Results 1 to 39 of 39
  1. #1
    Join Date
    Nov 2002
    Posts
    137

    Exclamation my GoDaddy account got hacked today (05/31/2011)

    Just wanted to share my experience today.. for reference of others..

    Someone got access to my GoDaddy account today and made crazy purchases, and even had the audacity to change my domain name ownerships!!!

    He (i assume a male) made purchases using my credit card on file @ goDaddy.. here are just some of the domain names he registered (familiar?)

    UB3R.BIZ
    BEST-HOST.ORG
    JUST-HOST.ORG
    TRUEHOST.ORG
    PICIT.US
    WHMCSKEYS.COM
    COOL-HOST.ORG
    HOST-WORLD.ORG
    HFHOSTING.CO
    I-AM-PHIL.COM
    I-AM-PHIL.ORG
    I-AM-PHIL.NET
    I-AM-PHIL.INFO
    UB3R.BIZ
    UB3R.ME
    YOU-TW.AT
    etc...

    He then CHANGED REGISTRANT and CHANGED OWNERSHIP of the purchased domains, as well as some of MY OWN DOMAINS that i've had for years!!!

    as per confirmation emails i received from go daddy:
    "The email address for the new registrant of the domain
    is [email protected]."


    [email protected] <-- who the Fck is this?!


    Anyway I called goDaddy support right away and was able to reach a Cameron.. He was very pleasant and helpful..

    I was instructed to email UNDO request to go daddy, and they'll be able to get my domains back, and hopefully cancel and refund me those unauthorized purchases..

    I also hope they can trace this [email protected] a** hole ..

    Anyway I have to wait for them to email me back.. i hope all works out ..

    Will keep this thread updated for those interested to hear my story.

    Regards to the community.

    TJ

  2. #2
    Your story wake up us to change our login details time to time and also be aware for security of accounts. I think, It is good that Go Daddy refund your money.

  3. #3
    Join Date
    Nov 2006
    Posts
    30

  4. #4
    Join Date
    Nov 2004
    Location
    Scottsdale, AZ
    Posts
    29
    @Tea J Glad to hear that you got it all worked out! Situations like that can be sticky, of course, so you did the right thing calling us right away. ^Noah

  5. #5
    Join Date
    Nov 2004
    Location
    Scottsdale, AZ
    Posts
    29
    @uday4ru Please contact our support team immediately for investigation: http://x.co/help

  6. #6
    Join Date
    Jan 2008
    Posts
    39
    have GD investigate his IP and see if it links to any other account hacks.

  7. #7
    Join Date
    Nov 2006
    Posts
    30
    i made phone call to godaddy today , they said will track and move domains back. Mean while i emailed this guy , he said he is not hacker and send my domains back himself , as he got this domains from his friend. Lets see what happens next.

    thanks

  8. #8
    Join Date
    May 2011
    Location
    Fort Lauderdale, Florida
    Posts
    19

    Talking

    I may be going out on a limb here, but I think his name is Phil

  9. #9
    Join Date
    Nov 2002
    Posts
    137
    Hi all,

    Alright updates: 06-02-2011 (Thursday) @ 08:57 AM
    received emails from godaddy (seems autogenerated) and paypal of the partial refunds im getting.. (i guess their issuing them few domains at a time?)
    GoDaddy.com, Inc. just sent you a refund

    GoDaddy.com, Inc. just sent you a partial refund of $211.06 USD for your purchase. If you have any questions about this refund, please contact GoDaddy.com, Inc..
    The refund will go to the card you paid with.
    So im gona continue and wait for the whole process to finish.. and hopfeully get FULLY refunded..

    As for my OWN domains the hacker tried to steal, i had to contact another department to try and get that back hmmm.. so i'm on it now.. requesting OWNER CHANGE etc.. will keep ya'll updated..



    @NancySmith
    haha, it's very important to share info, and experiences in forums where people can come to relate to or be warned hehe.. hence i took the time to post here. yep... i am a IT security expert myself, I not only program web applications, but also teach secure programming techniques etc... so it's really really STRANGE how this guy was able to come in to my account..

    although security expert aside, i was hit by the lazy bug and did not change my password in years.. lolz then agian, i still dont know how this guy could ever figure out my password... makes me wonder..

