Domain Theft-for-Ransom Hits css-tricks.com and Others

← Back to Stories (view on slashdot.org)

Domain Theft-for-Ransom Hits css-tricks.com and Others

Posted by timothy on Friday December 2, 2011 @12:41PM from the low-down-dirty-rotten dept.

An anonymous reader writes "Chris Coyer at css-tricks.com has had his domain transferred from GoDaddy.com to a registrar in Australia where it's being held for ransom. Several other domains have experienced the same theft by what seems to be the same person, and the registrars seem helpless to do anything about it."

147 comments

Min score:

Reason:

Sort:

Umm.... by Bucky24 · 2011-12-02 12:46 · Score: 4, Informative

From TFA: "We have reviewed your claim and we will contact PlanetDomain and request an FOA (Form of Authorization) for the transfer. If their records also show the same registrant at the time of transfer, we will work with them to see if they can transfer the domain name back. However, they are not required to transfer the domain name back."

Not required? As in, he paid for it, it's legally registered to him, and then someone just stole it away and they don't have to give it back? Isn't that theft?

--
All the world's a CPU, and all the men and women merely AI agents
1. Re:Umm.... by Anonymous Coward · 2011-12-02 12:58 · Score: 1
  
  Theft, Fraud, Wire/Postal Fraud, and given that there are "several", probably RICO charges. The best part about RICO is that it's a criminal offense with criminal penalties but can be tried in civil court rather than waiting for a DA or Attorney General to do something about it.
2. Re:Umm.... by Meshach · 2011-12-02 13:00 · Score: 3, Interesting
  
  From TFA: "We have reviewed your claim and we will contact PlanetDomain and request an FOA (Form of Authorization) for the transfer. If their records also show the same registrant at the time of transfer, we will work with them to see if they can transfer the domain name back. However, they are not required to transfer the domain name back." Not required? As in, he paid for it, it's legally registered to him, and then someone just stole it away and they don't have to give it back? Isn't that theft?
  I don't know about theft as much as mismanagement by GoDaddy. If the domain was not expired then it should be reverted back to the rightful owner. If it actually did expire he may be SOL (although that is pretty low of GoDaddy to not at least give him notice).
  
  --
  "Maybe this world is another planet's hell"
  Aldous Huxley
3. Re:Umm.... by InsightIn140Bytes · 2011-12-02 13:05 · Score: 3, Informative
  
  GoDaddy can't reverse the transfer once other registrar has it.
4. Re:Umm.... by MightyMartian · 2011-12-02 13:05 · Score: 3, Insightful
  
  It's most certainly theft, and on top of that Godaddy is most certainly liable for civil damages.
  
  --
  The world's burning. Moped Jesus spotted on I50. Details at 11.
5. Re:Umm.... by Bucky24 · 2011-12-02 13:06 · Score: 1
  
  The blog didn't read like the domain had expired, but you may be right.
  
  --
  All the world's a CPU, and all the men and women merely AI agents
6. Re:Umm.... by Anonymous Coward · 2011-12-02 13:09 · Score: 4, Insightful
  
  Yeah but thats not counting international law which would apply here. It's quite likely these people will need to sue in whatever country has the domain.
7. Re:Umm.... by John+Hasler · 2011-12-02 13:19 · Score: 5, Informative
  
  It's certainly a crime, but it is fraud, not theft (just as copyright infringement is not theft). Theft involves deprivation of possession of chattel property.
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
8. Re:Umm.... by tsm_sf · 2011-12-02 13:58 · Score: 1
  
  Interesting that the 'pirating == theft' brigade hasn't modded you into oblivion yet...
  
  --
  Literalism isn't a form of humor, it's you being irritating.
9. Re:Umm.... by jamesh · 2011-12-02 14:16 · Score: 4, Insightful
  
  It's most certainly theft, and on top of that Godaddy is most certainly liable for civil damages.
  I just transferred a domain from GoDaddy to a preferred registrar. All I needed, and all I should need, was my username and password.
  If I let my username and password fall into the hands of somebody else, which I believe is the case here, and they transferred the domain then firstly, godaddy are not at fault, and secondly, godaddy can't actually do anything about it because they don't own the domain anymore. It's a bit rude of them to not offer more assistance in terms of providing evidence to help the owner prove his ownership to the new registrar, eg maybe the access was from an IP address in a different country than the owner resides, etc, but that's hardly grounds for a civil suit for damanges.
  If you buy a domain from a registrar who doesn't charge you enough to offer assistance when something goes wrong, and have a reputation for this, then you kind of get what you deserve.
  IMHO, GoDaddy aren't evil, just cheap, and are just a product of our collective race to the bottom in terms of not caring about quality of service when buying a product and only complaining about it when something goes wrong.
10. Re:Umm.... by Anonymous Coward · 2011-12-02 15:01 · Score: 0, Informative
  
  Interesting that the 'pirating == theft' brigade hasn't modded you into oblivion yet...
  I thought it was the pirating != theft brigade that modded people into oblivion.
11. Re:Umm.... by rickb928 · 2011-12-02 15:07 · Score: 3, Informative
  
  That would be the job of ICANN or WIPO.
  Neither of which care to step in and make the effort unless forced to.
  
  --
  deleting the extra space after periods so i can stay relevant, yeah.
12. Re:Umm.... by GregC63 · 2011-12-02 15:41 · Score: 1
  
  Hell, I've had my domain through Register.com for 10 years. It's set up to auto renew and they even provide domain lock which prevents the transfer of my domain without my consent.
  What's the big deal? Sounds like Go Daddy needs to change the way they deal with domain transfers.
13. Re:Umm.... by the+eric+conspiracy · 2011-12-02 15:47 · Score: 5, Informative
  
  Legally fraud is a form of theft, i.e. theft by deception.
14. Re:Umm.... by mysidia · 2011-12-02 15:51 · Score: 2
  
  Not required? As in, he paid for it, it's legally registered to him, and then someone just stole it away and they don't have to give it back? Isn't that theft?
  There's always an option to open a UDRP dispute. Although it is expensive to execute the process, it would likely result in the domain being returned to the rightful owner.
15. Re:Umm.... by Anonymous Coward · 2011-12-02 15:54 · Score: 1
  
  Although it is expensive to execute the process, it would likely result in the domain being returned to the rightful owner.
  So it's essentially choice between "Oh, fuck it" and "Oh, fuck me"?
16. Re:Umm.... by mysidia · 2011-12-02 16:05 · Score: 5, Informative
  
  and secondly, godaddy can't actually do anything about it because they don't own the domain anymore.
  There are things they can do about it, the ICANN Inter-Registrar Transfer Policy says so, so does the ICANN Transfer Dispute Resolution Policy,
  
  The Gaining Registrar must retain, and produce pursuant to a request by a Losing Registrar, a written or electronic copy of the FOA. In instances where the Registrar of Record has requested copies of the FOA, the Gaining Registrar must fulfill the Registrar of Records request (including providing the attendant supporting documentation) within five (5) calendar days. Failure to provide this documentation within the time period specified is grounds for reversal by the Registry Operator or the Dispute Resolution Panel in the event that a transfer complaint is filed in accordance with the requirements of this policy.
  
