Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.
Daily Diamond

Domain stolen

Status
Not open for further replies.
D

donton

Joined
Jul 25, 2012
Posts
298
Reaction score
60
I woke up this morning to a Webmaster Tools email to say they couldn't access a website I run for a client... strange.

I logged into my Namecheap account and the domain name is still there. I checked the Whois on it, and it has been changed to some organisation in the USA. Having Googled the address, it seems to be a Whois privacy address.

I have no idea who or how they've managed to hijack this domain, all the other names I hold are absolutely fine.

The domain is set to expire in April, but it has already been suspended by Nominet and the site is no longer loading (the hijackers haven't changed the DNS settings).

Aside from contacting Nominet, is there anything else I can do? This client will go bat shit crazy when I tell them what has happened on Monday morning!

Thanks in advance!
 
Domain Summit 2024
If its a co.uk can you log into the nominet control panel associated with the email address see if its still there
 
donton said:
The domain is set to expire in April, but it has already been suspended by Nominet and the site is no longer loading (the hijackers haven't changed the DNS settings).
Click to expand...

How long have you been a member Donton and you don't know how the .UK drop cycle works? :p

http://www.nominet.org.uk/uk-domain-names/manage-your-domain/renew

When a .UK domain name is suspended all services that use the domain name will stop working

Do you mean the domains actual expiry date is in April or cancellation date? .UK domains get suspended 30 days after expiry, if that in the case you just need to renew

If it's suspended early then there must be a special circumstance

Are you sure the company themselves didn't change to a private whois?

Whichever way I'm sure nominet will be able to fix it for you monday if you get in contact so don't panic too much, but the registrant will have to do it themselves.
 
Yes, it's a .co.uk. I've already had a look in my Nominet account and it has gone. The thing is, there are 20+ better domains in there, so I have no idea why they've taken this one. I've already changed all passwords etc.

I guess I'll have to wait until Monday to discuss with Nominet on the telephone.
 
My guess is someone has reported it for incorrect details / dissolved company etc has there been any contact from nom
 
Murray said:
How long have you been a member Donton and you don't know how the .UK drop cycle works? :p

http://www.nominet.org.uk/uk-domain-names/manage-your-domain/renew

When a .UK domain name is suspended all services that use the domain name will stop working

Do you mean the domains actual expiry date is in April or cancellation date? .UK domains get suspended 30 days after expiry

If it's suspended early then there must be a special circumstance

Whichever way I'm sure nominet will be able to fix it for you monday if you get in contact so don't panic too much.
Click to expand...

The domain's expiry date is 17th April, but it is already suspended. I'm not overly familiar with the ins and outs of the drop cycle, but suspending it six weeks early doesn't sound correct to me...
 
AssetDomains said:
My guess is someone has reported it for incorrect details / dissolved company etc has there been any contact from nom
Click to expand...

I haven't heard a peep from them, otherwise I would have replied/complied. I'll give them a call on Monday. All the other domains in that Nominet account have correct Whois info, so I'm not too sure why this one wouldn't have.
 
Have you contacted Namecheap about this?

Could it be a Namecheap privacy address that is now showing in the whois?
 
NamesCheap assuming still on their tag, can update the admin email, back into your com account, I would get that done ASAP but said attack (if there is one) transfers it out.
 
Thanks for the advice guys, I just spoke to someone from Namecheap and they've forwarded it to their legal & abuse team for me.

Murray had a look at the domain in question, and found three other names registered on the same day, that have all been hijacked by the same person or organisation. Not sure if it's a Nom glitch, or a Namecheap glitch, or just a huge coincidence.



The domain of mine that looks to have been hijacked is:

<removed>

(This domain was hand regd on 17th April 2013 by myself, it wasn't drop caught or anything, and to my knowledge it has never been regd before.)

Three other domains that have appear to identical reg dates and registrant info are:
<removed>

(I have never seen any of the above three domains, they aren't/weren't mine. These three domains all seem to be suspended early too.)

If anyone can shed any light, or has any ideas, I'd appreciate it. Thanks!
 
Last edited:
Whois now shows as Muslims Dialogue. I'd imagine they were pointed at something dodgy maybe a radical site so nominet has suspended them.
Get Name to speak to nominet direct there is an out of hours numbers for registrars to use.
 
AssetDomains said:
Whois now shows as Muslims Dialogue. I'd imagine they were pointed at something dodgy maybe a radical site so nominet has suspended them.
Get Name to speak to nominet direct there is an out of hours numbers for registrars to use.
Click to expand...

It's weird though, because I found 4 uk's owned by them (just from googling the right things)

http://webwhois.nic.uk/cgi-bin/webwhois.cgi?wvw7yesk=3hryr4hby3&wquery=northernbirmancatclub.co.uk

^ Being one

Every domain has the same registration details

Relevant dates:
Registered on: 17-Apr-2013
Expiry date: 17-Apr-2014
Last updated: 25-Feb-2014
Click to expand...