    I did traces on my logins to go daddy in the past few months, and i can confirm there's not breach in my system (i only use 2 machines to connect to secure sources like banks and go daddy stuffs.. my PC and my laptop.. part of the security lessons i give, treat machines as doors to your secure accounts, and the more machines you use the more doors you need to protect and put security measures on.. So no, I can honestly say that hacker did not get access from snoopin my activities.. it must have been backdoor, or PSYCHIC-like guess work!

    @uday4ru
    im sorry to hear your troubles.. Lucky for me I was able to contact goDaddy w/in the hour of this incident.. So they've been able to help me
    But i'm sure you'll get ur domains back..



    about this [email protected] guy though, i didnt bother contacting him.. i did do a search on this email and it seems this guy is active on some forums related to hosting and stuff.. and there has been threads of people complaining about him.. trying to get their money back or something (i just did a quick read)..


    @CuzinMike
    haha. YOu think?! lolz. perhaps his alter-ego..



    @ALL

    this guy registered YOU-TW.AT .. i thought it was rather cool.. after i might just keep it lolz..
    Last edited by Tea_J; 06-01-2011 at 09:01 PM.

  10. #10
    Join Date
    Nov 2002
    Posts
    137
    Update: 06-02-2011 (Thursday) @ 12:40 PM

    I think I almost got all my money refunded, i'm gona go calculate it later... but i'm having more problems getting my domains back though
    They're making me go through HOOPS to get it back..

    Godaddy emailed me asking for a bunch of busines documents and a signed change form.. w/c I will have a hard time doin.. since the business name in the registrant information isnt really a business, it's a freelance thing, just a name.. and that the signed change form needs to be printed and physically signed , and i dunno if sent back via EMAIL or via Snail Mail as per clause:

    "2. A signed Change request form. We will not accept electronically signed change request forms."

    BUT.. here's the funny sh*T ...

    how the Fck... was this hacker ABLE to INSTANTLY INITIATE and SUCCESSFULLY accomplish OWNER CHANGE on my DOMAIN NAMES with all these requirements?? - with all these requirements that even I myself would have a hard time doing so!


    Hmm... i smell BACKDOOR...

  11. #11
    Hrmm doesn't sound good! Make sure your password is unique to godaddy and you change the password on any sites that had the same password!

  12. #12
    Join Date
    Nov 2006
    Posts
    30
    Quote Originally Posted by Tea_J View Post
    Update: 06-02-2011 (Thursday) @ 12:40 PM

    I think I almost got all my money refunded, i'm gona go calculate it later... but i'm having more problems getting my domains back though
    They're making me go through HOOPS to get it back..

    Godaddy emailed me asking for a bunch of busines documents and a signed change form.. w/c I will have a hard time doin.. since the business name in the registrant information isnt really a business, it's a freelance thing, just a name.. and that the signed change form needs to be printed and physically signed , and i dunno if sent back via EMAIL or via Snail Mail as per clause:

    "2. A signed Change request form. We will not accept electronically signed change request forms."

    BUT.. here's the funny sh*T ...

    how the Fck... was this hacker ABLE to INSTANTLY INITIATE and SUCCESSFULLY accomplish OWNER CHANGE on my DOMAIN NAMES with all these requirements?? - with all these requirements that even I myself would have a hard time doing so!


    Hmm... i smell BACKDOOR...
    i think even i need to do this. and what papers they need ? , i,am not sure. Godaddy dont have any papers before , how can they check. also for each domain u need to do all this stuff. godaddy people are not good in support and they dont care emails or calls

  13. #13
    Join Date
    Jun 2005
    Posts
    5,866
    Use PhotoShop or something and create a document. Sign it and send it back to GoDaddy. Just make it look like a real business document.

    He has access to your account so he can change registrant details or push to another account without any problems at all. If you never got any emails from GoDaddy, your GoDaddy Account email might be hacked.

    These kind of hacks are undoubtedly the fault of the user, not GoDaddy. Have you scanned your computers for keylogger? Do you use the same email in your domain whois and for your GoDaddy account? Is it a free account, like google? Do you use your GoDaddy username or password anywhere else? Do you use a simple password? Was your email hacked?
    Signature Under Construction.

  14. #14
    Join Date
    Nov 2002
    Posts
    137
    Hi Stub

    as per my last posts, I explained that i've verified that there's no breach in my system or my network. I'm a IT security expert myself and so I think I have all the "usual" bases covered. BUt then again I would be humble to say yes ofcourse no security is perfect not even mine, but damn this is highly unlikely. lolz He better be very good and knows me very well or something.. and nope this looks like a guy goin around hacking people as per same incident that happend to uday4ru too almost simultaneously with mine..


