Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.

Domain stolen

Discussion in 'Domain Name Scams' started by donton, Mar 1, 2014.

Thread Status:
Not open for further replies.
  1. donton United Kingdom

    donton Active Member

    Joined:
    Jul 2012
    Posts:
    298
    Likes Received:
    29
    I woke up this morning to a Webmaster Tools email to say they couldn't access a website I run for a client... strange.

    I logged into my Namecheap account and the domain name is still there. I checked the Whois on it, and it has been changed to some organisation in the USA. Having Googled the address, it seems to be a Whois privacy address.

    I have no idea who or how they've managed to hijack this domain, all the other names I hold are absolutely fine.

    The domain is set to expire in April, but it has already been suspended by Nominet and the site is no longer loading (the hijackers haven't changed the DNS settings).

    Aside from contacting Nominet, is there anything else I can do? This client will go bat shit crazy when I tell them what has happened on Monday morning!

    Thanks in advance!
     
  2. Domain Forum

    Acorn Domains Elite Member

    Joined:
    1999
    Messages:
    Many
    Likes Received:
    Lots
    IWA Meetup
     
  3. AssetDomains

    AssetDomains Well-Known Member

    Joined:
    Feb 2010
    Posts:
    3,062
    Likes Received:
    76
    If its a co.uk can you log into the nominet control panel associated with the email address see if its still there
     
  4. Murray

    Murray Well-Known Member

    Joined:
    Sep 2012
    Posts:
    4,261
    Likes Received:
    432
    How long have you been a member Donton and you don't know how the .UK drop cycle works? :p

    http://www.nominet.org.uk/uk-domain-names/manage-your-domain/renew

    When a .UK domain name is suspended all services that use the domain name will stop working

    Do you mean the domains actual expiry date is in April or cancellation date? .UK domains get suspended 30 days after expiry, if that in the case you just need to renew

    If it's suspended early then there must be a special circumstance

    Are you sure the company themselves didn't change to a private whois?

    Whichever way I'm sure nominet will be able to fix it for you monday if you get in contact so don't panic too much, but the registrant will have to do it themselves.
     
  5. donton United Kingdom

    donton Active Member

    Joined:
    Jul 2012
    Posts:
    298
    Likes Received:
    29
    Yes, it's a .co.uk. I've already had a look in my Nominet account and it has gone. The thing is, there are 20+ better domains in there, so I have no idea why they've taken this one. I've already changed all passwords etc.

    I guess I'll have to wait until Monday to discuss with Nominet on the telephone.
     
  6. AssetDomains

    AssetDomains Well-Known Member

    Joined:
    Feb 2010
    Posts:
    3,062
    Likes Received:
    76
    My guess is someone has reported it for incorrect details / dissolved company etc has there been any contact from nom
     
  7. donton United Kingdom

    donton Active Member

    Joined:
    Jul 2012
    Posts:
    298
    Likes Received:
    29
    The domain's expiry date is 17th April, but it is already suspended. I'm not overly familiar with the ins and outs of the drop cycle, but suspending it six weeks early doesn't sound correct to me...
     
  8. donton United Kingdom

    donton Active Member

    Joined:
    Jul 2012
    Posts:
    298
    Likes Received:
    29
    I haven't heard a peep from them, otherwise I would have replied/complied. I'll give them a call on Monday. All the other domains in that Nominet account have correct Whois info, so I'm not too sure why this one wouldn't have.
     
  9. diablo

    diablo Well-Known Member

    Joined:
    Nov 2005
    Posts:
    2,331
    Likes Received:
    222
    Have you contacted Namecheap about this?

    Could it be a Namecheap privacy address that is now showing in the whois?
     
  10. Skinner

    Skinner Well-Known Member

    Joined:
    Jul 2008
    Posts:
    4,616
    Likes Received:
    140
    NamesCheap assuming still on their tag, can update the admin email, back into your com account, I would get that done ASAP but said attack (if there is one) transfers it out.
     
  11. donton United Kingdom

    donton Active Member

    Joined:
    Jul 2012
    Posts:
    298
    Likes Received:
    29
    Thanks for the advice guys, I just spoke to someone from Namecheap and they've forwarded it to their legal & abuse team for me.

    Murray had a look at the domain in question, and found three other names registered on the same day, that have all been hijacked by the same person or organisation. Not sure if it's a Nom glitch, or a Namecheap glitch, or just a huge coincidence.



    The domain of mine that looks to have been hijacked is:

    <removed>

    (This domain was hand regd on 17th April 2013 by myself, it wasn't drop caught or anything, and to my knowledge it has never been regd before.)

    Three other domains that have appear to identical reg dates and registrant info are:
    <removed>

    (I have never seen any of the above three domains, they aren't/weren't mine. These three domains all seem to be suspended early too.)

    If anyone can shed any light, or has any ideas, I'd appreciate it. Thanks!
     
