If you follow me on Twitter or Facebook you probably already know that FamousBloggers.net’s domain name was stolen from my GoDaddy account. After four long days of pain. Finally, FamousBloggers is up and running, thanks to God and the great blogging community, without your support; this story would have been written in a completely different scenario, and the hard work we put together to build this site could become history.
Domain name theft is not new, it happens everyday, crackers are out there hunting domains and blackmailing site owners.
According to GoDaddy, the domain thief hacked my GoDaddy account, he logged in and did a transfer to two of my domains names to another registrar Active Registrar Inc.
Right after that, he sent me an email telling me he purchased my domain names, and he is offering them for sale, he asked for 999 USD for both. (so basically this is a blackmail).
I have exactly 31 domain names with GoDaddy, the strange thing is I found out that only two domain names was stolen FamousBloggers.net and ThesisAwesome.com, so it appears that the domain thief picked only my valuable domains and left the rest. He also didn’t change anything in my account at all. However, I didn’t get any email notification of domain transfer, which doesn’t make sense, and also GoDaddy can’t explain it, which lead me to think the same way Gerald Weber pointed out on his comment (Is it possible that this thief has someone on the indside of Godaddy helping him make the stealing of domains easier?) which also keep me wondering… Is GoDaddy’s the two-step authentication safe?
How he got my account password?
I am not sure, and I really don’t know! But I can say that no one hacked my Gmail email as the account activities show, I just think that my GoDaddy’s password wasn’t strong enough. So, I admit it, I am sharing part of the responsibility.
Also, I use to Sucuri.net to monitor my hosting and DNS changes on almost all my sites, but for some reason I didn’t check their latest warnings, maybe because JectPack plugin (which I am installing on my blogs) do a lot of changes to their scripts and this leaded to several email notifications by Sucuri, so I just didn’t pay attentions to these notifications in the last coupe of months. (my bad)
Now, let me tell you how I actually got my sites up and running in only 4 days, and got a deal with Active Registrar Inc. (the gainer registrar) to request a reverse of domain transfer back to my account.
How I got my Domain Names Back
I’ve got a lot of requests from my friends and fellow bloggers to tell what I did exactly to bring back my domain names so quick, so I will try to make it short and straight to the point, hofully the steps I’ve taken could help someone out there, and save them some time!
Here is the steps I did when I first heard that someone else is taking over my domain names:
- I called my domain registrar by phone, which was GoDaddy and reported to them.
- They asked me to file a Request for Dispute on Transfer Away.
- I started to read about other domain stolen cases. Make sure you read this ICANN page.
- I took the whole story to the public, published about it, and share it everywhere!
- I asked my friends for help, advice and spread my story.
- I was reading and studding every single advice was given to me in comments & social media.
- I reported to the FBI (fbi.gov)
- I filed a dispute to Active Registrar Inc.
- I report abuse to email@example.com (free DNS service that my domain names was pointing).
- I kept updating my post with hourly break down of events. (I almost didn’t sleep for 4 days)
Documents I needed I provide to Active Registrar Inc.
- Scanned copy of my valid driver license and ID.
- Copies of domain purchase orders and payment proof.
- Emails that were sent to me from the domain thief.
Things that helped me to speed up the process
- I sent a link to my blog post to all involved parties to show them how serious this community is.
- The social media buzz (an average of a tweet/10 minutes was made to @GoDaddy from my fellows)
- FBI report was a good idea (maybe they can put the thief behind bars)
Just for the records
GoDaddy failed in reaching Active Registrar Inc. on their first attempt, Active Registrar Inc. have told me they received only one dispute request from GoDaddy.
This could cause a tragedy!
Anyways, when GoDaddy told me they have to wait for 5 days to heard back from Active Registrar Inc. I decided to contact Active Registrar Inc. by myself because I am not stupid to wait for 5 days, plus I can’t play the waiting game for 5 days!
That’s why I felt that GoDaddy’s staff are way far from being professionals in solving such problems, at least this is what shows in my case.
Special thanks to everyone who supported me!
To everyone who supported me in this hard time, I really can’t thank you All enough, I know who you are, without you I couldn’t make it!
Thanks to all those who provided me with honest and helpful advice.
