my reseller account should be support@darfos.net and not thu1983@gmail.com!
Who is thu1983@gmail.com?? i found that on him on google: http://www.google.ca/search?hl=fr&q=thu1983@gmail.com&btnG=Recherche+Google&meta=

If this guy hack my enom account, you should check if yours is not hacked because my enom password had 10 caracteres!!!

Moved to domain forum.

10 characters in your password is a good start.

Not having used that password anywhere else is more important.
Having a password not made of dictionary words is more important.
Not using munged dictionary words and thinking your're secure because your password has a digit in it is more important.
Having a password made of mixed alpha-numerics and symbols is more important.

Additional length in a password only slows down someone brute forcing your password. Given time they WILL eventually get it.

Somehow, I don't think they obtained your password by brute forcing it so the length of your password was irrelevant. I also would wager theres not a major technical problem with eNom's password security system. That would point the finger back at you.

That said, I'm sorry to hear it, and hope they are able to quickly restore things for you.

A 10 chars password hacked is a too bad and unexpected experience. At the moment i have been lucky with this and my accounts haven't been hacked.

Anyway, when your account gets restored by eNom, could you post how long has took them to fix this problem? It may be interesting for all current resellers that could be in a situation like that.

Good luck with this :)

I sent enom 2 emails this moorning and i still wait their reply...
The password is only used with enom and hard to find...

I cannot understand how he found my username+password... maybe enom database is hacked???

Uh... have you tried to scan your HD with an updated av? Perhaps someone has get to put a Trojan in one of the PC you use for login in your eNom account.

Yeah, i know, this is a "n00b answer", but perhaps it is the cause...

You'll get faster results by calling eNom on the phone. Time is important in this case. Call them immediately.

--Tina

I would have to lean towards a trojan key logger....

I cannot call to US where i'm located now...
I work with my laptop that is clean... my computer is broken since 1 month... but maybe i was an trogen key logger on it.....


I just get a email from Enom...7 hours after i was sent my email!...at least the account was locked!
Provide the documentation so that I can investigate the matter or your
account will stay locked. The choice is yours. You will also be assessed
a fee for our time as per the terms and agreements.

Mike, Fraud Credit

http://www.enom.com

An ICANN Accredited Registrar


-----Original Message-----
From: emeric @ darfos.net
Sent: Thursday, August 10, 2006 5:12 AM
To: FraudCredit
Subject: RE: Account hacked

Hello,

Why you want the copy of my ID card?
our paypal account is paypal @ darfos.net and i refill my account 1 or 2 time with
my corporate americanexpress credit card.

Tnanks.

Emeric
**************************

... i will wait their reply for...tomorrow?!

Hello Mike,

Do you receive my others emails?
if not i will paste them here.
You will assessed me fee because someone hack my account with you? my account had a secure password of 10 caracteres!

^^^^^^
Waaaaaa

I have the proof that someone hacked my enom account.
He changed my company email that show in Whois!!!!!!!!

look the whois for imperialregistrar.com (my company hosting domain name):
Registration Service Provided By: Darfos Internet Technologies
------}Contact: thu1983@gmail.com

Domain name: imperialregistrar.com

Registrant Contact:
Darfos Internet Technologies (info@darfos.net)

You see the contact is now thu1983@gmail.com instead of support@darfos.net!!!!
Please freeze my account right now and cancelled all transfer of domain name that this
hacker try to do.
And regive me my account.

Sincerely,

Emeric Olenga
emeric@darfos.net
Darfos Internet Technologies
^^^^^^^^^
^^^^^^^^^
And i found someoneelse about this hacker on the internet:
http://www.google.ca/search?hl=fr&q=thu1983@gmail.com&btnG=Recherche+Google&meta=
LOCK my account right now and canceled any domain transfer and regive me my account. You
may also check into your system if he don't hack other account.

Emeric
^^^^^^^^^

With the info i sent you is clear that this people is not the owner of this account.

Emeric Olenga
Darfos Internet Technologies
*******************************

Nice.

Thanks for sharing with us this mail. Lets see how long takes eNom to repair this.

By reading this, i think i will do two things:
- Change my password again
- Say "Bye Bye" to eNom and look for another new registrar.

Of course, let give them some time for see what they do. Please, if you can, tell us the fee that they charge you.

