In past I blogged about domain name hijacking at syedaqeel.com and today I myself become a victim of domain hijacking.
I’d three very hard days, 4 days back my gmail account was hacked somehow and then the hacker cracked my Name.com account from there. I’ve 14 premium domains at Name.com which I was about to lose when I got an automatic alert through Sucuri.net that syedaqeel.com is not available. Domain was giving a 500 internal page error, I thought hosting for that domain is down (its placed on a shared hosting account), I waited for syedaqeel.com to become available. SyedAqeel.com become available after 24 hours, I decided to move it to my dedicated server to avoid further down time.
When I tried to login to my name.com account to change DNS settings, and what I found was surprising, after many tries with right password I was not able to login and when I tried to reset my password it showed that an email is sent at your hotmail.com address.
I was shocked! Yes, email was sent to someone else’s email address, as I used a Gmail account with name.com. It was confirmed that my Name.com account is compromised. My first reaction was to check how it happen and to be true, its almost impossible to crack a name.com account with brute force type attacks, as name.com have very good security.
As I checked who is for syedaqeel.com and thewondrous.com I found that contact, billing and administrator information is changed and a person with name of “Abbas Shafiee” and company name “Yamobile”.
I logged back to gmail and started checking my account that why name.com haven’t sent me a password change or wrong password notification, after going through my account I found some filters, when of them was set by hacker to automatically delete all emails coming from name.com
The first thing I did to check my system for viruses and couldn’t found anything suspicious. Next I changed passwords for all my important accounts.
So who is the cracker?
I Googled to find more about names in who is i.e, “Abbas Shafiee” and “Yamobile”. When I dugg deep into results, I found some interesting pages. His full name is “Abbas Sufi Shafiee” and he used to run a blog at yamobile.blogpsot.com and also own a domain yamobile.org hosted at a free web host.
This search reveals that he is an Irani guy and a hacktivists, working against government. Has built some proxies to bypass Irani government’s internet filters. A few forum posts displayed that he is interested in Java scripts and his site at yamobile.org is about keyloggers. He is from Iran but using a fake US address in who is information.
July 28, 2009 at 3:19 PM
I sent an email to name.com informing them that my name.com account is compromised and started waiting for their reply. After few hours, I sent another email explaining their support in detail, what has happened and requesting to freeze my account so that he can’t transfer domains to any other registrar.
After waiting for 7 hours, I was so worried, so devastated and haven’t got any reply. I tried to contact them through twitter but didn’t found any reply.
It took me 9 hours, 3 emails from 2 different addresses, Twitter tweets, a phone call, a fax and finally a problem report at their GetSatisfaction to contact name.com support.
They sent me a few question, for those I replied promptly, waited for 5 hours to get their reply and guy at support shocked me by telling that it will take them 15 days to complete investigation.
15 days!!! I told their support that these are not just domain laying around, I have full developed websites on these domains & I don’t want to lose my readership.
Any how name.com locked that account so worries were less.
July 29, 2009
To expedite investigation process I sent name.com documents verified by Notary Public for my identity verification.
I sent an email to Aibek, admin of the top technology blog MakeUseOf.com (MakeUseOf.com was hacked in November 2008). I asked Aibek what to do in this situation, Aibek replied promptly giving some quick tips and asked me to make it public with detail and proofs.
Contacting The Cracker
On July 29 I sent an email to Abbas Shafie’s email address displaying in who is and asked him why did he hacked my account & now what does he want? His response was,
dude i bought these domains with a cheap price, i can show you that 300$ has been gone from my paypal account
dude i bought them….
Theft?what i had to do now ?
can i report this to paypal ?
And when in next email I asked who sold you these domains? He said Aqeel Syed! What a joke it is! Apart from all this serious situation I kept laughing.
I sold him all my established domains for $300 as I need money and was in hurry. The fact is I pay $300 in hosting fee every month for these sites, these sites has generated $3000 in affiliate sales and I got business of $2000 from these domains. The other thing is he said I was paid by PayPal! Ah! I wish badly that PayPal should have been available in Pakistan. Shafiee even don’t know that PayPal do not support Pakistan, how false his accusation is!
July 29, 2009 at 11 PM
Name.com support informed me that investigation is almost complete and they will get back to me quickly. I was asked to create a new account where they will move my domains.
July 31, 1 AM
I’m still waiting to be contacted from name.com. They are good at what they do, but I’m not satisfied with their support. Even in a serious matter like that they are not replying, TheWondrous.com is down and I’m helpless. I can’t do anything about that site, frustrated waiting for name.com support to do something.
July 31, 3 AM Domains are back!
Finally I recieved a good email from name.com support, they had returned me my domains. Apart from initial disappointment name.com support helped me out. Its a good news, that theft ruined 4 work days and devastated a lot. Thank you all our readers, friends, twitter contacts, Aibek from Makeusof.com & name.com support for helping us in this bad situation.
I feel sorry for those attacked by hackers. I hope we could get rid of hackers some day 🙁
This is the most interesting story I’ve ever read about domain hijacking.
– However, there are some questions still:
You didn’t mention how the registrar sent the information – which I believe it has to be two-step process – to reset the password, or remind him with the current one; to a false email that is not yours!?
Also, you have damages resulted from their gross negligence or system bug that have to be compensated. Did you approach them about that?
Happy doaining though 🙂 > I hope, yes, securing your domains more, and I hope this company revise and audit their security and password procedures.
Salam,
Mohamed Farag
IT Consultant
Cairo, Egypt