I couldn’t hold back my tears when I saw your comments, tweet, shares.. pushing and encouraging me to continue my fight!
You are just amazing… Amazing!
Special thanks to Active Registrar Inc.
I can’t thank enough the team over Active Registrar Inc. for their understanding, timely respond, and effective decisions.
- In 24 hours the domain names was suspended!
- In 48 my domain names was pointing to the correct DNS.
- And, a domain transfer reverse was placed!
Read the full story and hourly breakdown of events.
How my Business and Sites were affected?
It seems that 4 days down time is not that bad, but I can tell that my online business was affected so badly in the last 4 days when my domains was stolen and sites were down, I can’t afford to have my sites down for 4 days, this is too much time, really!
Speaking about Business…
By looking to my income reports, I estimated my loss to something around $1600, needless to speak about the lost opportunity and those deals I were working on with some partners (which I’ve already lost).
How this affected my site traffic and rankings? Is it coming back?
I can clearly see that Google dropped a huge percentage of indexed pages during the last 4 days, this wasn’t good because FamousBloggers.net gets more than 50% of its traffic from search. So, this is a huge traffic loss.
Here is a screenshot of FamousBloggers stats today (Monday, July 30, 2012):
FamousBloggers has exactly 1,233 posts at the time of writing this post. It’s hard to tell at this point if traffic is coming back or not, I see that Google started to re-index the dropped posts again, but now I am not sure if the boots will reach deeper and re-index them all back.
Speaking about rankings, I see clearly that I’ve lost almost all my best ranking posts and reviews, which will affect my income in the coming couple of months or so, I hope it won’t be a big loss.
My PayPal account is on hold!
I Just got off of phone call with PayPal, I just found out that my account has been under attack, so PayPal locked it so quickly. They’ve told me that someone did several failed trying to login to my account, so the system locked it till I can verify it. And guess what?! Even the customer service can’t verify my account!
PayPal customer service told me that: It looks like your account was on hold at the maximum security, so the only way to verify your account is phone call verification which can be done through a land line. (who still have one of these?!)
Now, I am forced to apply for a land line to verify my PayPal account. I called ComCast and ordered the land line, but appointment is set for next Friday, what a nightmare!
The results is I won’t be able to pay any affiliate commissions for ThesisAwesome.com affiliates till I solve my PayPal issues and remove the account hold! (thanks to the cracker)
Is GoDaddy Secure?
The short answer is “Yes”, how? simply because they have two-step authentication, which was not enabled in my account that time when my account hacked, and probably that’s why the domain thief (the Cracker) was able to hack my GoDaddy account and figure out my password.
Why I will Move From GoDaddy?
Note: What you are about to read below is only my personal opinion based on my bad experience with GoDaddy.
I will move my domains and cancel my hosting account with GoDaddy for several reasons, the most important reason is they didn’t really help me out getting my domain names back, yes they did what they can, what that wasn’t good enough!
If you follow my story, you will see clearly that GoDaddy:
- Didn’t protect me as a client!
- Didn’t show any responsibility!
- Didn’t take a quick action (I was much faster than them)
- They fail in making the first dispute reach Active Registrar Inc.
- Complicated things (they work officially but unprofessionally)
- Didn’t respond to my request to provide required data to Active Registrar Inc.
- Was about to delay the whole thing for months.
- They were “almost” about to take it personal (because Active Registrar Inc ignored their late request).
- They were the last who knows that I got my domains back! (Really?!)
Here is some other reasons why I will move from GoDaddy for good:
1- Their support sucks
I’ve been with GoDaddy enough to tell that their support really sucks compared to other web hosting companies.
FYI, I have worked with HostGator and BlueHost a lot in the last couple of years, and I am able to solve 90% of my clients’ issues without having an access to their hosting accounts. How?
I contact their support, I tell them about the problem, they simply respond and solve it! (It’s not a rocket since, it’s business)
Dealing with GoDaddy’s support team is a different story, NOT all the team members are qualified to provide a proper support for clients, if you are lucky enough you will make it from the first phone call, but in most cases it takes more than one phone call to solve a simple problem.
2- Almost 100% of GoDaddy’s employee can’t make decisions or take actions
You see, in our speedy world, I think companies tend to give more power to their employee and encourage them to make business decisions and take quick actions. The age of hiring dumb people who just made to be followers ended a long time ago! Now, companies seeks people who solve problems.