May the luck be with you :)

Nice.

Thanks for sharing with us this mail. Lets see how long takes eNom to repair this.

By reading this, i think i will do two things:
- Change my password again
- Say "Bye Bye" to eNom and look for another new registrar.

Of course, let give them some time for see what they do. Please, if you can, tell us the fee that they charge you.

May the luck be with you :)

do you have an update? This has me worried

another way your eNom account could get hacked, if the hacker have access to your hosting system and can read your configuration file or database where you store your enom reseller login information, for your script to connect to enom's API.

please also check your server, if it's been breached..

another way your eNom account could get hacked, if the hacker have access to your hosting system and can read your configuration file or database

In this case it's *not* eNom who's hacked...

In this case it's *not* eNom who's hacked...

yes, in this case his server got hacked, maybe through buggy script, and the attacker could retrieve the config file from his script to connect to eNom.
If you're using enom as your registrar for your domain registration service, make sure to use Zend Guard php encoder, or the like....

As they freeze the account, so no transactions can be done by the hacker and my credit card used with enom is canceled, i take my time. I will send them my Id today and see how much they will charge me. If is expensive, i will not pay because, i don't know other services providers which charge their customers for a problem like this.

My server is not hacked because my awbs is offline since 1 yr.
So the problem is ENom..... I will begin check elsewhere for my domains reselling business.

And Enom never responded to my email about the hacking proof... No they just want i send them a copy of my ID and charge me for that :(

I have a other problem in same time with again Enom and Registerfly (their reseller).

Check how they do business...
I had 3 or 4 domains name with registerfly, a reseller of enom.
I paid to renewal of theses domains before the redemption period and i get a confirmation of registerfly that all is ok... but 1 domain is now in redemption and they want 200$ to reactive it!!!
Check the story the the reply from enom:

The domain was not renewed with us within 30 days after expiration. The
domain is currently in our extended redemption period and can be
reactivated. You can either continue working through Registerfly.com to
get this resolved (but we cannot assist) or you can contact
customercare@enom.com to have them assist you with setting up a direct
account to reactivate the domain name (the same redemption fees would
still apply).

Regards,


Jason Cluphf
eNom Transfer Specialist/Technical Support
eNom, Inc., An ICANN Accredited Registrar
Phone - 425.274.4500
Support Fax - 425-974-4791
Transfers Fax - 425-974-4792
www.enom.com "the anti-spam registrar"


-----Original Message-----
From: emeric@darfos.net [mailto:emeric@darfos.net]
Sent: Wednesday, August 09, 2006 5:11 AM
To: Info
Subject: Problem for renewal domain with your reseller (registerfly)

Hello,

I renewed my domain (vlcv.com) with registerfly in june, before is go
expired.
I was charged in my credit card and i get a receipt that is renewed like
3 others domain i had with them.

I need you force them as registrar to renew my domain.

This is the ticket i send them and their response because i see in whois
that the domain is not renewed.

Full Name: Emeric Olenga
E-Mail Address: emeric@darfos.net
Ticket Subject: domain renewal problem
Support Area: Renewals - Unable to renew name Support Question:

Your Prior Responses
[2006-07-02] Time Submitted:7:0:23

i renewed 3 domains names on 20 june.
irdhost.com, villasetang.com and vlcv.com.

the problem is that no one work!!!
vlcv.com status is still expired but i renewed it in bulk with the 2
others.

Please fix thiese problems.

Domain Renewal Status

Domain Services Status OrderID Date
irdhost.com Renewal Processed Successfully 38413638 2006-06-30
villasetang.com Renewal Processed Successfully 38413645 2006-06-30
vlcv.com Renewal Failed: Unable to renew RENEWAL_RT 1 38413651
2006-06-30

Responses from Customer Support
[2006-07-03] I have initiated the renewal of this domain vlcv.com.
Please check at enom.com on there whois to see if the expiration changes
in a few hours. Sorry for the inconvenience and thank you for your
patience.
[2006-07-04] Closed by automated system
---------------------------------------

Full Name: Emeric Olenga
E-Mail Address: emeric@darfos.net
Ticket Subject: re: domain renewal problem Support Area: Account -
Domain name locking Support Question:

Your Prior Responses
[2006-07-05] Time Submitted:6:24:44

I cannot re-open my last ticket.
But my domain (vlcv.com) is still inactive.