  If either a Registrar of Record or a Gaining Registrar does not believe that a transfer request was handled in accordance with the provisions of this policy, then the Registrar may initiate a dispute resolution procedure as set forth in Section C of this policy.
  
  Registry Operator must undo the transfer within fourteen calendar days unless a court action is filed. The notice required shall be one of the following:
  
  Agreement of the Registrar of Record and the Gaining Registrar sent by email, letter or fax that the transfer was made by mistake or was otherwise not in accordance with the procedures set forth in this policy;
17. Re:Umm.... by Dan541 · 2011-12-02 16:07 · Score: 4, Insightful
  
  In this case it's lucky the domain was moved to an Australian registrar and not China, or Russia. Legal action against the gaining registrar isn't out of the question.
  
  --
  An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
18. Re:Umm.... by Dan541 · 2011-12-02 16:11 · Score: 1
  
  It's most certainly theft, and on top of that Godaddy is most certainly liable for civil damages.
  How? If Godaddy received a genuine transfer request then they did the right thing by not blocking it. Registrars are supposed to comply with requests from the domain administrator. If that person has poor security it isn't godaddy's fault.
  
  --
  An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
19. Re:Umm.... by wygit · 2011-12-02 16:13 · Score: 4, Interesting
  
  And the perps haven't deprived the victims of their property? Not sure what you mean here.
  With copyright infringement, the original owners still have their stuff. With this, the victim doesn't.
20. Re:Umm.... by Concerned+Onlooker · 2011-12-02 16:49 · Score: 4, Funny
  
  "I thought it was the pirating != theft brigade that modded people into oblivion."
  
  Well, I thought it was the pirating <= theft brigade that modded people into oblivion.
  
  --
  http://www.rootstrikers.org/
21. Re:Umm.... by mysidia · 2011-12-02 18:28 · Score: 1
  
  GoDaddy locks the domain by default, and even if you do unlock the domain you need an EPP or Authinfo code for .COM and other major GTLDs to effect a transfer. None of that helps at all if your e-mail account is hijacked, though; and doesn't really protect you against intra-registrar transfers. As for the "auto-renewal" service, don't trust it necessarily. There have been reports in the past of registrars' auto-renewal failing to auto-renew certain highly desirable domains. Of course the story could be that you didn't update your CC.... credit cards do have expiration dates, you know... can't auto-renew when you can't bill, Isuppose.
  Some registrars such as Moniker offer a service, where you can add a layer of security to registrar lock, by having the registrar call you for approval before unlocking the domain. That is more secure than e-mail confirmation; however, it comes at a very significant price increase for so called "Max Security" or "High security" features of some registrars.
22. Re:Umm.... by Mindragon · 2011-12-02 20:20 · Score: 1
  
  ICANN also requires valid WHOIS domain data http://wdprs.internic.net/
  
  --
  Just add {In Space!} to anything.
23. Re:Umm.... by dmomo · 2011-12-02 20:49 · Score: 2
  
  I thought it was the modding == theft brigade that the pirates send into oblivion
24. Re:Umm.... by X0563511 · 2011-12-02 21:42 · Score: 4, Insightful
  
  Erm, that argument doesn't fly here... because the -control- over the domain was seized away. It's not like it was just copied, like the whole "pirating != theft" argument has at it's heart.
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
25. Re:Umm.... by toriver · 2011-12-02 22:51 · Score: 2
  
  Really? Soon romance will be theft because someone stole a young girl's heart...
26. Re:Umm.... by Anonymous Coward · 2011-12-03 01:45 · Score: 1
  
  It was me. Sorry, mister, but she is beautiful.
27. Re:Umm.... by nurb432 · 2011-12-03 02:19 · Score: 1
  
  Since the 'victim' doesn't have use of the said domain any longer, id say it qualifies as theft.
  
  --
  ---- Booth was a patriot ----
28. Re:Umm.... by Sique · 2011-12-03 02:32 · Score: 1
  
  No. Fraud is fraud, and theft is theft. There are frauds, which don't cause the transfer of ownership of something to the fraudster or any person affiliated with him.
  
  --
  .sig: Sique *sigh*
29. Re:Umm.... by Relayman · 2011-12-03 04:45 · Score: 2
  
  A username and password should not be sufficient, especially if the domain name has a regsitrar lock. My domain registrar (BulkRegsiter aka eNom) requires two-factor authentication to do anything.
  
  --
  If I used a sig over again, would anyone notice?
30. Re:Umm.... by ultranova · 2011-12-03 05:19 · Score: 1
  
  It's certainly a crime, but it is fraud, not theft (just as copyright infringement is not theft). Theft involves deprivation of possession of chattel property.
  
  Well, Coyer has been deprived of something, namely the domain name. So no, it's not like ignoring copyrights, but rather like hijacking all your mail by somehow convincing the post office to forward it to you instead. Which is theft.
  