    Newp there is no breach in my email also, though im using gmail, I would know if someone's been fooling around.

    YES i did receive the email notices from Godaddy, that's what got me alerted actually. I woke up to all these CHANGE UPDATE and PURCHASE confirmations from GODaddy , i was just like WTF?!

    here's a screenshot of all the emails i grouped as per this incident:
    http://d.pr/18ou


    For short, the hacker GOT IN MY ACCOUNT (either front door or backdoor) and IN THE SAME HOUR was able to:

    1) UNLOCK MY DOMAIN NAMES
    2) Change REgistrant INformation
    3) Initiate Owner Change

    ALL IN THE SAME HOUR as you can see in the EMAIL Date/Time

    HOW THE FCK do you DO THAT?! having to "photoshop documents" send them for MANUAL verification by GODADDY Staff..HOW?! If this hacker can stop time then i conceed. lolz


    And funny thing is, although he INITIATED REGISTRANT INFO CHANGE before OWNER CHANGE (would make sense as per your falcification theory) , I checked my WHOIS for my domains and guess what, they're still MINE. Nothing was changed.. So he THEN either CHANGED IT BACK right away , or he never changed my registrant info just went ahead and falcified my Government IDs and Documents etc?


    So there, usual USER-ERROR/Breach doesnt quite make sense w/ this incident...

    till someone can enlighten me i still smell BACK DOOR.


    ON a side note:
    I'm thinking of suing godaddy if i dont get my domains back Im think there are tons of lawyers willing to take this case.. (you guys think this case will float? given the above incidents that can only be explained by breach in THEIR SYSTEM, not the user's.

    but I wana deal w/ this with patience and let goDaddy sort it out.. I have to admit, they've been GOOD to me, from rescuing my domains from REGISTERFLY (ya'll still remember that crazyness?) to actually refunding me almost 300USD for the purchases done by this hacker.


    So i give them my patience..

  15. #15
    Join Date
    Nov 2002
    Posts
    137
    I need some advise guys...

    GoDaddy emailed me a nice message, basically i just need to fill out some forms so they can change my domains back to my account..

    I'm a little bit comfortable at the agreements where I waive my abilities to hold GODaddy liable for anything that happens to my domain names in question.



    Again, there's still no explanation how my domain names where UNLOCKED, REGISTRANT CHANGED (though by Whois database shows nothing's changed), and OWNER RECORD CHANGED (removed from my control panel and now in someone else's COntrol panel), ALL IN THE SAME HOUR... specially with all the requirements that needs to be SUBMITTED and PROCESSED.

    hmmmm

  16. #16
    Join Date
    Nov 2002
    Posts
    137
    CORRECTION, i meant to say
    "I'm a little bit uncomfortable at the agreements where I waive my abilities to hold GODaddy liable for anything that happens to my domain names in question. "

  17. #17
    Join Date
    Jun 2010
    Location
    Panama
    Posts
    265
    Tea_J

    First calm down, take a coffee, Godaddy will help you out.

    This guy just got your password at godaddy he can do it all in 10 min no problem without any papers, what he did is change your email at godaddy, because transfer do send confirmation emails, after that all your domains have something called EPP code or Auth code, with that code he transfer your domains to another registrar, sometimes if the registrar are both within US it will get transfered in minutes.

    Goddady to get your domains back have to contact the other registrar and proof this was an unauthorized transfer for that they will ask for the visa/mastercard owner of the original purchase, business papers, etc

    This can take up to a week, I know because I have recovered domains for a couple of clients, this domains were not hacked just hold by their past host company by not being ethical. I had to send company licenses, copy of checks, passport of owner, copy of invoices, even photo of the actual business location.
    Offshore Hosting & High Privacy in Panama
    OnApp Cloud Servers & Shared Web Hosting | Daily Backups | 99.9% Uptime
    www.OffshoreRacks.com

  18. #18
    If you have normal access to your godaddy account, you don't need government documents to do a change in domain ownership. It can easily be pushed from your account to the hacker's.
    GD is asking you for docs coz this is a case if someone hacking an account, so for reversal they'll need to know that you are the real you and not the hacker. So you have to prove the given account details.

    As for sueing, GD's extensive TOS will be enough to cover all this and no lawyer will take a case like this unless you can prove some kind of big GD backdoorbor security issues.

