A hacker stole SOSU.com from me. I had it at GoDaddy and the hacker transfered it to another GoDaddy account. After working with GoDaddy, BBB, ICANN, and WIPO; GoDaddy is protecting the hacker. I think he got in by hacking my hotmail account. I still can not get in, he changed my secret question. That was the email on my GoDaddy account. He must of requested the password be sent and then changed my secret question on my GoDaddy account. I got back in there by using a pin I set up 10 years ago on my GoDaddy account. This is the hackers email ebiz224@hotmail.com but he will not respond. All the info on the whois is fake as well. GoDaddy did tell me the ip that accessed my account and did the transfer was from China.

So GoDaddy, despite the fact you having an IP in Los Angeles.. GoDaddy know and even told you an IP from China.. Randomly transferred your domain; logged in YOUR account to one of THEIR accounts.. Now they protect the hacker?

Saying it in that perspective, GoDaddy are idiots.

China should really be banned from the internet.

Do you have any records of paying for the domain and such? Maybe contact a lawyer?

China should really be banned from the internet.
Just for the record.

What happens if you report the fake whois (http://wdprs.internic.net/)?

What happens if you report the fake whois (http://wdprs.internic.net/)?

That's argubaly the last thing you'd want to do in a potential hijacking case. It can shut down the domain name, but it won't give it back to you.

Has it been less than, say, 15 days since the incident, Thiassi? Try emailing undo@godaddy.com with details.

Otherwise, how long has it been and what's been exactly done since then?

I did do the fake whois and GoDaddy said I had to have returned email and a phone number that was disconnected. I called the number and spoke to an older woman in Texas that had no idea what a domain was. It has been just over a month. He left the name servers in place. I saw one of my domains was about to expire and when I tried to login to renew it, I could not. I tried to reset my password but my secret question was not the one I set up. So I had it send it to my email. I went to login to my email and could not. Once again my secret question was changed. I called GoDaddy support and they asked for my pin. I told them and I was able to get a new password to get in my account. That is when I found 8BP.com and SOSU.com missing. 8BP.com was the domain I was going to renew and now has expired, because the hacker took it, so it is lost. The support person at GoDaddy told me the ip that transfered the domains was from China. The email in the whois is on another domain belonging to Manmeet Soin in WI. I found his job and sent him an email to his work with no response. I think it is a network of hackers. They leave the stolen domains going to the name servers so it looks like everything is fine.

The ip that hacked my account 61.136.63.125

Was this a valuable domain name?

ebiz224@hotmail.com is associated with 104 domains - you can order all the domains (http://www.domaintools.com/registrant-search/?and[]=ebiz224%40hotmail.com) for $128, and you will know your hacker's address, phone number.

I don't like domaintools but sometimes they are useful.

Was this a valuable domain name?

Unfortunately for th O.P. it is a very valuable domain name :eek4:

Sorry to hear about this, I really hope you get it back..

Was this a valuable domain name?

ebiz224@hotmail.com is associated with 104 domains - you can order all the domains (http://www.domaintools.com/registrant-search/?and[]=ebiz224%40hotmail.com) for $128, and you will know your hacker's address, phone number.

I don't like domaintools but sometimes they are useful.

I looked him up before and found he works for Centry21. I sent emails to his work with no responce.

This is the information I gave to GoDaddy but they refused to look at it.
http://www.whois.ws/domain_archive-info/uscity.info/
That same email that they want to see the bounce. Belongs to:
Registrant Contact Information:
Name: Manmeet Soin
Organization: Manmeet Soin
Address 1: 5001 Sheboygan Ave Apt #114
City: Madison
State: Wisconsin
Zip: 53705
Country: US
Email: ebiz224@hotmail.com
http://atlasidx.com/media/imgPersonnel/58/17485_Manmeet%20Soin%20Small.jpg

Haha, his name is Manmeet! :D

I'll be driving through Madison next month.

Maybe call Century 21, shouldn't too hard to find the C21 offices in Madison, and can't be too many guys named MANMEET working there. Once you find him, and maybe have a lawyer put some pressure on him.

I am lost though, did you originally put in the fake whois info, and this is why godaddy is not doing anything, or did the hackers put this on there..

but sorry for the lost, but I would be doing something about it, if they were valuable.

When the hacker transfered sosu.com to his account he put in the fake whois info. GoDaddy is not helping I guess because you get what you pay for. They got a new account even if it is a hacker.

So he hacked into your hotmail account? Maybe you should hack into his. Beat him at this own game.