  --
  Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
31. Re:Umm.... by jamesh · 2011-12-03 12:03 · Score: 1
  
  A username and password should not be sufficient, especially if the domain name has a regsitrar lock. My domain registrar (BulkRegsiter aka eNom) requires two-factor authentication to do anything.
  Sounds like you got what you paid for then... in a good way :)
  Seriously though, there is a place for a low cost, no frills registrar for domains you aren't particularly attached to and that nobody is going to hold for ransom because they aren't worth the effort. Using such a registrar for a domain that's actually worth something to you is probably a bad choice though.
32. Re:Umm.... by Anonymous Coward · 2011-12-03 17:52 · Score: 0
  
  One the average slashdot reader gets around to kissing girls...
33. Re:Umm.... by Anonymous Coward · 2011-12-04 02:43 · Score: 0
  
  It's his word against the hackers. How does GoDaddy and PlanetDomain know that he didn't sell the domain?
  Working for a registrar, I see attempts like this all the time, many of them we catch and can stop, some we don't.
34. Re:Umm.... by wwphx · 2011-12-04 09:17 · Score: 1
  
  Umm, have you ran GoDaddy Sucks through Google? Your UID is low enough that I would have thought you'dve seen lots of interesting articles about GoDaddy here. A lot of people would disagree with you, and I won't do business with them and anyone that I know that is doing business with them I suggest to them that they run such a query and change registrars and hosts. Myself, I use Bluehost for hosting and Nearly Free Speech for registration with privacy protection.
  
  https://www.google.com/search?q=godaddy+sucks
  
  --
  When you sympathize with stupidity, you start thinking like an idiot.
35. Re:Umm.... by jamesh · 2011-12-04 12:56 · Score: 1
  
  Umm, have you ran GoDaddy Sucks through Google? Your UID is low enough that I would have thought you'dve seen lots of interesting articles about GoDaddy here. A lot of people would disagree with you, and I won't do business with them and anyone that I know that is doing business with them I suggest to them that they run such a query and change registrars and hosts. Myself, I use Bluehost for hosting and Nearly Free Speech for registration with privacy protection.
  a search for "bluehost sucks" also yields some interesting stories :)
  I think part of the problem is that most of the time, most registrars are trouble free, even the very worst ones. It's when you have a problem (whether of your own doing or not) that the real measure of good service becomes apparent. This is what I tell people about Telstra's Bigpond branded ISP services - if you ever have a problem with your service you'll wish you'd gone with someone else.
  Interestingly, my transfer away from godaddy (personal, seldom used domain) is just going through now, and the text in their transfer-away confirmation email says "INDUSTRY-BEST LIVE 24/7 SUPPORT". It seems you can claim anything in an email :)
36. Re:Umm.... by RivenAleem · 2011-12-09 02:29 · Score: 1
  
  I used to mod people into Oblivion, but then I took an arrow in the knee.
Don't Use GoDaddy by sexconker · 2011-12-02 12:54 · Score: 5, Interesting

Don't use GoDaddy.
If you needed any more reasons to stay far away from GoDaddy and their shitty advertising, RTFA.
So far they have found this has happened to around 12 accounts, all within the "Web Design" genre (so most likely a targeted attack).
There is no accessible log from with your GoDaddy account to see what/when things happened.
They do [claim to] have access logs, but they can't [won't] share that information with me.
The domain was transferred away from GoDaddy the evening of Nov 20th
They [claim to] have, but cannot [won't] provide me with, the email address used to transfer the domain away.
GoDaddy confirmed my global account email has never been changed, but it WAS changed for the domain css-tricks.com prior to the move.
The request to unlock the domain happened on Nov. 14th at 4:30pm Mountain Time. Normally there is a 5-7 day waiting period, but GoDaddy offers instant transfer and they remarked that it was unusual that the hacker chose not to do that.
They confirmed no other domains have left my account.
[Stuff in brackets is mine.]
1. Re:Don't Use GoDaddy by InsightIn140Bytes · 2011-12-02 13:01 · Score: 3, Informative
  
  1and1 and Network Solutions are on the list too.
2. Re:Don't Use GoDaddy by Anonymous Coward · 2011-12-02 15:54 · Score: 5, Interesting
  
  Don't use GoDaddy.
  To be fair, this wasn't strictly a GoDaddy Issue. TFA stated:
  
  This is not isolated to GoDaddy. Original registrants varied, see below.
  Which then listed multiple GoDaddy's, a 1and1.com, and a NetworkSolutions.com. This sounds more like the fact that GoDaddy happens to be the big horse (ala Microsoft) so it's likely going to be attacked me most. Not using GoDaddy might be good advice but it seems like it's also not a guarantee.
  The bigger issue is that there's no authoritative way to quickly re-gain such lost domains. And domain name disputes are always a huge PITA. Given the value of a domain name and how easy it is to sit on it once stolen, costing some business tons of money, I wouldn't be surprised if this starts happening more.
  One thing that keeps popping out is the fact that they're all being xfered to PlanetDomain.com. ICANN needs to revoke their ability to register domains.
3. Re:Don't Use GoDaddy by houstonbofh · 2011-12-02 18:02 · Score: 3, Informative
  
  The difference is that with a real company, like SafeNames, you call your account rep, and he says, "I will handle this for you." And you get updates, not stonewalls. May still take a lot of time, but it will be less stress than GoDaddy's "not my problem" BS.
4. Re:Don't Use GoDaddy by Anonymous Coward · 2011-12-02 20:49 · Score: 0
  
  1and1 and Network Solutions are on the list too.
  Yes 1&1 boy have i had a ding dong with that bunch of tossers over the clubs domain WOW Never go within a million miles of 1&1 shisters out and out the moment there is a problem you cannot contact the british number you always end up connected to the German help line and the could not give a monkey's
5. Re:Don't Use GoDaddy by Anonymous Coward · 2011-12-04 16:31 · Score: 0
  
  ICANN needs to revoke their ability to register domains.
  They will do so only if ICANN sees PlanetDomains consistently breaching the terms of their contract. Just because they have allegedly stolen domain names in their possession doesn't automatically qualify them to be "guilty" of theft.
GoDaddy by Anonymous Coward · 2011-12-02 12:54 · Score: 1

GoDaddy. That right there is the problem. No end of horror stories from this company.
For the curious by Anonymous Coward · 2011-12-02 12:57 · Score: 5, Informative

That phone number looks like a valid aussie mobile number. Who answers?
Domain Name: CSS-TRICKS.COM
Reseller..............: PlanetDomain Ltd Pty
Created on............: 4 Jul 2007 16:26:57 EST
Expires on............: 4 Jul 2019 16:26:57 EST
Record last updated on: 21 Nov 2011 16:20:33 EST
Status................: ACTIVE
Owner:
oca
(465144)
Bakulina 12,
Kharkiv, gras 61166
Austria
Phone: +61.4354353455
Email:
Administrative Contact, Billing Contact:
oca
(465143)
Bakulina 12,
Kharkiv, gras 61166
Austria
Phone: +61.4354353455
Email:
Technical Contact:
oca
(465145)
Bakulina 12,
Kharkiv, gras 61166
Austria
Phone: +61.4354353455
Email:
Domain servers in listed order:
No name servers present.
1. Re:For the curious by Anonymous Coward · 2011-12-02 13:02 · Score: 0
  