  19. #19
    Join Date
    Aug 2005
    Location
    behind my screen
    Posts
    402
    Quote Originally Posted by GoDaddyGuy View Post
    @uday4ru Please contact our support team immediately for investigation: http://x.co/help
    you should use a real link not something that hides the real destination do i smell a clicktracker & spam here ?

  20. #20
    Ya that link does look suspicious. Okay i might know how that person could have gotten your password.
    Recently there have been a lot of false godaddy phishing mails going around. They look very real and give you a link to goto your account. Lots of people have been falling for it.
    So do not click on any email links and be very careful of any url shortened links like the one above. You might never know where they might take you.

  21. #21
    Join Date
    Nov 2002
    Posts
    137
    Hi Offshore

    Thanks for your inputs, and yeah im pretty calm, haha just thinking....

    However correct things only, that's the THING, he has not changed my email address assosiated w/ GoDaddy!

    I got all confirmation emails from UNLOCKING of my domain to CHANGING of ownership, everything.. And NO i did not click to confirm anything , i was just shocked to see all those changes happening without me.

    And newp there has not been a breach in my email either, you can take my word for that.

    You are partially correct w/ the easy way of Changing Account owners (account change)
    http://d.pr/PhDC

    (i didnt try the rest of the steps)

    But doesnt this process require me to confirm via email or something? It'd be soo insecure (stupid design really) to not have verifying steps sent via Email to do these important changes. sheesh

    But as for DOMAIN TRANSFERS to another Registrar, this would definitely require more documents and the EPP etc.. which im pretty sure the hacker did not have.


    Which also reminds me, that DOMAIN LOCKING is a joke then, coz one can simply unlock a domain off the control panel w/o email verification process. hmmm


    @Glaxxon
    ahh well that makes sense.. Thanks man..


    RE Phishing, if any, perhaps this is where I may have the breach happen. Although it's really difficult to think that I would ever EVER fall for phishing, specially since i have my browsers remmber my passwords so i dont need keep entering them (risk of keylogs and phishing etc) .. there have been emails i received asking me to confirm registration info w/c forces me to go to Godaddy and do the process, often times asking me to login first. But I couldn't really remember when i could have not checked the real domain name every time i Login, in any site. This is one of the SECURE HABITS that I teach.. ALWAYS DISECT the DOMAIN NAME whenever loggin in.. Dont just log in coz you are shown a login form.


    hmmm.. this is frustrating.. getting hacked is one thing.. but not really knowing how you got hacked when you've pretty much done ALL you can to protect yourself, is just downt right frustrating... plus still the idea of backdoor is there. w/c is just scary.

  22. #22
    Join Date
    Jun 2005
    Posts
    5,866
    If both you and he got those emails from Godaddy, your email has also been hacked. Time to change your email password.
    Signature Under Construction.

  23. #23
    Join Date
    Nov 2006
    Posts
    30
    its 3 days now , i dint got any email from godaddy.

  24. #24
    Join Date
    Jun 2005
    Posts
    5,866
    That's not unusual if your account has been hacked. Can you still login? If so, change your account details back and change your password.
    Signature Under Construction.

  25. #25
    Thanks, i am resetting my password.

  26. #26
    Join Date
    Aug 2004
    Location
    Australia
    Posts
    895
    Quote Originally Posted by stub View Post
    If both you and he got those emails from Godaddy, your email has also been hacked. Time to change your email password.
    It would also be a good idea to check the email account for any settings that might be forwarding emails to an external address.
    I could tell you a joke about UDP. But I'm not sure you would get it!

  27. #27
    Join Date
    Nov 2002
    Posts
    137
    Quote Originally Posted by Dan541 View Post
    It would also be a good idea to check the email account for any settings that might be forwarding emails to an external address.
    good call on this.. forgot about that. checked forwarders and all clean.

  28. #28
    I suppose that is good idea to change everything in your existing account such things as login username, pass and other stuff. Or create new account and move there everything you have .

  29. #29
    Join Date
    Jun 2005
    Posts
    5,866
    Quote Originally Posted by Dan541 View Post
    It would also be a good idea to check the email account for any settings that might be forwarding emails to an external address.
    Correct
    Signature Under Construction.

  30. #30
    oh. so bad.

    make a callto GD, they will give you a refund for all reged domains.