I looked him up before and found he works for Centry21. I sent emails to his work with no responce.

This is the information I gave to GoDaddy but they refused to look at it.
http://www.whois.ws/domain_archive-info/uscity.info/
That same email that they want to see the bounce. Belongs to:
Registrant Contact Information:
Name: Manmeet Soin
Organization: Manmeet Soin
Address 1: 5001 Sheboygan Ave Apt #114
City: Madison
State: Wisconsin
Zip: 53705
Country: US
Email: ebiz224@hotmail.com
http://atlasidx.com/media/imgPersonnel/58/17485_Manmeet%20Soin%20Small.jpg

That contradicts your earlier statement of the IP originating from China.

The man in the pic is not Chinese. He appears to be of Indian origin... so is his name.

My guess is the real hacker has hacked and stolen this email id or created a false id for providing to the registrar.

I am no legal expert but I think first you should establish that your email was hacked into. (Atleast in my country hacking into email account is a crime and can be taken up by the cyber crimes police. And ISPs are required by law to maintain archives of email logs for three years.) So in effect once it is established your email was hacked then all transactions arising after the date it was hacked will be illegal and thus it can be proved beyond reasonable doubt that your domain was stolen by the hacker. As I said earlier I am no legal expert but just trying all possible options....

Waiting for the police to 'handle this' isn't an option really. Come on now, paperwork, deskwork, they don't give a damn about a domain. it's more problem than it's worth for them, all because of your silly domain.

One thing I find slightly amusing is the faact that this was done 2 months ago


Updated Date: 20-feb-2008


No wonder Godaddy won't do a thing about it. You let it go for 2 months before contacting them (or at least making a statement about it), and expect them to , what, suddenly give you the domain back? Yeah right!

I contacted GoDaddy as soon as I found it. Just under a month after. I went to renew 8bp.com and found I no longer own it. I am working with hotmail to get back into my email account. Strange thing is I just got two free backorders from GoDaddy for 8bp.com and sosu.com.

Letter from hotmail:
---------------------------------------------------------

Hello Scott,

Thank you for writing back to Windows Live ID Technical Support. My name is Jennifer and I acknowledge that you would like to confirm the IP addressed that hacked in to your e-mail account. I realize how important this concern is to you and I look forward to giving you the necessary assistance.

Please be advised that I could not confirm whether an unauthorized individual accessed your account or provide you any information about the IP address used or who may have done so for security reasons. I can only release it to law enforcement officials when served with a subpoena or criminal search warrant, in compliance with the Electronic Communications Privacy Act (ECPA).

We appreciate your continued support as we strive to provide you with the highest quality service available. Thank you for using Windows Live ID.

Sincerely,
Jennifer
Windows Live ID Technical Support

No wonder Godaddy won't do a thing about it. You let it go for 2 months before contacting them (or at least making a statement about it), and expect them to , what, suddenly give you the domain back? Yeah right!

You log into your domain accounts daily? I sure as hell don't. If someone snagged my domain and left my nameservers in place I'd likely be in the same situation as the OP... as I'm sure many of us would.

Anyways, I sure hope you don't have the need to cry foul anytime soon Tom! We'll be waiting to leave you smart *** replies!!!

Its simple you need to contact a lawyer specializing in the domain industry.
and let him handle it
i would assum he will send out some nice letters to godaddy and would have dealt with this situation before and most likely knows how to exactly handle it so that your *** is covered.:D and the domain is
recovered

You log into your domain accounts daily?

Maybe not daily, but I've got incentive to go to my registrar on (at minimum) a weekly basis. I know what my domains are doing at most any given time, ESPECIALLY those that are supposedly 'valuable' to me.

There are a number of lessonss in security to be learned here. The first of which is NEVER, EVER use a 'free email account' to do business things. There's no reason, no excuse for doing so. If it's critical, send it to a REAL account. Free email accounts are hacked frequently. The second lesson? Use a real password, not something you're familliar with, or something that can easily be guessed. Gee, web based email, brute force. Yeah, it happens more often than you'd think.

This is as much (if not moreso) the customer's fault . Lack of security, lack of, well, common sense , all led to this domain being stolen.

Once the domain was 'stolen', and it was realized, the first call should have been to GoDaddy, and the LAST call should have been to godaddy. Never hang up until the problem is resolved. There is ALWAYS someone higher up on the chain that will hve another answer, and another answer, and another answer, until it's resolved. I don't care what they say, you NEVER hang up until the problem is resolved. THEIR concern is to get you off the phone so they can help someone else, NOT to help you directly.

