How secure is your domain?
Most of you probably think your domains are safe. After all, it isn’t every day that somebody would steal a domain. Even if domains could be stolen hackers are more likely to try and grab ebay.com than your blog, right?
I’ve just finished reading this shocking story about how David had a filter installed in his Gmail account using an XSS vulnerability. The filter forwarded certain emails, including important ones from his registrar, to a hacker. The hacker was then able to take control of his domain and steal it.
David now has lost his domain and has to take court action to recover it. Since David is in the UK and the new registrar, Godaddy, is in the US I’m guessing this won’t be too easy.
The one saving grace in all this is that David still has his Feedburner subscribers, if he didn’t use Feedburner they would be lost as well.
How secure is your domain?
Categories: Blogging
Bookmark: 
| 
| 
| 
| 
| 
Read some similar posts
How MySpace.co.uk could have won the battle
SEO mis-information from Go Daddy
Patriotic Scots want their own domain extension
Write your website address on dollar bills
LaunchTags: new revenue sharing blog network
Hi Patrick,
Thanks for helping bring this situation to light. I’m of the opinion that there are many other GMail users who currently have these malicious filters applied to their accounts.
It seems they’ve been around a while, but it took something like this to make me aware of it.
I hope you have a great xmas.
David Airey December 24, 2007 11:57 am | Reply
Wow that really sucks! He’s having the worst luck with Google this year.
Sucker December 24, 2007 2:00 pm | Reply
I never use Gmail or any other web service for important stuff, Web Services are good for day to day stuff but not for you important information. (Hmmm… I wonder why all those web apps are not catching the corporate market?)
James December 24, 2007 5:13 pm | Reply
Yikes! After reading Davids story, I looked at the filter settings for my Gmail account and there were two filters that I don’t remember ever setting. There’s no sign of any trouble, but I’m sure going on a password changing rampage this afternoon. Thanks for the heads up!
Chris Bloczynski December 24, 2007 5:15 pm | Reply
I have also attended a few seminars where I have heard black hat SEO people talk about ICANN complaints where domain whois information is incorrect. A common one is where a commercial domain is registered to an individual. ICANN can investigate these and drop domains if they are found incorrect.
In short, ensure your Whois info is correct and check the linked email account!
Andrew Mason December 24, 2007 6:52 pm | Reply
Wow that sucks.
I am assuming that the filters can be seen and deleted in the Gmail settings correct?
Of course you have to look for them, but I think I will start checking periodically from now on.
Jeremy Luebke December 25, 2007 2:38 am | Reply
Scary as hell to get domains stolen. I try to monitor mine everyday to make sure.
Sammy Ashouri December 25, 2007 9:40 am | Reply
Jeez! I did not of that!!! thanks for the info bro
Sid December 25, 2007 11:42 am | Reply
That sucks! I can’t stand crooks. People sit around with nothing better to do then come up with ways to rob people. I hope everything works out for David.
Edward December 26, 2007 9:42 am | Reply
What a horror story!
The other issue with domains and emails is more banal but even more dangerous.
Quite a few registrar notices (especially GoDaddy) go into spam folders.
So the spam onslaught will cost people thousands of domains as they just don’t see their domain names. I’m moving to an offline checking system (no longer counting on the registrars).
I hope David gets his domain back (and soon!).
Wordpress SEO December 31, 2007 3:08 am | Reply