  31. #31
    Join Date
    Jan 2007
    Location
    USA
    Posts
    45
    Zack Russell:

    DOMAIN: SICKBUX.COM RSP: . URL: . owner-contact: P-ZER44 owner-fname: Zack owner-lname: Russell owner-street: 3542 troy road 0 owner-city: Delaware owner-zip: 43015 owner-country: US owner-phone: +1 7408336139 owner-email: neostafff@live.com admin-contact: P-ZLR50 admin-fname: Zack admin-lname: Russell admin-street: 3542 troy road 0 admin-city: Delaware admin-zip: 43015 admin-country: US admin-phone: +1 7408336139 admin-email: neostafff@live.com tech-contact: P-ZKR41 tech-fname: Zack tech-lname: Russell tech-street: 3542 troy road 0 tech-city: Delaware tech-zip: 43015 tech-country: US tech-phone: +1 7408336139 tech-email: neostafff@live.com billing-contact: P-ZLR50 billing-fname: Zack billing-lname: Russell billing-street: 3542 troy road 0 billing-city: Delaware billing-zip: 43015 billing-country: US billing-phone: +1 7408336139 billing-email: neostafff@live.com

  32. #32
    Join Date
    Jan 2003
    Location
    2 Miles High
    Posts
    1,051
    ^ you can't be serious...
    With more success comes more expense!

  33. #33
    No! not sure if OKlina is right about that info. got that in http://www.whois.net/whois/SICKBUX.com
    but he registered I-AM-Phil.* so i guess his name is Phil. lolz
    Last edited by bittraffix; 06-12-2011 at 01:30 AM.

  34. #34
    Join Date
    Jul 2008
    Location
    San Diego
    Posts
    47
    1. You should be able to get your domains back easily. GoDaddy puts a 60-day lock on all pushed domains, so they cannot be transferred out. You're lucky they simply didn't transfer your domains out to a different registrar quickly after hacking it and instead had bought domains with your credit card. They did something stupid in doing that.

    2. Definitely make sure your email address hasn't been compromised. Additionally, if your password is similar at other websites, you may want to consider changing all of your passwords.
    Have many great domains for sale - high search, high CPC, aged, brandable and more - let me know what you need.
    FrontSpace now offering social media, email marketing, branding, product creation and content services

  35. #35
    Join Date
    Jan 2007
    Location
    USA
    Posts
    45
    Quote Originally Posted by enhu View Post
    No! not sure if OKlina is right about that info. got that in http://www.whois.net/whois/SICKBUX.com
    but he registered I-AM-Phil.* so i guess his name is Phil. lolz
    He posts on message boards as "zackrussell", and many of his whois info is registered to Zack Russell.

    I owned a Darren Hayes fan domain when I was a teenager. I'm not Darren Hayes.

  36. #36
    The documents they are requesting are not needed to request an owner change or anything like that the first time. Its when it is done without the owners permission that they need them to get them back. The reason for it is just to verify that you are who you say you are. I can go in my account any time and request a change of ownership all in the control panel and have it done in a matter of minutes, and the said can be done with the person that got into your account. The only reason they are requesting you to fax in paperwork now is just for security verification as this has turned into a domain dispute now and is no longer just a simple change of ownership.
    Infinitie Networks - Shared, Dedicated, VPS, Reseller and Colocation solutions.
    Are You Powered By The Ball?(sm)- Sales / Support
    http://www.infinitie.net

  37. #37

    My godaddy account hacked and changed the complete information

    I am facing a same problem here some buddy hacked my godaddy account and changed complete information and also purchased from my card. i have contacted and sent many documents but no use they were sending same mails to login to the account, i really fedup with godaddy.

    Can you please help me

  38. #38
    Join Date
    Jan 2003
    Location
    Jacksonville, North Carol
    Posts
    7
    thats why you should never use free email service. always use @yourdomain.com email and make your passwords very hard.

  39. #39
    change to hostgator! they are more hack proof!

Similar Threads

  1. Anyone got hacked today?
    By solcre in forum VPS Hosting
    Replies: 37
    Last Post: 04-14-2011, 07:03 PM
  2. What is happening? Godaddy Hacked?
    By Dpunkz in forum Web Hosting
    Replies: 5
    Last Post: 03-27-2011, 04:35 AM
  3. GoDaddy Account Hacked, Domain Stolen, Please Help!!
    By mjstallion in forum Domain Names
    Replies: 4
    Last Post: 08-04-2010, 11:31 PM
  4. URGENT ! Godaddy Account hacked !
    By fastweb_12 in forum Domain Names
    Replies: 6
    Last Post: 10-11-2005, 11:32 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •