Results 1 to 37 of 37
  1. #1
    Join Date
    Sep 2003
    Location
    Los Angeles
    Posts
    39

    SOSU.com has been stolen!

    A hacker stole SOSU.com from me. I had it at GoDaddy and the hacker transfered it to another GoDaddy account. After working with GoDaddy, BBB, ICANN, and WIPO; GoDaddy is protecting the hacker. I think he got in by hacking my hotmail account. I still can not get in, he changed my secret question. That was the email on my GoDaddy account. He must of requested the password be sent and then changed my secret question on my GoDaddy account. I got back in there by using a pin I set up 10 years ago on my GoDaddy account. This is the hackers email [email protected] but he will not respond. All the info on the whois is fake as well. GoDaddy did tell me the ip that accessed my account and did the transfer was from China.

  2. #2
    Join Date
    Mar 2008
    Location
    England, UK
    Posts
    114
    So GoDaddy, despite the fact you having an IP in Los Angeles.. GoDaddy know and even told you an IP from China.. Randomly transferred your domain; logged in YOUR account to one of THEIR accounts.. Now they protect the hacker?

    Saying it in that perspective, GoDaddy are idiots.

  3. #3
    Join Date
    Sep 2006
    Location
    Indiana
    Posts
    166
    China should really be banned from the internet.

    Do you have any records of paying for the domain and such? Maybe contact a lawyer?
    [Lurking Glass] <- Not a webhost.

  4. #4
    Join Date
    Jul 2002
    Location
    Toronto
    Posts
    3,795
    Quote Originally Posted by eviltechie View Post
    China should really be banned from the internet.
    Just for the record.
    Co-Founder @HostHideout. Profoundly influenced by #Bauhaus, @Nameslave unrepentantly embraces #Minimalism with a bias for functionality, color theory and pixel precision: a #multimedia messenger in the McLuhan sense. His totally irrelevant M.Ed. dissertation examines Organizational Culture and Change Management. He also likes Patrik Ervell, Wong Kar-wai and IKEA.

  5. #5
    What happens if you report the fake whois?

  6. #6
    Quote Originally Posted by Crusader99 View Post
    What happens if you report the fake whois?
    That's argubaly the last thing you'd want to do in a potential hijacking case. It can shut down the domain name, but it won't give it back to you.

    Has it been less than, say, 15 days since the incident, Thiassi? Try emailing [email protected] with details.

    Otherwise, how long has it been and what's been exactly done since then?

  7. #7
    Join Date
    Sep 2003
    Location
    Los Angeles
    Posts
    39
    I did do the fake whois and GoDaddy said I had to have returned email and a phone number that was disconnected. I called the number and spoke to an older woman in Texas that had no idea what a domain was. It has been just over a month. He left the name servers in place. I saw one of my domains was about to expire and when I tried to login to renew it, I could not. I tried to reset my password but my secret question was not the one I set up. So I had it send it to my email. I went to login to my email and could not. Once again my secret question was changed. I called GoDaddy support and they asked for my pin. I told them and I was able to get a new password to get in my account. That is when I found 8BP.com and SOSU.com missing. 8BP.com was the domain I was going to renew and now has expired, because the hacker took it, so it is lost. The support person at GoDaddy told me the ip that transfered the domains was from China. The email in the whois is on another domain belonging to Manmeet Soin in WI. I found his job and sent him an email to his work with no response. I think it is a network of hackers. They leave the stolen domains going to the name servers so it looks like everything is fine.

  8. #8
    Join Date
    Sep 2003
    Location
    Los Angeles
    Posts
    39
    The ip that hacked my account 61.136.63.125

  9. #9

  10. #10
    Join Date
    Apr 2008
    Location
    Colorado
    Posts
    12
    Quote Originally Posted by Crusader99 View Post
    Was this a valuable domain name?
    Unfortunately for th O.P. it is a very valuable domain name

    Sorry to hear about this, I really hope you get it back..

  11. #11
    Join Date
    Sep 2003
    Location
    Los Angeles
    Posts
    39
    I looked him up before and found he works for Centry21. I sent emails to his work with no responce.

    This is the information I gave to GoDaddy but they refused to look at it.
    http://www.whois.ws/domain_archive-info/uscity.info/
    That same email that they want to see the bounce. Belongs to:
    Registrant Contact Information:
    Name: Manmeet Soin
    Organization: Manmeet Soin
    Address 1: 5001 Sheboygan Ave Apt #114
    City: Madison
    State: Wisconsin
    Zip: 53705
    Country: US
    Email: [email protected]
    http://atlasidx.com/media/imgPersonn...in%20Small.jpg

  12. #12
    Join Date
    Sep 2006
    Location
    Indiana
    Posts
    166
    Haha, his name is Manmeet!