    Last edited: Mar 3, 2014
  12. Systreg

    Systreg Well-Known Member

    Joined:
    Oct 2008
    Posts:
    8,110
    Likes Received:
    397
    Last edited: Mar 1, 2014
  13. AssetDomains

    AssetDomains Well-Known Member

    Joined:
    Feb 2010
    Posts:
    3,062
    Likes Received:
    76
    Whois now shows as Muslims Dialogue. I'd imagine they were pointed at something dodgy maybe a radical site so nominet has suspended them.
    Get Name to speak to nominet direct there is an out of hours numbers for registrars to use.
     
  14. Murray

    Murray Well-Known Member

    Joined:
    Sep 2012
    Posts:
    4,261
    Likes Received:
    432
    It's weird though, because I found 4 uk's owned by them (just from googling the right things)

    http://webwhois.nic.uk/cgi-bin/webwhois.cgi?wvw7yesk=3hryr4hby3&wquery=northernbirmancatclub.co.uk

    ^ Being one

    Every domain has the same registration details

    Maybe Namecheap messed up on the original day they were all registered and you had control of it in your account Donton but the whois was never right.. maybe.

    Do you know 100% the whois has been right up until recently?.
     
  15. donton United Kingdom

    donton Active Member

    Joined:
    Jul 2012
    Posts:
    298
    Likes Received:
    29
    Cheers for the replies.

    @Murray, it was in my main Nom account and all the other Whois info is correct. I can't say for sure though as I don't ever recall whoising the name to check. Of course, I will do so in future!

    Probably time I looked into getting my own tag I think.
     
  16. donton United Kingdom

    donton Active Member

    Joined:
    Jul 2012
    Posts:
    298
    Likes Received:
    29
    I spoke to Nominet on the phone, and they said this Whois information has always been associated with the domain. Therefore, it looks like a glitch at the time of registration.

    I have the invoice and payment confirmation in front of me for the domain, so I'm not going mad - I actually did register it. It's also in my Namecheap account, and I've always been able to manipulate the nameservers. I'm guessing there was some kind of bug/glitch between Namecheap and Nominet when processing the registration command.

    This has actually happened once before to me on a .org.uk domain - luckily that domain wasn't valuable or important so I just left it. At the time I thought I was going insane, how could Nominet/Namecheap possibly be wrong? I've just dug out the invoice though, and it's an identical scenario (but with a different registrant).

    Nominet said I need to get some kind of confirmation from Namecheap that this domain was part of a glitch, and that I should have been the named registrant from day one. I'm seriously skeptical as to whether I'm going to get anything like that from Namecheap, unfortunately.

    Does anyone have any suggestions of who to talk to at Namecheap to get this domain name back? I have already spoken to their support team and they have been most unhelpful.
     
  17. diablo

    diablo Well-Known Member

    Joined:
    Nov 2005
    Posts:
    2,331
    Likes Received:
    222
    Glad you are on the way to getting it sorted and you know your Nominet account wasn't hacked (big worry for us all!).

    I'm sure Namecheap will help you sort this, but if they don't go back to Nominet and ask them to contact Namecheap on your behalf. None of this is your fault and Namecheap were acting on Nominet's behalf when you paid for the name.

    None of the above explains why the name was suspended before its renewal date. Did Nominet say why it had been suspended?
     
  18. dragon

    dragon Well-Known Member

    Joined:
    Sep 2008
    Posts:
    1,209
    Likes Received:
    29
    Hi Donton/Nick, that is so strange! So basically it was reg'd to them from the start (rightly or wrongly), but you were able to change nameservers/host a site on there. On the bright side they haven't renewed it so it may drop so you can catch it. Will send you a pm now.
     
  19. Murray

    Murray Well-Known Member

    Joined:
    Sep 2012
    Posts:
    4,261
    Likes Received:
    432
    My sleuthing and deduction was spot on :cool:

    I hope you can get namescheap to sort out their mess.

    @diablo probably because they can't associate the whois to any actual real person or company

    Looking at the archives for the domains they weren't used for anything illegal or worrying.
     
  20. donton United Kingdom

    donton Active Member

    Joined:
    Jul 2012
    Posts:
    298
    Likes Received:
    29
    Thanks for the replies, guys.

    They wouldn't discuss the exact reason why the domain was suspended, as it's not my name on the domain, but they said it was most likely due to being regd as an "individual" yet the name is "Muslim Dialogue" - which obviously isn't a real name.

    Will try and get Namecheap to help me now, fingers crossed!
     
  21. donton United Kingdom

    donton Active Member

    Joined:
    Jul 2012
    Posts:
    298
    Likes Received:
    29
    I had a reply from Namecheap on Monday afternoon to say "We have passed the details of the issue to our upstream provider for further investigation."

    I didn't hear anything back, so asked for an update on Wednesday evening. I still haven't heard back from them.

    I don't suppose anyone has an email address for their CEO, Richard Kirkendall? I know he's on a few hosting forums, so I guess I'll have to sign up to one and PM him.
     
Thread Status:
Not open for further replies.