..
I have initiated the renewal of this domain vlcv.com. Please check at
enom.com on there whois to see if the expiration changes in a few hours.
Sorry for the inconvenience and thank you for your patience.''
Responses from Customer Support
[2006-07-05] Hello,

I can see this domains is renewed and updated in your account. Please
verify it in your registerfly account. But i can see this domain is
registered with registerfly not hosted with registerfly. Please contact
your host regarding this.

Feel free to contact us for further assistacne.

Thank You.

Sharon McEntire
Registerfly.com INC
ICANN Accredited Registrar

[2006-07-06] Closed by automated system
----------------------------------------------

Full Name: Emeric Olenga
E-Mail Address: emeric@darfos.net
Ticket Subject: re: renewal problem.
Support Area: Renewals - Unable to renew name

Your Prior Responses
[2006-07-07] Time Submitted:1:54:8

Why i cannot re-open a closed ticket?

Anyway, vlcv.com is not renewed. this is what i get with enom whois:

WhoIs Results for vlcv.com

This name has EXPIRED, the former whois information is:
[2006-07-24] Time Submitted:14:58:3

Vlcv.com is still taged as EXPIRED domain.
Please fix the problem quickly, my customer want to have access to his
domain.

Your latest respond to my ticket about this issue:
Hello,

I can see this domains is renewed and updated in your account. Please
verify it in your registerfly account. But i can see this domain is
registered with registerfly not hosted with registerfly. Please contact
your host regarding this.

Feel free to contact us for further assistacne.

Thank You.

Sharon McEntire
Registerfly.com INC
ICANN Accredited Registrar
[2006-07-24] Time Submitted:15:1:24

Vlcv.com is still taged as EXPIRED domain.
Please fix the problem quickly, my customer want to have access to his
domain.

Your latest respond to my ticket about this issue:
Hello,

I can see this domains is renewed and updated in your account. Please
verify it in your registerfly account. But i can see this domain is
registered with registerfly not hosted with registerfly. Please contact
your host regarding this.

Feel free to contact us for further assistacne.

Thank You.

Sharon McEntire
Registerfly.com INC
ICANN Accredited Registrar
[2006-08-09] Time Submitted:7:51:34

Ok, Is enought.

I PAID the renewal of my domain before is go expired, You reply to 3 of
my ticket that is not problem and the domain is renewed and now you said
to me that is in the redemption period??? WTF, i want my domain name
now.

I want you transfer this ticket to your boss, i want that this problem
fixed today.

The domain is paid for renewal and i have the receipt here in my
computer and your confirmation that is renewed. With that i can take
action again your company to give me my domain without extras fees.
Responses from Customer Support
[2006-07-25] Dear emeric,

Please be advised that your domain is in redemption with the registry
and cannot be renewed at this time. This happens when the 1 year
validity period expires as well as the 29 day grace period. A successful
renewal must go through to the registry before the end of the 29 day
grace period and our records show your domain expired
6/2/06 and the renewal was put in 6/30/06 however that renewal failed
and you were notified by email, since the renewal failed it would have
had to be resubmitted by you before 7/1/06 which would have been within
the grace period. The name can be held in redemption for a period of 60
days to 9 months before it is released to be registered by the public.
If you would like to bring your name out of redemption before that
period ends a fee of 209.00 will have to be paid to the registry. If you
would like to explore this option please contact us so that the proper
arrangements can be made.

Best regards,

i cannot edit my last post :(

Latest registerfly reply:
Dear emeric,

Unfortunately, as satated in prior responses, this domain is in redemption status. Once a domain is in redemption status, Our support team has no authority to release this domains, unless the proper procedures are followed. These steps were relayed to you in our prior responses. You can submit an email to Supervisor@registerfly.com for further review of this issue.

Best Regards,
Then, i sent a copy to their supervisor...

How does anyone guess the eNom id and password for any given domain?

Good grief. So you are blaming eNom because your account was hacked?

Do you really think that just because you have a 10 digit password, it is not guessable or hackable?

This makes me laugh. It reminds me of when our hosting customers complain to us that their forum was hacked, and how it's all our fault because of our insecure servers.

And then we show them that they are running phpBB without patches from 2 years ago... lol.