Maybe Namecheap messed up on the original day they were all registered and you had control of it in your account Donton but the whois was never right.. maybe.

Do you know 100% the whois has been right up until recently?.
 
Cheers for the replies.

@Murray, it was in my main Nom account and all the other Whois info is correct. I can't say for sure though as I don't ever recall whoising the name to check. Of course, I will do so in future!

Probably time I looked into getting my own tag I think.
 
I spoke to Nominet on the phone, and they said this Whois information has always been associated with the domain. Therefore, it looks like a glitch at the time of registration.

I have the invoice and payment confirmation in front of me for the domain, so I'm not going mad - I actually did register it. It's also in my Namecheap account, and I've always been able to manipulate the nameservers. I'm guessing there was some kind of bug/glitch between Namecheap and Nominet when processing the registration command.

This has actually happened once before to me on a .org.uk domain - luckily that domain wasn't valuable or important so I just left it. At the time I thought I was going insane, how could Nominet/Namecheap possibly be wrong? I've just dug out the invoice though, and it's an identical scenario (but with a different registrant).

Nominet said I need to get some kind of confirmation from Namecheap that this domain was part of a glitch, and that I should have been the named registrant from day one. I'm seriously skeptical as to whether I'm going to get anything like that from Namecheap, unfortunately.

Does anyone have any suggestions of who to talk to at Namecheap to get this domain name back? I have already spoken to their support team and they have been most unhelpful.
 
Glad you are on the way to getting it sorted and you know your Nominet account wasn't hacked (big worry for us all!).

I'm sure Namecheap will help you sort this, but if they don't go back to Nominet and ask them to contact Namecheap on your behalf. None of this is your fault and Namecheap were acting on Nominet's behalf when you paid for the name.

None of the above explains why the name was suspended before its renewal date. Did Nominet say why it had been suspended?
 
Hi Donton/Nick, that is so strange! So basically it was reg'd to them from the start (rightly or wrongly), but you were able to change nameservers/host a site on there. On the bright side they haven't renewed it so it may drop so you can catch it. Will send you a pm now.
 
donton said:
I spoke to Nominet on the phone, and they said this Whois information has always been associated with the domain. Therefore, it looks like a glitch at the time of registration.
Click to expand...

My sleuthing and deduction was spot on :cool:

I hope you can get namescheap to sort out their mess.

@diablo probably because they can't associate the whois to any actual real person or company

Looking at the archives for the domains they weren't used for anything illegal or worrying.
 
Thanks for the replies, guys.

They wouldn't discuss the exact reason why the domain was suspended, as it's not my name on the domain, but they said it was most likely due to being regd as an "individual" yet the name is "Muslim Dialogue" - which obviously isn't a real name.

Will try and get Namecheap to help me now, fingers crossed!
 
I had a reply from Namecheap on Monday afternoon to say "We have passed the details of the issue to our upstream provider for further investigation."

I didn't hear anything back, so asked for an update on Wednesday evening. I still haven't heard back from them.

I don't suppose anyone has an email address for their CEO, Richard Kirkendall? I know he's on a few hosting forums, so I guess I'll have to sign up to one and PM him.
 
Status
Not open for further replies.

Similar threads

alex
How can I track down lost access to a .com?
Replies
17
Views
1K
Rolandas Japertas
Rolandas Japertas
Acorn Newsbot
Nominet Q&A: ‘Everyone’s experiences are unique’- Nominet’s Lara Howlett on D&I in tech
Replies
0
Views
114
Acorn Newsbot
Acorn Newsbot
KevDI
Domain Incite .home, .mail and .corp could get unbanned
Replies
0
Views
85
KevDI
KevDI
Acorn Newsbot
Nominet Where next for global governance of the online world?
Replies
0
Views
168
Acorn Newsbot
Acorn Newsbot
Acorn Newsbot
Nominet Internet Matters and Nominet identify methods to prevent the spread of self-generated child...
Replies
0
Views
132
Acorn Newsbot
Acorn Newsbot

The Rule #1

Do not insult any other member. Be polite and do business. Thank you!

Members online

Total: 913 (members: 18, guests: 895)

Featured Services

Sedo - it.com Premiums

IT.com

Premium Members

AucDom
UKBackorder
Register for the auction

Latest Comments

Spread the Word!

Acorn Domains Merch
MariaBuy Marketplace

New Threads

Domain Forum Friends

Other domain-related communities we can recommend.

Our Mods' Businesses

Perfect
Service
Laskos
*the exceptional businesses of our esteemed moderators
Top Bottom