  Fake phone number, too many numbers. Although assuming it's not fake and it just has too many numbers, it lies within the range assigned to Optus.
2. Re:For the curious by Anonymous Coward · 2011-12-02 13:05 · Score: 0
  
  Oh wait. One extra digit and the country is listed as Austria not Australia
  Also, forserver@yahoo.com is associated with about 3 domains according to domain tools
  Perhaps contact the Aus federal police and send it in and get them to put a request in to yahoo?
3. Re:For the curious by iluvcapra · 2011-12-02 13:08 · Score: 3, Informative
  
  Ummmm, Graz is a town on the Mur in Austria, not Austrialia. However +61 is the country code of Australia. Some sort of bizzare joke.
  
  --
  Don't blame me, I voted for Baltar.
4. Re:For the curious by novakreo · 2011-12-02 13:45 · Score: 1
  
  One too many digits for an Aussie number.
  
  --
  O frabjous day! Callooh! Callay!
5. Re:For the curious by ColaMan · 2011-12-02 14:20 · Score: 1
  
  Too many digits. Australian numbers are ten digits long.
  adding the leading zero that gets dropped when you dial international numbers gives 11 digits.
  And of course the fact that "Austria" and "Australia" are usually right next to each other in your average "choose your country" drop-down box.
  
  --
  
  You are in a twisty maze of processor lines, all alike.
  There is a lot of hype here.
6. Re:For the curious by Anonymous Coward · 2011-12-02 15:56 · Score: 0
  
  Phone looks like random mashing on numeric row. In other news, Austria invaded Ukraine, taking Kharkiv.
7. Re:For the curious by Dan541 · 2011-12-02 16:20 · Score: 1
  
  Mobile (cell phone) numbers in Australia are all ten digits and start with. 04 so that number in Australia would be 04354353455 which is of course 1 digit too many. I think it's a typo since anyone trying to fake a phone number would at least use the correct amount of digits.
  
  --
  An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
8. Re:For the curious by SeaFox · 2011-12-02 17:32 · Score: 1
  
  I notice the contacts are in Austria, not Australia.
9. Re:For the curious by Anonymous Coward · 2011-12-02 18:14 · Score: 0
  
  Indeed, but +61 is Australia.
10. Re:For the curious by Dan541 · 2011-12-02 18:45 · Score: 2
  
  +61 is Australia but yes the postal address is Austria.
  
  --
  An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
11. Re:For the curious by OneMadMuppet · 2011-12-02 19:50 · Score: 3, Informative
  
  Bakulina 12 is an address in Kharkiv, in Ukraine. Anyone can pick a random city or country, but picking a specific street in north Kharkiv is less likely. Start there.
12. Re:For the curious by MrL0G1C · 2011-12-02 22:18 · Score: 1
  
  PlanetDomain is one of Australia's leading Domain Name Registrars and Web Hosting Service providers.
  We provide domain name registration and web hosting services to the global community with the goal of delivering low prices and high standard products and services.
  PlanetDomain Pty Ltd.
  Registered Office:
  Level 15, 309 Kent Street
  Sydney
  NSW, 2000, Australia
  Telephone: +1300 36 64 05 (Australia)
  Facsimile: +613 9923 4412
  Email: info@planetdomain.com
  Click here to review our Service Level Agreement.
  Looks quite contactable, try picking up the phone, it's often the best way.
  
  --
  Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
13. Re:For the curious by rawler · 2011-12-02 23:29 · Score: 1
  
  Address: Austria
  Phone: +61 (Australia)
  Looks legit.
14. Re:For the curious by Anonymous Coward · 2011-12-03 01:49 · Score: 0
  
  Uuum, no it's not. Go to Google maps, zoom in to a random country, then zoom in to a random city, and there to a random area. Read any random street name where it looks like there are people living, and add an approximate house number. Done.
  Try it right now.
15. Re:For the curious by KiloByte · 2011-12-03 02:43 · Score: 2
  
  It's a dormitory for students of Kharkov's National University of Radioelectronics -- sounds like a likely place for the cracker to be from.
  
  --
  The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
16. Re:For the curious by Kalriath · 2011-12-03 23:46 · Score: 1
  
  That, and what are the odds of getting a phone number where all the digits are 3, 4, or 5. 0435 doesn't sound valid from my time in market research either.
  
  --
  For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
17. Re:For the curious by gullevek · 2011-12-04 15:46 · Score: 1
  
  None of those addresses is a valid address in Austria. Nor do we have any of those city names. They sound way more eastern europe like.
  
  --
  "Freiheit ist immer auch die Freiheit des Andersdenkenden" - Rosa Luxemburg, 1871 - 1919
GoDaddy no so bad. by Anonymous Coward · 2011-12-02 12:59 · Score: 1

They actually CALL me before doing anything. I've had a domain expiring that I don't care to renew, and a REAL person calls me to let me know that it will expire, as well as emails every so often as the end date comes close. I've SOLD domains to other people and I've had to tell them over the phone that the domain was up for a legit transfer. I think there is a ball on the floor, because it was dropped.
DAVIDWALSH.NAME stolen also by Anonymous Coward · 2011-12-02 13:02 · Score: 2

My domain, DAVIDWALSH.NAME has also been stolen. 1And1 yet to return the domain or give me a detailed response for 5 days.
So out of curiosity, by oGMo · 2011-12-02 13:13 · Score: 2

Who is a reputable registrar these days? Does such a thing exist?