    I'll be driving through Madison next month.

    Maybe call Century 21, shouldn't too hard to find the C21 offices in Madison, and can't be too many guys named MANMEET working there. Once you find him, and maybe have a lawyer put some pressure on him.
    [Lurking Glass] <- Not a webhost.

  13. #13
    I am lost though, did you originally put in the fake whois info, and this is why godaddy is not doing anything, or did the hackers put this on there..

    but sorry for the lost, but I would be doing something about it, if they were valuable.

  14. #14
    Join Date
    Sep 2003
    Location
    Los Angeles
    Posts
    39
    When the hacker transfered sosu.com to his account he put in the fake whois info. GoDaddy is not helping I guess because you get what you pay for. They got a new account even if it is a hacker.

  15. #15
    So he hacked into your hotmail account? Maybe you should hack into his. Beat him at this own game.

  16. #16
    Join Date
    Nov 2002
    Location
    paradise
    Posts
    6,201
    Quote Originally Posted by Thiassi View Post
    I looked him up before and found he works for Centry21. I sent emails to his work with no responce.

    This is the information I gave to GoDaddy but they refused to look at it.
    http://www.whois.ws/domain_archive-info/uscity.info/
    That same email that they want to see the bounce. Belongs to:
    Registrant Contact Information:
    Name: Manmeet Soin
    Organization: Manmeet Soin
    Address 1: 5001 Sheboygan Ave Apt #114
    City: Madison
    State: Wisconsin
    Zip: 53705
    Country: US
    Email: [email protected]
    http://atlasidx.com/media/imgPersonn...in%20Small.jpg
    That contradicts your earlier statement of the IP originating from China.

    The man in the pic is not Chinese. He appears to be of Indian origin... so is his name.

    My guess is the real hacker has hacked and stolen this email id or created a false id for providing to the registrar.

    I am no legal expert but I think first you should establish that your email was hacked into. (Atleast in my country hacking into email account is a crime and can be taken up by the cyber crimes police. And ISPs are required by law to maintain archives of email logs for three years.) So in effect once it is established your email was hacked then all transactions arising after the date it was hacked will be illegal and thus it can be proved beyond reasonable doubt that your domain was stolen by the hacker. As I said earlier I am no legal expert but just trying all possible options....

  17. #17
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,686
    Waiting for the police to 'handle this' isn't an option really. Come on now, paperwork, deskwork, they don't give a damn about a domain. it's more problem than it's worth for them, all because of your silly domain.

    One thing I find slightly amusing is the faact that this was done 2 months ago

    Updated Date: 20-feb-2008
    No wonder Godaddy won't do a thing about it. You let it go for 2 months before contacting them (or at least making a statement about it), and expect them to , what, suddenly give you the domain back? Yeah right!
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

  18. #18
    Join Date
    Sep 2003
    Location
    Los Angeles
    Posts
    39
    I contacted GoDaddy as soon as I found it. Just under a month after. I went to renew 8bp.com and found I no longer own it. I am working with hotmail to get back into my email account. Strange thing is I just got two free backorders from GoDaddy for 8bp.com and sosu.com.

    Letter from hotmail:
    ---------------------------------------------------------

    Hello Scott,

    Thank you for writing back to Windows Live ID Technical Support. My name is Jennifer and I acknowledge that you would like to confirm the IP addressed that hacked in to your e-mail account. I realize how important this concern is to you and I look forward to giving you the necessary assistance.

    Please be advised that I could not confirm whether an unauthorized individual accessed your account or provide you any information about the IP address used or who may have done so for security reasons. I can only release it to law enforcement officials when served with a subpoena or criminal search warrant, in compliance with the Electronic Communications Privacy Act (ECPA).

    We appreciate your continued support as we strive to provide you with the highest quality service available. Thank you for using Windows Live ID.

    Sincerely,
    Jennifer
    Windows Live ID Technical Support

  19. #19
    Join Date
    Aug 2001
    Posts
    4,028
    Quote Originally Posted by linux-tech View Post
    No wonder Godaddy won't do a thing about it. You let it go for 2 months before contacting them (or at least making a statement about it), and expect them to , what, suddenly give you the domain back? Yeah right!
    You log into your domain accounts daily? I sure as hell don't. If someone snagged my domain and left my nameservers in place I'd likely be in the same situation as the OP... as I'm sure many of us would.

