Over the course of a decade, I have repeatedly assisted domain owners recover their stolen domains.
Some were domainers, others were simply owners who woke up one morning to find that their accounts were compromised and their “intangible property” was gone.
The first thing one needs to remember, is to not give in to any form of blackmail from a domain thief, if and when they are contacted by them. Such an extortion will most likely end up at losing both the domain and the funds of its ‘ransom’.
Instead, when you discover that your domains are stolen, you should remain calm and follow the “take no prisoners” approach: report the theft to the registrars, publicize the info you have at your possession and don’t be afraid to call the thieves by their name – “thieves”.
Why do I assist others recover their stolen domains?
In early 2000, while I was still wet behind the ears with domaining, and owning only a dozen domain names for personal use, I lost one of my domains to a hijacker.
These were the days of Network Solutions and their infamous contact forms that would be generated and emailed back to confirm changes. The security hole the hijackers exploited involved generating those oh-so-predictable forms, confirming changes such as a new email address or new nameservers. There were no authorization codes, no registry locks and the password protection was not the default choice with Netsol.
So I learned the hard way, with a Turkish hacker taking over my domain – because he could. I watched in panic, seeing those email notifications arrive at my mailbox, showing the DNS changes, then the ownership changes, then the contact email; until the domain itself was pointed to a page triumphant about their feat.
Over ICQ – those were the days – I pleaded with the hacker to return my domain. Fortunately, he was just a smart kid who wanted to toy with me; his knowledge of performing this feat gave him the advantage. He played with me for an hour, over a proxified IP that pointed to Russian servers, then he agreed to let his fish – me – go off the hook.
I learned a hard lesson and later on I moved the domains to GoDaddy, one by one. I was definitely shaken by the experience, it’s very unpleasant and humbling.
Over the course of the coming years, despite additions in domain security, domain thefts increased along with the inherent value of domains. I made it my mission to help out, if I could identify the circumstances of a domain theft, making the task of domain recovery by the owners easier.
It’s good karma, after all.
Thank you for what you do! While I’ve never had a name stolen, I’ve seen the help you provide to others who have and I’ve seen the information you provide to prevent others from being taken, literally. As I’m sure you’re aware, your efforts in this regard are very much appreciated!!!
Vincent – These days, despite increased security, domains are still getting stolen. That’s because of phishing emails primarily, where one gives up their username & password to a rogue web site that is made to look like a registrar portal.
*
Thank you for all that you for the domain industry.
🙂
*
Interesting. What do you think is the most secure registrar at this point ? I know GoDaddy introduced 2-step text message authentication to login- do you think that makes a big difference ?
mt – Yes, GoDaddy’s 2-step authentication is a step to the right direction; every time you log in you will need a numerical code sent to your cell.
Fabulous also has a fob: http://acro.net/blog/domains/review-of-the-fabulous-fob-just-how-secure-can-your-domains-be/
Ms Domainer – I appreciate your kind words, thank you. All of my work was done without asking for anything in return.
I think it’s great that you’re putting in the time to help people that have had domains stolen. I’m thankful that I haven’t had to deal with it so far – no doubt it’s a pretty horrible experience. Good to know that people such as yourself and Morgan.L are working to combat domain theft.