Re: domain name stolen and retrieved the whole story (GoDaddy security mechanism has serious loopholes)

In February 22, 2012, I received an email from GoDaddy in my mailbox. I looked at the previous meaning that my account information was modified, but I didn't say anything was changed. And then, in the following large areas of English, I guess it might be GoDaddy's modification to verify the mail. As long as I don't return it, no link must be all right, so I didn't look at it carefully. However, considering the importance of domain name security, I was immediately landed on my GoDaddy account, very normal to go in, check the account, not found to be modified, the domain name is still still, the domain name information is correct. So I am more sure that the mail is to verify the modification of the operation, originally wanted to change the password for the account, but the GoDaddy server in the United States, we have to open this side is very slow, then a few pages to the card dead, so I gave up, I think the next time to change it, this matter is so overlooked. There it is.

normally, web site owners do not need to log on to the domain name management system frequently. If there is no need to make any changes to the domain name, it is also normal for a long time to not be landed. I generally check a GoDaddy account and domain name for a month or so, but if you go to landing just hit GoDaddy's website, so it seems not to be a big event in my opinion. At the end of March, I plan to visit my account and domain name again, but I can't open GoDaddy's website for half a day. And since GoDaddy didn't send me any mail since February 22nd, I estimated that the hacker might think that I could not change any of my information, so I gave up. I use third party whois functions to query all my domain names, the information is correct, so this time I did not enter my GoDaddy account, but I think my account and domain name is still safe.

until the evening of April 16th, I unintentionally found that all my domain names had been stolen, and the registrants and registered mailboxes of the domain name had all been changed. I immediately realized that something had happened, and I hurried to the GoDaddy account, but I hint that the password was wrong. Then use the GoDaddy web site to retrieve the password function, but the email address is not correct, indicating that the GoDaddy account has been stolen, even the security mailbox has been changed. I just didn't believe my eyes, I had been inquiring many times, and when I landed on the GoDaddy account, I prompted several cipher mistakes, and I confirmed that the domain name had been stolen. At the end of the day, I felt like the sky was falling. I really can't figure out how the hacker had stolen my domain name, because my mailbox hasn't received GoDaddy mail since February 22nd. According to my previous understanding, when hacker changed my account information or domain name information, GoDaddy should send me validation mail, only I confirmed that the modification could take effect. Is it that my mailbox has been stolen? I immediately landed in the mailbox and inquired about the recent login record of the mailbox. Since February 22nd, all the landings of IP are my own, indicating that the mailbox has not been stolen. And even if the real mailbox is stolen, my cell phone will definitely receive SMS notification.

I inquired the whois information of the domain name, and found that the last update time of my 5 domain names (Last Update) was April 8th, I inquired the history of the domain name whois, and the information of the domain name before April 8th was my own, and after April 8th it was the hacker. So we can make sure that these 5 domain names are all transferred on the same day (April 8th), but the hacker did not change the domain name DNS server, that is, no domain name analysis, so my website has been able to open, no one knows the site's domain name has been stolen, which also led me to the April 16. The reason for the discovery of the day. On the night of 16

4, I searched for "GoDaddy stolen" by Baidu, and found many similar cases on the Internet. Not long ago, April 1st April Fool's day, the famous domestic sports events live website "Live Bar" (zhibo8.com) announced that the domain name was stolen, many people even thought that it was April Fool's Day joke. Hackers have copied the "Live Bar" original site, and modified the DNS server, the hacker is full of gambling and gambling on his own "Live Bar" website, but the netizens still think it is the original broadcast of the station stationmaster, because for them this "Live Bar" website has not much change. Only advertising has been changed. 16 days passed, and zhibo8.com still did not bring it back. It seemed that my situation was not optimistic.

now my domain name has been stolen, I must immediately contact the domain name registrar GoDaddy, this is the only way to get the domain name, but I do not know how to contact them, the GoDaddy site provides a phone, but I am not good English, I can not speak in the past. Later, I found the famous GoDaddy domain name of "Ai Qing emperor island", which was stolen within 15 days after the account or domain name was stolen. In 15 days, we could contact GoDaddy and submit the relevant evidence to revoke the previous changes.