I suspect your password was probably either guessed, or you have a virus/spyware problem on your computer, or some other problem. If there was a problem with the eNom database, there would be THOUSANDS of people complaining of this problem. It is highly unlikely the enom system was cracked/hacked and the hacker only stole your password.

Good luck to you! :)

Zippy, you took the words out of my mouth!


It's pretty naive to think that eNom's DB was hacked as opposed to one of the many other more likely options:

ie.
person used public pc for access, public pc had trojan keylogger installed
person's friend/relative/associate/business partner knew or stole PW
someone hacked person's API hosting, got UID and PW
...the list goes on and on

As opposed to the instance that someone hacked an eNom account DB. If that were the case, wouldn't they take more than just your account data? Wouldn't we have tens, hundreds or thousands of posts about hacked accounts? I doubt a 'hacker' would get in, and single out just your account.


Contact eNom and find out which IP was used to access your account. They'll tell you that and when it was done. With that info you may be able to narrow down who it was. Also, change your password, secret Q and email address. Email address especially, if you are using a free service (yahoo, hotmail, etc)

Good luck!

I said that the problem can be on enom side because:
1/ My account username had 8 caracters and my password had 10 characters (6 letters and 4 numbers).
2/ My computer is not insecure and i don't have virus or spyware.
3/ This guy, changed my contact email, username, password and passphrase....
4/ Enom Ask me money to recover my account!!??
5/ I don't use a API since 1 yr with my enom accounts.
6/ My server where the API is hosted, is not compromized...
mrzippy
Enom system is not hosted in my servers and i have not control on it!

''Wouldn't we have tens, hundreds or thousands of posts about hacked accounts? ''
I am myself surprised not to see other posts on that...

1/ My password is secure, 10 characters (6 letters and 4 numbers).

Do you really think a 10 character password can not be cracked?

2/ My computer is not insecure and i don't have virus or spyware. You can not say this with 100% confidence. Nobody can. You can only say that as far as you are aware, your computer does not have anything wrong. But many people think their computer is secure, when it is not.

3/ This guy, changed my contact email, username, password and passphrase....

Of course. If I hacked your account it is the first thing I would do, too.

4/ Enom Ask me money to recover my account!!?? This is normal. We also charge our web hosting customers to recover their account if it is hacked. After all, why should WE pay for THEIR mistake/problem?

5/ I don't use a API since 1 yr with my enom accounts. So what?

6/ My server where the API is hosted, is not compromized...As far as you are aware it is not... but it could be. Again, many people have comprosed accounts, and are totally unaware of the fact.

The question remains.. how did they find your un/pw? If it was an enom database that was compromised, there would surely be many many many people here complaining. But there is not. There is only you.

Well. I prefer to be silent for the moment. But I can't. I have to go to the defence of irdhost. I am in a similar position to him at eNom. Someone has changed all the registrant info to themselves on one domain and transferred the domain away. There is xxxx that eNom will do about it because it was transferred correctly under ICANN rules. My computer is entirely safe behind a firewall with 4 hidden ports and all the remaining ports closed. I never download/run software off the internet because I use an odd-ball operating system, so nothing will run on it. I don't use Internet Explorer. My passwords file is encrypted in a hidden directory. eNom can see the ip address the transfer was made from, and clearly it's not mine.

ICANN acredited registrars aren't likely just little mom and pop fly-by-night businesses that will screw over your business happily and look the other way.

Every accredited registry has likely invested hundreds of thousands of dollars in developing their registration business, and then there's the huge amounts of liability insurances required.

They've specificaly agreed to LOTS of legal speak in terms of how disputes will be resolved.

Registrants (and registries) have certain rights and procedures they need to follow... Someone's lack of understanding of those rights and not utilizing the procedures set forth is only their own problem.

---

I really feel bad about people having their domains jacked... and I can understand someone's wanting to vent about it. Just seems like this isn't the right place.

I've yet to see any difinitive proveable instance from someone claiming here that XYZ registry got hacked because a few of their domains got taken over "magicaly". I'd wager 99% of the people who use those same registrars have never had similar problems.

In this case, I can't prove that Irdhost's systems were the one that got hacked or leaked the password anymore then he can prove that Enom got hacked.

ICANN acredited registrars aren't likely just little mom and pop fly-by-night businesses that will screw over your business happily and look the other way.