    Anyways, I sure hope you don't have the need to cry foul anytime soon Tom! We'll be waiting to leave you smart *** replies!!!

  20. #20
    Join Date
    Mar 2008
    Location
    isle of insanity
    Posts
    286
    Its simple you need to contact a lawyer specializing in the domain industry.
    and let him handle it
    i would assum he will send out some nice letters to godaddy and would have dealt with this situation before and most likely knows how to exactly handle it so that your *** is covered. and the domain is
    recovered
    Last edited by BeerMoney; 04-30-2008 at 02:16 PM.

  21. #21
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,686
    You log into your domain accounts daily?
    Maybe not daily, but I've got incentive to go to my registrar on (at minimum) a weekly basis. I know what my domains are doing at most any given time, ESPECIALLY those that are supposedly 'valuable' to me.

    There are a number of lessonss in security to be learned here. The first of which is NEVER, EVER use a 'free email account' to do business things. There's no reason, no excuse for doing so. If it's critical, send it to a REAL account. Free email accounts are hacked frequently. The second lesson? Use a real password, not something you're familliar with, or something that can easily be guessed. Gee, web based email, brute force. Yeah, it happens more often than you'd think.

    This is as much (if not moreso) the customer's fault . Lack of security, lack of, well, common sense , all led to this domain being stolen.

    Once the domain was 'stolen', and it was realized, the first call should have been to GoDaddy, and the LAST call should have been to godaddy. Never hang up until the problem is resolved. There is ALWAYS someone higher up on the chain that will hve another answer, and another answer, and another answer, until it's resolved. I don't care what they say, you NEVER hang up until the problem is resolved. THEIR concern is to get you off the phone so they can help someone else, NOT to help you directly.

    Of course, godaddy's support sucks. What do you expect, perfection? They're in a cheap industry, spending money like mad. Their goal isn't customer "retention", it's customer acquisition. Once you're their customer, they don't give a damn, until you MAKE them give a damn.

    The point is that this is something that you don't give up on, period. You don't hang up the phone, you keep going and going and going, until it's resolved, one way or another. You don't LET it get to 2 months, or even past 7 days! If you do, that's your own fault.
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

  22. #22
    Join Date
    Jan 2006
    Location
    Jersey
    Posts
    2,965
    Although I agree with you on the resolution part, prevention seems a bit tedious that MOST of us are not willing to do. Or should all of us start doing it?
    Email: info ///at/// honelive.com

  23. #23
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,686
    Anatha:
    I'm not sure if you were referring to me or not, but I'll assume that you were. If not, I'm sorry

    Or should all of us start doing it?
    Yes.
    Would you leave your door wide open and unlocked in the middle of the night while you were away? Of course not. Why, then, would you trust a system that is vulnerable to brute force login failures? Hrrm? You'd be stupid to do so.

    Anything with a 'web form login' (yahoo, hotmail, etc) is vulnerable to this. Even CPanel is to a degree, but you've got to get past that popup security prompt first. Developing brute force systems for 'login forms', not that hard to do. In fact, it's been posted a few times (sorry, not going to reveal the links, use google) how to do this.

    Use your ISP's email. Hell, use your domain's email address. Do NOT use 'free web based email' for important business stuff. This thread proves the very reason WHY.
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

  24. #24
    Join Date
    Jul 2002
    Location
    Toronto
    Posts
    3,795
    Quote Originally Posted by linux-tech View Post
    Would you leave your door wide open and unlocked in the middle of the night while you were away?
    There were times and places which people leave their doors open at night, without the fear of a "home invastion". [sad][/sad] Oops! Are we talking about domain names?
    Co-Founder @HostHideout. Profoundly influenced by #Bauhaus, @Nameslave unrepentantly embraces #Minimalism with a bias for functionality, color theory and pixel precision: a #multimedia messenger in the McLuhan sense. His totally irrelevant M.Ed. dissertation examines Organizational Culture and Change Management. He also likes Patrik Ervell, Wong Kar-wai and IKEA.

  25. #25
    Join Date
    Jan 2006
    Location
    Jersey
    Posts
    2,965
    Quote Originally Posted by linux-tech View Post
    Anatha:
    I'm not sure if you were referring to me or not, but I'll assume that you were. If not, I'm sorry


    Yes.
    Would you leave your door wide open and unlocked in the middle of the night while you were away? Of course not. Why, then, would you trust a system that is vulnerable to brute force login failures? Hrrm? You'd be stupid to do so.

