Godaddy Allows Unauthorized Domain Hijack
My friend and co-worker Dan Spencer was recently a victim to a domain thief. His site flyguydesigns.com and domain was hosted with godaddy one day, and then before he knew it, they allowed an unauthorized transfer of ownership to the domain and hosting account. After making over 10 calls yesterday to them, the summary is that they can’t help him. The hijacker has converted all of his “buy now” buttons into his/her own paypal account, and when a customer makes a purchase, they don’t receive any product. Not only is this a complete violation, but his reputation is now on the line. After years of building up traffic and sales from lots of hard work, it’s hard to believe that someone like godaddy would allow such a thing.
For the time being, don’t purchase anything from his site. If/when he gets this resolved, I will post again.
Jarad Johnson has a few words to say about this. Other comments and info on the Departika blog.
UPDATE
Thanks to commenter below for providing information on how digg helped David Airey get his domain name back, I’ve decided to push the digg thing a little harder and see if we can’t try and help out Dan a bit. Please take a second and digg it up.
May 7th, 2008 at 2:10 pm
ok, this is quite scary. i hope it is resolved soon. what a disaster!
May 7th, 2008 at 6:20 pm
Digg it up folks:
http://digg.com/tech_news/GoDaddy_Allows_Unauthorized_Domain_Hijack
May 7th, 2008 at 11:28 pm
Same thing happened to me awhile back.
May 8th, 2008 at 5:04 am
Jillian, was it ever resolved? Any tips on helping him out?
May 8th, 2008 at 10:32 am
That’s really bad. I’m sorry for him but Godaddy’s Support had NEVER helped me in any thing I asked for and I lost one of my domains because of them so I’m Transferring all my domains to new register.
May 8th, 2008 at 7:52 pm
I’m sure you’ve done this by now but others experiencing similar distress may not think of it in their panic.
Be sure to contact PayPal. Be sure to speak to a human by voice because, honestly, no one wants to talk to a machine. Not even yours.
Have as much information as possible ready before you call. It takes time but if you’re on top of your problem (aka, have done your share of investigative work), the problem will be resolved much faster.
Primarily, be ready to provide the date and time of the hijack (to the best of your ability).
Thumbing this up in Stumble to increase exposure for what it’s worth. I’m no power user but perhaps one of them will follow suit.
Best of luck.
May 9th, 2008 at 3:15 am
This is very bad, I hope this problem will resolved very soon
May 9th, 2008 at 12:14 pm
So the hijacker is now offering product and taking payment for it without delivering any, and possibly claiming to be you while doing so? I’m sure that’s illegal in at least a couple of ways.
May 9th, 2008 at 12:16 pm
That’s correct. He’s claiming to be Dan Spencer. It’s illegal in the US for sure. Not sure how that law plays in other countries if that’s the case.
May 9th, 2008 at 12:25 pm
Thats why we left the shits - happened with a couple of my websites
May 9th, 2008 at 12:44 pm
What has taken place is morally and legally wrong on many grounds. Now I’m no lawyer, but he has taken someone’s identity and is using it to scam people correct?
What this impostor / thief has done is, committed multiple accounts of fraud, Identity theft, etc. I’m from Australia by the way, and I know that the USA doesn’t taken Identity theft and Fraud funny.
Good luck with this. Let me know if there is anything I can help with.
May 9th, 2008 at 12:48 pm
Dwayne, yes. That’s exactly right. He now has all of Dan’s files on another host of which dan has no access too, and has ownership of the domain as well.
May 9th, 2008 at 1:02 pm
Stumbled :)
Many of our web design clients have already purchased Godaddy accounts and just *won’t* switch to something more reliable. I want to help them have the best web presence possible!
For instance, we use A2 hosting for our site and they actually send us e-mail notifications regarding downtime.
Godaddy certainly doesn’t let us know, and when we figure it out (usually through a panicked client), they usually just direct us to a support forum.
Turns out that just because their Super Bowl advertising has lots of skin, it doesn’t mean they provide good service.
May 9th, 2008 at 1:07 pm
The registration (and registration of the DNS servers domains) are still with enom. They can work with him to correct this. Can you provide any more information on what godaddy told him?
Its possible we can find the right people to complain to and get this resolved. With so many people backing you up its hard for them to ignore.
May 9th, 2008 at 1:53 pm
You may also want to notify Paypal if you haven’t already:
https://www.paypal.com/ewf/f=pps_spf
Send a few reports and the hijacker looses his account.
May 9th, 2008 at 4:16 pm
http://tinyurl.com/33yx3j
heres a stoy about a blogger who got his domain name back..
his was stolen using a gmail vulnerability…
good luck!
May 9th, 2008 at 4:21 pm
So it appears there is hope!
May 9th, 2008 at 4:24 pm
I especially like how the site states that there is a New Site Coming Soon! What a bunch of douches!
May 9th, 2008 at 4:27 pm
I agree with Andrew, you are already getting a lot of traffic from stumble; we now need to find the right people to complain to.
May 9th, 2008 at 4:54 pm
I suggest to speak to someone related to Godaddy. May be Karen can help us again.
He needs to be active in top tech forums, there he can find really good authority guys who can easily help him.
Hope that helps a little.
May 9th, 2008 at 5:08 pm
dude i do hacking, lol im taking this oppertunity! here comes the trojan ;)
lol that serves goin down!!!!
May 9th, 2008 at 6:16 pm
A similar thing happened to 4chan with their .net domain. thanks, godaddy
May 9th, 2008 at 6:22 pm
Ok. So there is a fairly good chance that this is not Godaddy’s fault. I mean, if they allow “unauthorized transfer of ownership to the domain and hosting account” wouldn’t it make a heck of a lot of sense that this problem would be far more wide spread! This is probably a hacked e-mail account. Either way, if you want digg and stumble upon to help you out with this, how about posting the full story. No summarizing. I’m really surprised to see how many people you’ve already managed to gain the support of when they don’t even sort of begin to understand the facts.