--
Don't think of it as a flame---it's more like an argument that does 3d6 fire damage
1. Re:So out of curiosity, by John+Hasler · 2011-12-02 13:20 · Score: 5, Informative
  
  > Who is a reputable registrar these days?
  Gandi.
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
2. Re:So out of curiosity, by Urza9814 · 2011-12-02 13:37 · Score: 4, Interesting
  
  If only I had mod points. Gandi is by far and without a doubt the best domain registrar out there. Hell, if they were double or even triple the price of GoDaddy, I'd still be using them. (From what I've seen their prices are on par with everyone else.)
3. Re:So out of curiosity, by Anonymous Coward · 2011-12-02 13:40 · Score: 4, Informative
  
  :) We switched to them from Dotster. If you are from the USA the price is better than advertised too. They don't charge VAT and that is a HUGE percentage of the fee. The only complaint I have is the free SSL certificate is confusing/misleading. Or maybe it is just me not understanding things well enough although I doubt it. You have to install the free Gandi certificate in the browser you are using or something like that. In other words it isn't something you can actually use for business or even a personal web site unless you have control over the computers from where you/others will be accessing it from. Therefore what good is it over accepting your own ssl certificate? I know I sound like an idiot as I'm wrong in my explanation. Hopefully you understand what I'm trying to say though.
4. Re:So out of curiosity, by efalk · 2011-12-02 13:53 · Score: 4, Informative
  
  Seconded. I register all my domains with Gandi. Clean user interface, no offensive advertising, no constant trying to upsell me. Easy to understand services and contract. Plus, they're outside of the U.S., which is a huge plus -- it makes it much harder for a U.S. court to seize your domain on a whim.
5. Re:So out of curiosity, by CyberVenom · 2011-12-02 13:59 · Score: 2
  
  Thirded. Been with them since they were one of the first ICANN registrars outside of Network Solutions. Like their motto says, "no bullshit"
6. Re:So out of curiosity, by hpa · 2011-12-02 14:16 · Score: 3, Informative
  
  Seconded the recommendation for Gandi. Another good one is Loopia in Sweden, loopia.se. Loopia got acquired reasonably recently, so they may or may not stay that way but for now they have been very good and for a long time they were the best-priced .se and .nu registrar (and may still be.)
7. Re:So out of curiosity, by mrbester · 2011-12-02 14:34 · Score: 3, Insightful
  
  Status: clientTransferProhibited FTW. Set by a checkbox in a settings screen. GANDI never forget that your domain is yours (unlike other registrars who consider it theirs and you're just borrowing it from them).
  
  --
  "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
8. Re:So out of curiosity, by tomp · 2011-12-02 15:25 · Score: 5, Informative
  
  Gandi rocks, no doubt about it. However, they cannot protect a domain owner from the US government.
  I have my domain there because they respect the rights of a domain owner far more than other registrars, but there's nothing they can do if the US government wants a domain in a US-hosted top level domain. When it comes .com, .net, or .org, NSI is all that matters. And unfortunately, they don't care about domain owners.
9. Re:So out of curiosity, by networkzombie · 2011-12-02 15:43 · Score: 1
  
  Wow. I have three domains with GoDaddy and I think I will switch. It is hard to resist the "No Bullshit" which is trademarked. Thank you. I have no problems with them running Google Analytics. Should I? Google will honor my robots.txt. Why should I care about Google Analytics? Anyone?
10. Re:So out of curiosity, by The+Blue+Meanie · 2011-12-02 15:51 · Score: 5, Informative
  
  Nope, you misunderstand. I got them to issue one of the free certs for one of my domains (I use Gandi for all of my registrations), and it works perfectly with all major browsers out of the box.
  All you have to do is add Gandi's intermediate certificate (the cert that links their signature on your free cert to the base CA cert that's in everybody's browser), but you do that on your server (web/mail/whatever) and offer it up as part of the SSL negotiation. It works perfectly, and transparently. It is definitely NOT like the hassle of a self-signed certificate, where you DO have to either add the "security exception" to every client's browser, or get them to install your cert into their browser ahead of time.
  
  --
  "I feel that if a person can't communicate, the very least he can do is to shut up." -- Tom Lehrer
11. Re:So out of curiosity, by mysidia · 2011-12-02 15:54 · Score: 2
  
  it makes it much harder for a U.S. court to seize your domain on a whim.
  It also much makes it much harder for you to sue them, if they do something bad and it hurts you or you lose the domain or uptime as a result.
12. Re:So out of curiosity, by Anonymous Coward · 2011-12-02 17:06 · Score: 0
  
  DynDNS does sell domain names as well and their service is excellent.
  You do pay more than GoDaddy.
13. Re:So out of curiosity, by LordLimecat · 2011-12-02 17:40 · Score: 1
  
  it makes it much harder for a U.S. court to seize your domain on a whim.
  Wouldnt it make it easier for some other government to seize it on a whim?
  I mean, that may be the determination that youve made, that this is less of a risk, but Im just saying.
14. Re:So out of curiosity, by houstonbofh · 2011-12-02 17:57 · Score: 1
  
  SafeNames. They are NOT the cheapest, but they have amazing customer service. Absolutely rock. You actually have a real person as an account manager. Type "whois dell.com" for more.
15. Re:So out of curiosity, by Animats · 2011-12-02 18:27 · Score: 4, Informative
  
  Who is a reputable registrar these days?
  The top of the line is MarkMonitor. If you have to ask how much they cost, you can't afford them. They're the registrar for "gm.com", "ford.com", "bankofamerica.com", etc. If something goes wrong with one of their domains, alarm bells ring at their monitoring center and DNS experts, investigators, and lawyers swing into action.
  Network Solutions can be difficult to deal with, but they register enough corporate domains that they have a support organization that's not a joke.
  GoDaddy is generally considered to be near the bottom of the heap. You might register your personal blog with GoDaddy. Maybe.
  Down at the bottom is eNom, the leader in junk domain registration. That's where you register your 100,000 typosquatting domains.
16. Re:So out of curiosity, by QuoteMstr · 2011-12-02 18:52 · Score: 1
  
  I've been happy with gkg.net. I like that they started offering IPv6 glue records very early.
17. Re:So out of curiosity, by Anonymous Coward · 2011-12-02 19:11 · Score: 0
  
  Everything runs Google Analytics.
18. Re:So out of curiosity, by Anonymous Coward · 2011-12-02 19:35 · Score: 0
  
  Exactly.
19. Re:So out of curiosity, by hymie! · 2011-12-03 04:18 · Score: 1
  
  Second for dyndns.
20. Re:So out of curiosity, by Anonymous Coward · 2011-12-03 19:52 · Score: 0
  
  They are almost double the price of other registrars for .com and .net domains.
21. Re:So out of curiosity, by Kalriath · 2011-12-03 22:07 · Score: 2
  
  NSI doesn't matter. It's Verisign you need to be afraid of.
  
  --
  For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
22. Re:So out of curiosity, by ebvwfbw · 2011-12-04 08:08 · Score: 1
  
  Directnic.com. I've used them for well over a decade. Not even Hurricane Katrina took them offline and that hit right where they are in New Orleans. I've never had a problem with them, they even offer SSL certificates. They are also very paranoid about transfers.
stolen by reiisi · 2011-12-02 13:25 · Score: 1

RTFriendlyA
GoDaddy has the e-mail that requested the change, and the domain owner did not send it.
Or, are you the thief, trying to misdirect the conversation?

--
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
1. Re:stolen by TheRealMindChild · 2011-12-02 14:21 · Score: 2
  
  Just because you are paranoid, doesn't mean they aren't after you
  
  --
  
  "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
2. Re:stolen by reiisi · 2011-12-05 00:04 · Score: 2
  
  Just because you are paranoid, doesn't mean they aren't after you
  That's definitely not something I'm going to argue with.
  
  --
  Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
e-mail by reiisi · 2011-12-02 13:27 · Score: 2

Actually, in this case, the problem seems to be hijacked e-mail.
What I'm trying to understand now is why they need a copy of a license to start checking about undoing the transfer, when they don't require the copy of the license to initiate it.

--
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
1. Re:e-mail by Dan541 · 2011-12-02 16:25 · Score: 1
  
  What I'm trying to understand now is why they need a copy of a license to start checking about undoing the transfer, when they don't require the copy of the license to initiate it.
  Cost, people want cheap domain registrations and aren't prepared to pay for the extra security of document verification.
  
  --
  An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
Gmail problem by Albanach · 2011-12-02 13:29 · Score: 5, Interesting

it looks like the big problem here is that 4 years on it's still apparently possible for websites to silently create filters on gmail accounts if a logged in user visits their site. That effectively allows a malicious site to compromise hosting accounts, bank accounts and much more.
1. Re:Gmail problem by Anonymous Coward · 2011-12-02 13:32 · Score: 0
  
  LOL, yeah. I blame AOL...f*U*in dial up. I have to sign in to check my mail!!
2. Re:Gmail problem by cultiv8 · 2011-12-02 13:34 · Score: 5, Informative
  
  As noted in 2008 on Mashable:
  
  According to a proof of concept by Geek Condition, there is a security flaw in Gmail that allows an attacker to forward GoDaddy account reset information to the offending party unbeknownst by the victim. This is done by creating a filter that forwards GoDaddy’s “change of password” mail to the attacker and deletes it from your inbox.
  
  --
  sysadmins and parents of newborns get the same amount of sleep.
3. Re:Gmail problem by HeyBob! · 2011-12-02 13:39 · Score: 4, Insightful
  
  Exactly - why are you using a free email account to be the key to owning your domain name? Run your own email server! Become your own registrar - it's worth it if you have a bunch of domains.
4. Re:Gmail problem by cultiv8 · 2011-12-02 13:43 · Score: 1
  
  Really, your comment was moderated as a Troll? Who are these moderators?
  
  --
  sysadmins and parents of newborns get the same amount of sleep.
5. Re:Gmail problem by MyFirstNameIsPaul · 2011-12-02 13:48 · Score: 4, Informative
  
  That article states that the attacker must direct the victim to a site with a malicious script in order to get a Session Authorization Key.
  
  --
  I once took an excursion to Reddit, and later HN. Unlimited up/down voting sucks when dealing with a hive-mind.
6. Re:Gmail problem by Mashiki · 2011-12-02 13:59 · Score: 1, Offtopic
  
  You know, we had a discussion just the other day about group-think and the /. condition where people making good comments are shouted down. The GP is yet another example of this.
  
  --
  Om, nomnomnom...
7. Re:Gmail problem by headkase · 2011-12-02 14:19 · Score: 2, Interesting
  
  I don't even bother to moderate anymore. I read the comments at -1 because that is the only way to combat moderator abuse. It happens too often that you see a completely worthwhile comment moderated -1. Slashdot's game has been fixed. I blame the "Friend/Foe" system: that let's you instantly know whether to mod up/down if you were so inclined.
  
  --
  Shh.
8. Re:Gmail problem by jamesh · 2011-12-02 14:30 · Score: 1
  
  It's at +5 now... what was the problem again?
9. Re:Gmail problem by Skidborg · 2011-12-02 14:58 · Score: 0, Offtopic
  
  And that one mod point I was saving for a post like this just expired.
  
  --
  Supporter of the +1 Over Dramatic mod option. In memory of apk.
10. Re:Gmail problem by tftp · 2011-12-02 17:27 · Score: 4, Informative
  
  why are you using a free email account to be the key to owning your domain name? Run your own email server!
  You shouldn't have a contact email on the domain that is being administered. Your suggestion is good only if you have several domains registered by different registrars, and if your email is very reliable (with reverse DNS and such.) Then you can cross-link these records. For everyone else Gmail is a rational choice; it's free, it's reliable, and it's always there.
11. Re:Gmail problem by jtnix · 2011-12-02 17:48 · Score: 2
  
  There's nothing wrong with using a 'free' email account to register for domain services or any other product or service for that matter. I would however recommend some recursion, i.e. create a unique freemail account with a very high security password and set it up to forward (while still saving emails) to your master email account(s). Of course, it's a good idea to rotate a high security password on your master email account(s) as well. It's not rocket science, it's security. These crafty bastards have been at it for a good 10+ years now. If you haven't been paying attention to current security flaws on the intertubes and get hacked then you are part to blame, too.
  Do you rotate high security passwords at least yearly? Monthly would be a better idea. Do you use a password agent/app to manage your passwords? There are dozens available, try one or two with a Really Good Password. Do you keep multiple, offsite backups of your encrypted password file? Make sure it's well encrypted with a 10 to 16 byte password that you can realistically memorize and rotate it at least once a year.
  
  --
  She blinded me with science, she tricked me with technology. ~ Thomas Dolby
12. Re:Gmail problem by Mashiki · 2011-12-02 17:56 · Score: 1
  
  Give it 6 hours for a group of people to throw a hissy fit over what they read, and it'll be -0 troll or flamebait. You know much like how my post is 'offtopic' when it's not.
  
  --
  Om, nomnomnom...
13. Re:Gmail problem by houstonbofh · 2011-12-02 18:07 · Score: 1
  
  I do not know a single network admin worth a damn that does not have at least 5 non-free e-mail addresses. And you only need 3. And, yes, none of them should be on the domain in question, and none of the mail servers should be with the registrar. Security through diversity.
14. Re:Gmail problem by houstonbofh · 2011-12-02 18:09 · Score: 4, Interesting
  
  It is only temporary... Go ahead and moderate. Read at -1 and just give points to people unfairly trolled.
15. Re:Gmail problem by Anonymous Coward · 2011-12-03 01:23 · Score: 0
  
  >completely worthwhile comment moderated -1.
  Notice, too, the number at just -1, not "-1 Overrated", or something like that. or +3 without any "underrated, insightful, or whatever. It looks like the /. editors are randomly modding shit up or down for some reason.
  I have not made a logged in comment for years now because I kept finding my stuff mysteriously modded down. Mod me down, but give me some feedback on why, you know?
16. Re:Gmail problem by Anonymous Coward · 2011-12-03 08:40 · Score: 0
  
  That article states that the attacker must direct the victim to a site with a malicious script in order to get a Session Authorization Key.
  An even better reason to always use noscript...
17. Re:Gmail problem by cultiv8 · 2011-12-03 14:55 · Score: 1
  
  Quick follow-up, did anyone notice gmail is giving the following message:
  
  Thousands of online accounts are hijacked every day. If you re-use your Gmail password at other websites, change it now. Learn more.
  
  --
  sysadmins and parents of newborns get the same amount of sleep.
18. Re:Gmail problem by dotancohen · 2011-12-03 21:04 · Score: 1
  
  That article states that the attacker must direct the victim to a site with a malicious script in order to get a Session Authorization Key.
  How hard is that? I have run dozens of websites, and I can get on a first-page google search for some key phrases easily. This is the law of averages: attack _everybody_ and some will fall. If the attacker wants a _specific_ domain, though, that is much more of a challenge.
  
  --
  It is dangerous to be right when the government is wrong.
19. Re:Gmail problem by Kalriath · 2011-12-03 23:52 · Score: 2
  
  Underrated and Overrated do not add the text to the score, FYI. They commonly are used as the "+1, I Agree" and "-1, I Disagree and wish to Censor Your Dissenting Opinion" moderations. It used to be counterable back before /. fucked up metamoderation and turned it into a herp-derp free + or - for random comments. Which incidentally is the other reason a post may be moderated + or - with no history - it was metamoderated up or down instead.
  Mumble mumble stagnated or something.
  
  --
  For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
20. Re:Gmail problem by Anonymous Coward · 2011-12-04 02:29 · Score: 0
  
  I am the OP and thank you for your clarification. Metamoderation is indeed a cluster anymore and serves no purpose.
Same thing happened back in 2000 to me and others by Nethead · 2011-12-02 13:39 · Score: 5, Interesting

http://www.wired.com/politics/law/news/2000/01/33571

Network Solutions' administrative policies are once again being blamed for Internet domain hijackings that took at least brief control over some major Web domains.
Beginning Saturday, an unidentified individual began attempts, some successful, to seize control over domains including major Web hosting service Exodus, Web standards body World Wide Web Consortium and Emory University.
And all the misappropriation required was a simple spoofing of email addresses.
The only good thing about it was getting my name in Wired.

--
-- I have a private email server in my basement.
phone number looks like hex string by jamesh · 2011-12-02 13:54 · Score: 3, Interesting

Did anyone else notice that the phone number looks like a hex string?
43:54:35:34:55 => CT54U
it doesn't look particularly meaningful unless they were stupid enough to encode a password or something in it.
1. Re:phone number looks like hex string by jamesh · 2011-12-02 14:00 · Score: 1
  
  or "aCT54U" if you were to include the country code... still seems meaningless, maybe just a coincidence
2. Re:phone number looks like hex string by Anonymous Coward · 2011-12-02 14:41 · Score: 1
  
  Um, they're also all in the same row of a numeric keypad. This, and that it's one digit too many, is probably a sign that the perp just reached for the keypad and typed random digits in a hurry until the on-screen looked long enough to be a phone number but without trying too hard.
3. Re:phone number looks like hex string by sconeu · 2011-12-02 14:56 · Score: 4, Insightful
  
  1337-speek for "Acts for you"
  
  --
  General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
4. Re:phone number looks like hex string by moderatorrater · 2011-12-02 15:55 · Score: 1
  
  Or a variable repetition of 3,4, and 5.
5. Re:phone number looks like hex string by Chrisq · 2011-12-02 22:40 · Score: 1
  
  1337-speek for "Acts for you"
  Great, now lets start on the bible codes and prove that 666 refers to Bill Gates. Everyone's number looks like a hex string!
ICANN by DaMattster · 2011-12-02 14:33 · Score: 3, Interesting

Does ICANN offer any assistance with this matter? Can't they just yank the domain back?
1. Re:ICANN by Tacvek · 2011-12-02 15:50 · Score: 5, Informative
  
  ICANN cannot technically do that, since they don't actually control the content of the TLD. The Domain Registry (Verisign) could technically reverse the transfer, but are bound by ICANN policies that likely prevent them from doing anything. ICANN in conjunction with Verisign could get the transfer reverted, but since that requires two entities working in concert, I would not count on it happening.
  Of course the Australian registry could determine that the transfer was fraudulent, and transfer it back to Go Daddy as a registrar (who is bound by contract to return it to the control of Chris Coyer), and provide information about the fraud to the police, but since that is not in their interests, they will never do that either.
  
  --
  Stylish sheet to fix many problems in Slashdot's D3: https://gist.github.com/801524
2. Re:ICANN by Anonymous Coward · 2011-12-02 15:51 · Score: 0
  
  http://www.icann.org/en/transfers/dispute-policy-12jul04.htm
3. Re:ICANN by Nemyst · 2011-12-02 16:36 · Score: 2
  
  It isn't in their interests? Surely siding against the web design community, a very large source of domain registrations, isn't the brightest of ideas?
4. Re:ICANN by dissy · 2011-12-02 18:01 · Score: 4, Informative
  
  Does ICANN offer any assistance with this matter? Can't they just yank the domain back?
  Yup, there is a process for this. Unfortunately a bit slow, but better than nothing.
  The registrar the domain is with now must provide proof the owner submitted it that can be challenged. No proof in 5 days, ICANN reverses the transfer.
  At that point they have two weeks to argue that the transfer was not authentic.
  I believe a court order would cause the action to be taken immediately in reversing it, and ICANN states they will comply.
  http://www.icann.org/en/transfers/
  All the forms and the policy itself (Items 1-4 on that page) plus some FAQ's that mention this type of thing.
  I've never had to do a transfer dispute, so am not sure if their policy matches reality, but there it is.
5. Re:ICANN by Tacvek · 2011-12-03 11:00 · Score: 2
  
  That sort of thing only rarely shows up in the accounting books, and is usually vastly underestimated when it does, so the decision makers only see: Loss of one registration ($x per year) vs status quo.
  Which will they decide is in their interests?
  
