> >

Re: domain name stolen and retrieved the whole story (GoDaddy security mechanism has serious loopholes)

time:17-05-26 forum:Foreign domain name registration and virtual host space service
  In the early morning of April 17th, I gave GoDaddy's revocation Department (undo@godaddy.com to deal with domain name modification and revocation operations) in the early morning of April 17th, and told them that my accounts and domain names were stolen in April 8th. They help me. On the second day, they answered me, and I was surprised by the content of the reply, but it still made me very depressed. They said that any dispute over the domain name should be resolved by the domain name arbitration institution or the court. They are not entitled to handle domain name disputes as domain name registrants. But I also noticed that they said a key word, "because the change took too long, we couldn't help you." According to the tutorial, 15 days is the appeal period, my domain name 8 was stolen. I contacted them in the early morning of No. 17 (the local time in the United States should be No. 16 during the day). It was not the last 8 days. Why did they say that the change had been too long? I immediately answered and explained to them. The second letter I said, "I found that the domain name was stolen yesterday immediately contacted you, this domain name was stolen in April 8th only a week, because the hacker did not modify the domain name DNS server, my site has been able to visit so far, causing me not to find the domain name stolen in time. Moreover, I did not receive any GoDaddy notification email in my mailbox, otherwise I would find it stolen earlier. These domain names are very important to me. I ask you to help me. I have enough evidence to prove that these domains are mine. " Because of poor English, I translated these words into English and sent them to them by means of Google translation and Kingsoft word tyrant. The second day, in the early morning of April 19th, they gave me a very concise reply. In a word, "as mentioned earlier, we can't help you because the change has taken too long."

I am not convinced, because I feel that as a manager of the website, it is impossible to check the domain name whois information every day, and go to the domain name management account every day. If hackers steal the domain name but do not modify the domain name DNS, the manager of the website will find it difficult to detect the theft of the domain name. I can find the stolen in 8 days, it is also pure luck, just the day of sudden wonder to check whois information, or a month later to find it is also very possible. Now I contact them within 15 days. Why do they refuse my appeal? So I asked the third emails in a slightly questioning way why I contacted you within 15 days, but you didn't accept it. I ask you to investigate my domain name, and I believe I can provide all the evidence. 30 minutes later, they answered me. The speed was the fastest, but the answer was the simplest: "again, we can't help you because the change has taken too long."

as GoDaddy insists that changes have taken place for too long, I think my domain name might have been stolen before April 8th. In order to understand the whole process of hacking the domain name, I started investigating myself. I looked carefully at the mail that I received in February 22nd, which wrote that my account information had been modified, and that if it was not my own operation, I could contact them. English is not good to kill people, ah, at the beginning, I did not finish this letter carefully, thought it was to confirm the operation, who knew it was just a notification mail, the amendment has come into effect. But what information has been changed? I checked into GoDaddy in February 22nd and found no problems. That's because the hacker only modified the account's confidential email on that day, and the account password, contact information and domain name didn't move. The secret mail box is changing the password page, so I checked that day and found that the password box had been replaced.

I also checked the history of the domain name whois, and found that in the records of March 10th, the last update time of the 52tian.net domain (Last Update) was 2011-05-16, that is, the date I transferred to GoDaddy from the new network, and the records from March 10th to April 8th showed the final update time (Last Update). ) it was in March 10th. Other domain names in this period of time records, the final update time (Last Update) is also all March 10th, in addition to the date field changed, the other information has not changed, it is my own information. It can be concluded that on March 10th, the hacker had an operation on my domain name, which did not modify any information of the domain name, but the Last Update field of the domain name would be refreshed. Because before I transferred the domain name from the new network to GoDaddy, I kept the domain name information unchanged, but Last Update was refreshed. Therefore, it can be determined that the operation of the domain name transferred from the Registrar can achieve any information without changing the domain name, but refresh the Last Update. And at present, some of my domain names are still in GoDaddy, and have not been transferred to other registrars, so in March 10th, the hacker did not turn out the operation, I guess it might be the internal domain name of the Registrar, also called the domain name PUSH. The domain name is transferred from a domain name management account to another domain name management account. The domain name is still in GoDaddy, but is transferred to a different account. In order to verify my conjecture, I specifically re registered 2 accounts and 1 domain names in GoDaddy, and then transfer the domain name from the original account to the new account. In the process of the transfer, there are 2 options, "keep the domain name information unchanged" and "keep the domain name DNS server unchanged", as long as the 2 options are checked, then the subsequent domain Any information of the name will not change, only Last Update is refreshed. From this, I can conclude that the hacker transferred all the domain names in my GoDaddy account to his own account on the same day in March 10th.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15

prev:Anti iframe theft chain detection in HTM... next:Ji'nan's major scenic spots "Baotuan" ac...
post comments
Notice



Approved   Ji'nan municipal government web site...   Commonly used URLs for elderly peopl...   Ji'nan social insurance and professi...   Ji'nan education website   Ji'nan second hand goods transaction...
rand   Youhosting free virtual host, 10G/10...   Mochahost virtual host, purchase 3 y...   Godaddy English space is sealed for ...   KvcWebsiteHosting free virtual host ...   Kvcwebsitehosting has to pay 19.99 o...
ads

other

Because all the contents of this site are reproduced from other media, the intention is to provide free services to the public, but it does not mean that this site agrees with its views, and can not be responsible for the authenticity of its verification, such as the copyright unit or individual of the manuscript does not want to publish on this site, please Contact me, I will immediately remove it, thank you. Contact: atseashawk@163.com