May 9th, 2008 at 6:30 pm
Kevin, I’m happy to tell the whole story, and I’ll have Dan chime in here if he gets time this weekend, since he’s been on the phone with them. It could perhaps be a hacked email account, but the domain was still somehow able to be transferred without Dan’s actual permission, and godaddy was hosting it. So technically they allowed the transfer to someone that wasn’t Dan. From what Dan has told me it’s been extremely frustrating, and that godaddy is not really providing much help. That may change if he continues to talk to them, but I don’t know what they *can* do now anyway, since the transfer has already been made. That’s all I’ve really said here.
May 9th, 2008 at 7:23 pm
@ skamp: That gmail flaw has been closed for ages.
May 9th, 2008 at 7:31 pm
Im the real Dan Spencer / designer at flyguydesigns, thanks for all your support. Im working vigorously amongst godaddy.com (the original host), enom.com (were the site is now) and srpy.com (where the site is illegally being hosted) and my lawyer to resolve the matter. I hope to be back up and running soon, but till then please purchase nothing from the site. And feel free to tell the person at the other end of this email what a jerk they are contact@flyguydesigns.com
Dan
May 9th, 2008 at 7:37 pm
Welcome Dan,
Hope things get solved soon. Please keep us informed. Wish you best of luck and yes I have emailed them about HOW A BIG JERK HE IS! ;)
May 9th, 2008 at 7:40 pm
I will give spry.com some props. I sent emails to there dispute department and they seem to be moving very fast within the matter. Hope to have this resolved soon. I will keep posting as more info becomes available.
Thanks for posting Jason.
May 9th, 2008 at 10:29 pm
thats creepy in my mind. Not too sure what to do about it, but scary that it happened.
May 10th, 2008 at 1:01 am
Stumbled, and sent to Consumerist.com, here’s hoping it’s greenlit, and some internet justice is served
May 10th, 2008 at 4:26 am
photoshopped
May 10th, 2008 at 7:22 pm
“photoshopped”?! WTF?! There’s no picture dillweed. If you are going to claim it as a hoax at LEAST use the proper termonology, something like “MSWorded” or “Notepaded” might be closer to correct. That is if you want to claim the story is a fake. To the guy who’s site got hijacked: Good luck with getting it back. Hope it is all resolved soon!
May 10th, 2008 at 8:21 pm
UPDATE:
Well this lowlife had taken down the site this morning after being warned they were in violation of copyright infringement. Guess they squeezed past the red tape cause its now back up and running again. Godaddy had contacted me this morning with rather frustrating news. They informed me that the matter is in the hands and balance of enom.com deciding if they want to corporate or not. All they need to say is na, we are not willing to do anything and thats all folks. Godaddy is not putting forth much effort to pressure them into giving me my domain back which was wrongfully taken from me. Geezzz, what a world. Thanks for the diggs, keep them coming. Power in numbers can only help me out. Until next time.
PS dylan, would you like to have a chat and a cup of coffee? Ill be more then happy to insure you this is by no stretch of the imagination a “photoshoped”, “fake”or “fraud” this is very real.
Dan, The real flyguydesigns
May 10th, 2008 at 10:11 pm
A refund attack would do him justice. Get friends involved. Make many small purchases, then request refunds. Paypal will not only force the refunds to come back before he can even spend the money, but he will loose money to transaction fees. Not to mention loose feedback ratings and eventually his Paypal privileges.
May 11th, 2008 at 5:20 am
I have every sympathy with you and your predicament, Dan, but I wonder if you remembered to lock down your domain registration when you purchased it? I forget the exact terminology, but until you check that box, anyone with the knowhow (and the stones) can steal your domain.
May 11th, 2008 at 1:59 pm
Im sure I am somewhat at fault here in some form or another. Its a learning experience for sure. Loosing the domain is just the tip of the iceberg. Whomever is at the other end of the site now is masquerading as me, responding to emails as me, selling my photoshop brushes and then not delivering the product. At this point if I can get the domain back its a bonus, I really just want my identity back without my reputation being completely ruined.
May 11th, 2008 at 4:01 pm
As mentioned, the same kind of thing happened to David Airey in December. He got a lot of help from the internet community and his site was back in his hands 3 days later. You can read about it here http://www.davidairey.co.uk/david-airey-dot-com-restored
Maybe he can help Dan out with a more useful contact at GoDaddy?
May 11th, 2008 at 10:13 pm
Ahmm I just paid $500 for this site from a sitepoint auction 2 days ago. I would be happy to help track down the person that stole it and hopefully get my money back. I don’t want to own a stolen domain.
http://marketplace.sitepoint.com/auctions/35711
May 11th, 2008 at 10:29 pm
The person I bought this from was really helpful and of course used @flyguydesigns.com email, so I thought this was legit. If anyone is a good detective, he also emailed me from : sleepyadmin@gmail.com (after the transaction was finished) Maybe someone can find out more about him.
I made 2 disputes with paypal (I paid $500 in 2 $250 transactions)
Dan I wish you posted your email so I could contact you, please contact me at pwk at webmail dot us
May 12th, 2008 at 9:15 am
Pete, thank you. Dan has been notified of your comment.
May 12th, 2008 at 9:36 am
Pete you can contact me at dan [at] departika dot com.
May 15th, 2008 at 3:52 pm
Dan, did you inform SitePoint by filling out their form ?
http://marketplace.sitepoint.com/static/marketplace/pdf/infringement_notice.pdf
May 15th, 2008 at 4:11 pm
I love a somewhat happy ending.