  --
  Stylish sheet to fix many problems in Slashdot's D3: https://gist.github.com/801524
AFP & Court by Anonymous Coward · 2011-12-02 15:42 · Score: 0

I have a feeling the australian high court would be absoluely facinated by this.. and quite angry.
If they don't give it back, take the registrar to court. it IS stealing, its also a cyber crime. Australian Federal Police could also probably help in this matter if you sent them a message..
It's a cyber crime.. which ... surprise surprise... comes under the australian terrorism act.. It's not tried in military courts here.. haha but its still cracked down on rather harshly.
Helpless? No. by macraig · 2011-12-02 18:22 · Score: 3, Insightful

... the registrars seem helpless to do anything about it.
Not helpless: careless, as in "we couldn't care less". How exactly do these thefts hurt their reputation or profits or bottom line? It doesn't, which is exactly why they don't care. These registrars will continue to not-care unless and until the victims can make the thefts affect the registrars in some measurable way.
Re:Helpless? No. by Anonymous Coward · 2011-12-02 18:28 · Score: 0

Registrars are above the law.
Bigger news! by stephanruby · 2011-12-02 22:00 · Score: 3, Funny

Damn! Austria must have invaded Australia.
Re:Helpless? No. by zyzko · 2011-12-02 22:36 · Score: 4, Insightful

I actually prefer them not to care. It seems in this case email was hijacked and GoDaddy is not supposed to deny the transfer if everything is done properly. It is a real pain in the ass trying to obtain an "utility bill" or other "proof" from $5 / month web service customer when all they want is to get their domain transferred from the previous $15 / month provider (provided of course that the previous ISP who registered the domain was generous enough to put a real owner contact email to whois data...). It *should* be that easy for you average low-cost domain.
If you want your domain provider to "care" - which in this case is that you get personal service and are not just using automation yourself - you pay (actually GoDaddy also offers phone verification option for extra fee...). If you are bankofamerica.com or microsoft.com you should really do take a bit more expensive option - it is not likely that you change your registrar yearly to the cheapest alternative. But if you are a random website (this is first time I heard about css-tricks.com, I really don't know if they are big and famous site on web design field) looking for the cheapest option this is how it should be, because on the other side you have very angry customers complaining that registrars hold their domains hostage; been there in the middle answering to customer on the other side that no, this is not that easy because your registrar requires this and that and I have to bill you by the hour and on the other side having the registrar jump me through obstacle course to transfer ordinary domains by just flagging transfer "suspicious" and everything from first tier customer support is some form of "sorry, I can't do that".
By the way US registrars - identification by utility bill is something we do not do in Europe - the whole concept is strange, so please do not ask me for my clients electricity bill, they most likely can't provide one.
Follow the money by Alain+Williams · 2011-12-02 23:21 · Score: 1

Since it seems accepted by everyone that the domain was stolen and that the crook now wants money to give it back, surely the police can be involved (this is supposed to be what they are there for). The crook wants money, the money needs to be paid into an account somewhere or perhaps one of these money transfer people. Would it be really too hard to finger their thief's collar when he comes to collect ?
1. Re:Follow the money by Relayman · 2011-12-03 04:52 · Score: 1
  
  This is a property crime, not a personal one. The police couldn't care less so such a small case.
  
  --
  If I used a sig over again, would anyone notice?
2. Re:Follow the money by Gyorg_Lavode · 2011-12-05 06:27 · Score: 1
  
  The better question is, which police? I didn't visit the link, (doesn't seem smart to follow a link associated with a compromised site), however I assume that the criminal could be anywhere and just using a non-reputable registrar. It'd take MS's legal team to unravel something like that.
  
  --
  I do security
Google say this is fixed by Chrisq · 2011-12-02 23:32 · Score: 1

Google say this is fixed.
Dude, c'mon by bryan1945 · 2011-12-03 02:33 · Score: 2

You put your domain with a company because they have commercials with big boobs? If you want to "host" something, I'm sure it's more convenient and cheaper downtown.

--
Vote monkeys into Congress. They are cheaper and more trustworthy.
1. Re:Dude, c'mon by Anonymous Coward · 2011-12-03 08:51 · Score: 0
  
  You put your domain with a company because they have commercials with big boobs?
  Are you some kind of commie pinko who doesn't like big boobs?
PlanetDomain and (Aust|Cheap|Crazy)Domains.com.au by fostware · 2011-12-03 04:28 · Score: 1

All have the same issue regarding their communications trail.
Anyone with an account with these people (and have done domain transfers) should check their comms history in their control panel during that time... especially the sent items and the clickable link contained within.
I've sent plenty of emails to these people, but I've given up. They don't listen.

--
"We know what happens to people who stay in the middle of the road. They get run over." - Aneurin Bevan
Use ISP email by Anonymous Coward · 2011-12-03 04:46 · Score: 0

You know, you have that useless email address from your own ISP. This is what I use it for - as *one* of the email addresses in the contact information.
It looks like by maroberts · 2011-12-03 06:14 · Score: 1

hes had his Gmail account broken into. Having broken in, one of the simplest tricks is to add an auto-forward onto the gmail account, so you continue to get the mail from the account and can follow what is happening. Filters to move/delete emails from certain people are good wheezes too.
Of course, I've never done such a thing myself...

--
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
I know by Anonymous Coward · 2011-12-03 18:56 · Score: 0

O know of a friend who had his domain transferred from GoDaddy... It seems he suspected a GoDaddy Employee
http://cnx.com/?p=1354
Accounts [not Acts] for you by Anonymous Coward · 2011-12-04 15:17 · Score: 0

That would be Accounts for you, not acts for you.
They're stealing accounts after all.
Police won't care until ... by Anonymous Coward · 2011-12-11 12:46 · Score: 0

Police won't care until ... someone steals crimestoppers.com.au .
On a more serious note, there would be enormous motivation for the criminal underworld to hijack this domain.