Personally, I never met someone at GoDaddy who can take a decision towards the client’s business or provide a good solution for a problem, I met only with those who give excuses, apologize a lot, and say “they can’t do anything about it”.
3- Their marketing guys make me feel sick!
Once I got contacted by email from one of GoDaddy’s marketing managers, he mentioned an exclusive discount for FamousBloggers’ readers, and try to convincing me to work with them on the affiliate program to promote GoDaddy’s domain names. I decided to discuss with him because I like to give discounts and free stuff for FamousBloggers’ friends and readers, and because he promised me a big exclusive discount especially for domain names.
I thought this will be easy because he is the one who contacted me, so he must give me a good offer. Needless to say, our discussing took more than two weeks of ping pong emails because each time I sent him an email, he reply to me that he have discuss with his manager and get back to me (WTF? I thought he is a manager from the title in his email signature)
Latter, I discovered that he was offering me the same discount that GoDaddy give to all affiliates. So, I told him if you can’t get me in the exclusive discount coupons for domain names then we better end this discussion. What a time waste!
Why you offer me something that you can’t give?
4- Too much upsells and tons of promotions hit you on the face.
Yes, they can give you good domain prices, but it’s insanely crazy how they designed the checkout process, how many times you have to say “NO” to the stuff they push on your way just to simply checkout and leave?!
Also, it’s well known that when you search available domain names in GoDaddy today, in some cases you just find them unavailable in the next day, you will be surprised that you have to pay extra to get those specific domain names. Some people think that GoDaddy do a trick to charge you more money to get those domains you were looking for. This happened with me, and also to other people who I know.
5- They suspend your hosting for whatever reason!
Basically because their shared hosting is one of the worst ever, and of course because shared hosts has 100 to 200 sites on the same server, you could easily get hurt by any bad code on any of those sites who share same space. When problems happen you will discover that you must to take off your shirt to get GoDaddy’s attention!
At the end all what you get from GoDaddy is: “This is not our responsibility“!
Where I will host my domain names?
I won’t put my domain names in one account anymore, I will probably have more than one registrar, I am between NameCheap, and Active Registrar Inc. (Let me know which domain registrar you recommend, I am hearing you).
Soon, I will transfer my domains away from GoDaddy.
Who shared the story?
A few of my fellow bloggers shared the story of my stolen domain names, and provided great advice and tips for blog owners to help them secure their domain names, web hosting, and their valuable business. I am so thankful!
- Famous Bloggers Founder Loses Domain Names – SmallBizTrends.com
- Blog Stolen from GoDaddy Account – JustinGermino.com
- Think Before Buying or Hosting your Domain on GoDaddy! – PratikDholakiya.com
- Is GoDaddy still secure? – ToStartBlogging.com
- Protect your Domain Name From Low Life Thieves – LetsBuildWebsites.com
- Stolen Domains: A Horror Story of Being Hacked – ITPixie.com
- A Shout out for FamousBloggers – IBlogZone.com
- How to Increase Domain Name Security : Avoid Domain Theft – WPHostingDiscount.com
- Domain Theft: Is Your Domain Name Safe from Hackers? – BloggingTips.com
- FamousBloggers.net is Stolen – PRLInternetMarketing.com
- Hacked Account – Lawmacs.com
- Enable 2-Step Authentication on GoDaddy to Protect your Domains – TechWalls.com
- Domain “Famousbloggers.net” Hijacked Over The Weekend – NetProEarnings.com
- @hishaman @FamousBloggers Net Nightmare Over! – Dave-Lucas.blogspot.com
- One Man’s Fight for his Stolen Domains – HajraKvetches.com
- How To Make a Better Password – VinnyOhare.com
- The 10 Things You Need to Know to Secure Your WordPress Site – ManageWP.com
What I’ve earned!
You see, I now believe in the blogging community more than ever, it doesn’t matter what I’ve lost, really! Because what I’ve won and eared is much much more!
I just can’t explain it with words, only my tears can tell, it’s more than love!
Stay safe.. and.. a BIG…
Image © Subbotina Anna, Lina_S – Fotolia.com