As a side, off-topic note I must say that RegFly example is proving that you're wrong here... :)

Stu, I wonder why the hacker transferred only 1 domain? Presumably, you've got literally thousands of them sitting in your eNom account. Wasn't he able to find at least one more of interest?

Ok, so RegisterFly screwed up twice saying that they were re-registering the domain and to check the info @ enom in a few hours. And, if they did indeed charge him for registering the domain when it obviously wasnt done... I'd say they owe him his registration fee for that domain back.

What they didnt explain is why it originaly failed the first time he tried to renew it on 6/30/06 (2 days before the renewal period expired.)

That he didn't reply to the message they sent him saying that the domain wasn't successfully registered and try it again... or followup immediately... seems to be his fault.

They later came back and explained why it was failing... and couldn't be re-registered.

"Please be advised that your domain is in redemption with the registry
and cannot be renewed at this time. This happens when the 1 year
validity period expires as well as the 29 day grace period. A successful
renewal must go through to the registry before the end of the 29 day
grace period and our records show your domain expired
6/2/06 and the renewal was put in 6/30/06 however that renewal failed
and you were notified by email, since the renewal failed it would have
had to be resubmitted by you before 7/1/06 which would have been within
the grace period. The name can be held in redemption for a period of 60
days to 9 months before it is released to be registered by the public.
If you would like to bring your name out of redemption before that
period ends a fee of 209.00 will have to be paid to the registry. If you
would like to explore this option please contact us so that the proper
arrangements can be made."

On the whole... it does seem a little strange that if they are now an ICANN accredited registry, they are still using Enom's systems... I expect that will change someday.

Precisely my point, Stan. That leads me to the conclusion that 1) It was a targeted steal (there is more evidence to support that) and 2) They didn't hack my account but hacked the domain via access.enom.com. Now, how did they do that? You might ask, since I don't set any domain related passwords. The only way would be for enom to set and give them a password. Scratching at straws, maybe enom don't erase the domain password when you buy a name at ClubDrop, and the previous owner decided he wanted his domain back. Of course, enom are tight-lipped about this mystery. They give me lots of crocodile tears, though it doesn't help.

IrdHost. It's not my intention to hijack your thread. Only supporting you against your detractors who say this is not possible and enom would never do this. And to answer the rhetorical question... why are you the only one experiencing this at eNom?

My example also demonstrates that probably 99% of stolen domains are transferred away according to ICANN rules and there is little to no hope they will ever be recovered. I am still considering whether or not to sue eNom for negligence. WIPO action is completely inappropriate in this case.

From the few incidents we've read about here, this domain would have been better off at GoDaddy.

Our system was not comprimised. According to our records there was a pre-existing domain access password set on this domain by the previous account holder when you purchased it. It is possible that the previous owner or other parties gained access to the domain and then updated whois information and transferred the domain away.

I just got this from eNom. So my "clutching at straws" hunch was correct. Believe me. It's taken a lot of effort to get this explaination out of them over the last 2 months. Obviously my assumption that you get a "clean" domain when you purchase a domain at Club Drop was hugely misguided.

Interesting tone. They don't seem to see anything wrong about the thief's activities or any fault on their part. It's all my own fault.

My example also demonstrates that probably 99% of stolen domains are transferred away according to ICANN rules and there is little to no hope they will ever be recovered. I am still considering whether or not to sue eNom for negligence. WIPO action is completely inappropriate in this case.

From the few incidents we've read about here, this domain would have been better off at GoDaddy.

Is this too much of a coincidence? I am starting to get very worried after reading these threads.

''That he didn't reply to the message they sent him saying that the domain wasn't successfully registered and try it again... or followup immediately... seems to be his fault.''
They never sent me a message (to my email) saying that the domain is not registered.
I opened a rapidsupport ticket about the renewal problem 1 hours after i see that the domain was not renewed and they reply by saying that the problem is fixed. I don't see where is my fault.

IrdHost. It's not my intention to hijack your thread. Only supporting you against your detractors who say this is not possible and enom would never do this. And to answer the rhetorical question... why are you the only one experiencing this at eNom?
No problem it is interesting of reading your history... i will move all my domains from enom as soon as I will have access to my account.

Interesting tone. They don't seem to see anything wrong about the thief's activities or any fault on their part. It's all my own fault.

Do you think this is due to them being purchased?