Domain Theft-for-Ransom Hits css-tricks.com and Others

An anonymous reader writes "Chris Coyer at css-tricks.com has had his domain transferred from GoDaddy.com to a registrar in Australia where it's being held for ransom. Several other domains have experienced the same theft by what seems to be the same person, and the registrars seem helpless to do anything about it."

Don't Use GoDaddy

[sexconker]

Don't use GoDaddy.
If you needed any more reasons to stay far away from GoDaddy and their shitty advertising, RTFA.

        So far they have found this has happened to around 12 accounts, all within the "Web Design" genre (so most likely a targeted attack).
        There is no accessible log from with your GoDaddy account to see what/when things happened.
        They do [claim to] have access logs, but they can't [won't] share that information with me.
        The domain was transferred away from GoDaddy the evening of Nov 20th
        They [claim to] have, but cannot [won't] provide me with, the email address used to transfer the domain away.
        GoDaddy confirmed my global account email has never been changed, but it WAS changed for the domain css-tricks.com prior to the move.
        The request to unlock the domain happened on Nov. 14th at 4:30pm Mountain Time. Normally there is a 5-7 day waiting period, but GoDaddy offers instant transfer and they remarked that it was unusual that the hacker chose not to do that.
        They confirmed no other domains have left my account.

[Stuff in brackets is mine.]

Re:Don't Use GoDaddy

Don't use GoDaddy.

To be fair, this wasn't strictly a GoDaddy Issue. TFA stated:

This is not isolated to GoDaddy. Original registrants varied, see below.

Which then listed multiple GoDaddy's, a 1and1.com, and a NetworkSolutions.com. This sounds more like the fact that GoDaddy happens to be the big horse (ala Microsoft) so it's likely going to be attacked me most. Not using GoDaddy might be good advice but it seems like it's also not a guarantee.

The bigger issue is that there's no authoritative way to quickly re-gain such lost domains. And domain name disputes are always a huge PITA. Given the value of a domain name and how easy it is to sit on it once stolen, costing some business tons of money, I wouldn't be surprised if this starts happening more.

One thing that keeps popping out is the fact that they're all being xfered to PlanetDomain.com. ICANN needs to revoke their ability to register domains.

Re:Umm....

[Meshach]

From TFA: "We have reviewed your claim and we will contact PlanetDomain and request an FOA (Form of Authorization) for the transfer. If their records also show the same registrant at the time of transfer, we will work with them to see if they can transfer the domain name back. However, they are not required to transfer the domain name back." Not required? As in, he paid for it, it's legally registered to him, and then someone just stole it away and they don't have to give it back? Isn't that theft?

I don't know about theft as much as mismanagement by GoDaddy. If the domain was not expired then it should be reverted back to the rightful owner. If it actually did expire he may be SOL (although that is pretty low of GoDaddy to not at least give him notice).

Gmail problem

[Albanach]

it looks like the big problem here is that 4 years on it's still apparently possible for websites to silently create filters on gmail accounts if a logged in user visits their site. That effectively allows a malicious site to compromise hosting accounts, bank accounts and much more.

Re:Gmail problem

[headkase]

I don't even bother to moderate anymore. I read the comments at -1 because that is the only way to combat moderator abuse. It happens too often that you see a completely worthwhile comment moderated -1. Slashdot's game has been fixed. I blame the "Friend/Foe" system: that let's you instantly know whether to mod up/down if you were so inclined.

Re:Gmail problem

[houstonbofh]

It is only temporary... Go ahead and moderate. Read at -1 and just give points to people unfairly trolled.

Re:So out of curiosity,

[Urza9814]

If only I had mod points. Gandi is by far and without a doubt the best domain registrar out there. Hell, if they were double or even triple the price of GoDaddy, I'd still be using them. (From what I've seen their prices are on par with everyone else.)

Same thing happened back in 2000 to me and others

[Nethead]

http://www.wired.com/politics/law/news/2000/01/33571

Network Solutions' administrative policies are once again being blamed for Internet domain hijackings that took at least brief control over some major Web domains.
Beginning Saturday, an unidentified individual began attempts, some successful, to seize control over domains including major Web hosting service Exodus, Web standards body World Wide Web Consortium and Emory University.
And all the misappropriation required was a simple spoofing of email addresses.

The only good thing about it was getting my name in Wired.

phone number looks like hex string

[jamesh]

Did anyone else notice that the phone number looks like a hex string?

43:54:35:34:55 => CT54U

it doesn't look particularly meaningful unless they were stupid enough to encode a password or something in it.

ICANN

[DaMattster]

Does ICANN offer any assistance with this matter? Can't they just yank the domain back?

Re:Umm....

[wygit]

And the perps haven't deprived the victims of their property? Not sure what you mean here.

With copyright infringement, the original owners still have their stuff. With this, the victim doesn't.