Of course, godaddy's support sucks. What do you expect, perfection? They're in a cheap industry, spending money like mad. Their goal isn't customer "retention", it's customer acquisition. Once you're their customer, they don't give a damn, until you MAKE them give a damn.

The point is that this is something that you don't give up on, period. You don't hang up the phone, you keep going and going and going, until it's resolved, one way or another. You don't LET it get to 2 months, or even past 7 days! If you do, that's your own fault.

Although I agree with you on the resolution part, prevention seems a bit tedious that MOST of us are not willing to do. Or should all of us start doing it?

Anatha:
I'm not sure if you were referring to me or not, but I'll assume that you were. If not, I'm sorry ;)


Or should all of us start doing it?

Yes.
Would you leave your door wide open and unlocked in the middle of the night while you were away? Of course not. Why, then, would you trust a system that is vulnerable to brute force login failures? Hrrm? You'd be stupid to do so.

Anything with a 'web form login' (yahoo, hotmail, etc) is vulnerable to this. Even CPanel is to a degree, but you've got to get past that popup security prompt first. Developing brute force systems for 'login forms', not that hard to do. In fact, it's been posted a few times (sorry, not going to reveal the links, use google) how to do this.

Use your ISP's email. Hell, use your domain's email address. Do NOT use 'free web based email' for important business stuff. This thread proves the very reason WHY.

Would you leave your door wide open and unlocked in the middle of the night while you were away?
There were times and places which people leave their doors open at night, without the fear of a "home invastion". Oops! Are we talking about domain names? :D

Anatha:
I'm not sure if you were referring to me or not, but I'll assume that you were. If not, I'm sorry ;)


Yes.
Would you leave your door wide open and unlocked in the middle of the night while you were away? Of course not. Why, then, would you trust a system that is vulnerable to brute force login failures? Hrrm? You'd be stupid to do so.

Anything with a 'web form login' (yahoo, hotmail, etc) is vulnerable to this. Even CPanel is to a degree, but you've got to get past that popup security prompt first. Developing brute force systems for 'login forms', not that hard to do. In fact, it's been posted a few times (sorry, not going to reveal the links, use google) how to do this.

Use your ISP's email. Hell, use your domain's email address. Do NOT use 'free web based email' for important business stuff. This thread proves the very reason WHY.
hehe, no prob. I was referring to your post actually. I didnt quote you cause the post was long.

But I understand your point. I just wonder how many people are actually willing to do it.

Never hang up until the problem is resolved.

Unfortunately an alleged hijacking is one issue that's not necessarily easy to resolve with just one phone call, even if it's a long one.

GoDaddy's latest response to the BBB:

We understand that Mr. Carson claims that his account was ''hacked'' but there is no evidence to support such a claim. We have seen cases where customers share, either through intent or negligence, their account login information and subsequently the accounts were ''compromised''. Only the account holder should be accessing the account and making these changes, therefore, it is important that they keep their account access information secure at all times.

RESOLUTION:
At this time, we cannot reassign ownership of the names back to Mr. Carlson based on this complaint; however, as a sign of good will, we have given him backorders for both domain names free of charge. Backorders are not guaranteed and Mr. Carlson may still wish to seek assistance from the court system in ensuring he regain his domain names.

Regards,

Todd Cluff
Office of the President
14455 N Hayden Ste 226
Scottsdale, AZ 85260
(480) 505-8828 Phone
(480) 275-3975 Fax

Did you find a lawyer to help you yet?

Cost way too much. I looked into it.

Ok GoDaddy gave me a backorder for 8bp.com and then when it drops, someone else with a godaddy account gets it. That shows how crappy their backorder is! Someone can login and resister it by hand before the backorder can get it!

Someone can login and resister it by hand before the backorder can get it!
That's the "beauty" of GoDaddy's backorder, isn't it? You have to be 100% sure that nobody else wants it, AND it'll work. LOL!

Wahoo! SOSU.com is back!

GoDaddy is not evil heartless bastards!

How'd you do it?!

I have no idea. I got a transfer request.

Just be sure that transfer request is not a transferring OUT your domain to elsewhere.
I see the whois info showing your name:
http://whois.domaintools.com/sosu.com

Congrats :)

Ok so now start using a strong password (15+ chars, numbers, upper- and lowercase letters, special chars). Install firewall, anti-spyware and anti-virus software, or use Linux or Mac (but still use firewall). Change your password periodically. Also use a strong password for your email account.

Good grief I just read this... amazing they seemed so unwilling to help but I am glad they sorted it out in the end.