    Anything with a 'web form login' (yahoo, hotmail, etc) is vulnerable to this. Even CPanel is to a degree, but you've got to get past that popup security prompt first. Developing brute force systems for 'login forms', not that hard to do. In fact, it's been posted a few times (sorry, not going to reveal the links, use google) how to do this.

    Use your ISP's email. Hell, use your domain's email address. Do NOT use 'free web based email' for important business stuff. This thread proves the very reason WHY.
    hehe, no prob. I was referring to your post actually. I didnt quote you cause the post was long.

    But I understand your point. I just wonder how many people are actually willing to do it.
    Email: info ///at/// honelive.com

  26. #26
    Quote Originally Posted by linux-tech View Post
    Never hang up until the problem is resolved.
    Unfortunately an alleged hijacking is one issue that's not necessarily easy to resolve with just one phone call, even if it's a long one.

  27. #27
    Join Date
    Sep 2003
    Location
    Los Angeles
    Posts
    39
    GoDaddy's latest response to the BBB:

    We understand that Mr. Carson claims that his account was ''hacked'' but there is no evidence to support such a claim. We have seen cases where customers share, either through intent or negligence, their account login information and subsequently the accounts were ''compromised''. Only the account holder should be accessing the account and making these changes, therefore, it is important that they keep their account access information secure at all times.

    RESOLUTION:
    At this time, we cannot reassign ownership of the names back to Mr. Carlson based on this complaint; however, as a sign of good will, we have given him backorders for both domain names free of charge. Backorders are not guaranteed and Mr. Carlson may still wish to seek assistance from the court system in ensuring he regain his domain names.

    Regards,

    Todd Cluff
    Office of the President
    14455 N Hayden Ste 226
    Scottsdale, AZ 85260
    (480) 505-8828 Phone
    (480) 275-3975 Fax

  28. #28
    Join Date
    Mar 2008
    Location
    isle of insanity
    Posts
    286
    Did you find a lawyer to help you yet?

  29. #29
    Join Date
    Sep 2003
    Location
    Los Angeles
    Posts
    39
    Cost way too much. I looked into it.

  30. #30
    Join Date
    Sep 2003
    Location
    Los Angeles
    Posts
    39
    Ok GoDaddy gave me a backorder for 8bp.com and then when it drops, someone else with a godaddy account gets it. That shows how crappy their backorder is! Someone can login and resister it by hand before the backorder can get it!

  31. #31
    Join Date
    Jul 2002
    Location
    Toronto
    Posts
    3,795
    Quote Originally Posted by Thiassi View Post
    Someone can login and resister it by hand before the backorder can get it!
    That's the "beauty" of GoDaddy's backorder, isn't it? You have to be 100% sure that nobody else wants it, AND it'll work. LOL!
    Co-Founder @HostHideout. Profoundly influenced by #Bauhaus, @Nameslave unrepentantly embraces #Minimalism with a bias for functionality, color theory and pixel precision: a #multimedia messenger in the McLuhan sense. His totally irrelevant M.Ed. dissertation examines Organizational Culture and Change Management. He also likes Patrik Ervell, Wong Kar-wai and IKEA.

  32. #32
    Join Date
    Sep 2003
    Location
    Los Angeles
    Posts
    39
    Wahoo! SOSU.com is back!

    GoDaddy is not evil heartless bastards!

  33. #33
    Join Date
    Sep 2006
    Location
    Indiana
    Posts
    166
    How'd you do it?!
    [Lurking Glass] <- Not a webhost.

  34. #34
    Join Date
    Sep 2003
    Location
    Los Angeles
    Posts
    39
    I have no idea. I got a transfer request.

  35. #35
    Join Date
    Oct 2004
    Location
    Shimonoseki
    Posts
    2,101
    Just be sure that transfer request is not a transferring OUT your domain to elsewhere.
    I see the whois info showing your name:
    http://whois.domaintools.com/sosu.com

    Congrats
    Closed for winter...

  36. #36
    Ok so now start using a strong password (15+ chars, numbers, upper- and lowercase letters, special chars). Install firewall, anti-spyware and anti-virus software, or use Linux or Mac (but still use firewall). Change your password periodically. Also use a strong password for your email account.

  37. #37
    Join Date
    Sep 2003
    Posts
    31
    Good grief I just read this... amazing they seemed so unwilling to help but I am glad they sorted it out in the end.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •