It appears you have not yet registered with DEVPPL. To register please click here... (it's fast, easy and free!)

Forum

Log In Sponsors
Partner Sites
Board index For Webmasters Domain Names Forum

How my domain got "robbed" for an hour

Discussions about domain names, where to buy, how it works...
Post a reply

How my domain got "robbed" for an hour

Postby leonard on Tue Aug 26, 2008 6:33 am

Oh man...
I couldn't believe what just happened...

My main domain got "robbed". The domain was pointing to a wrong IP-Address.
Luckily my wife noticed that the webmail was not working and I went to investigate the problem. I first thought my server was down, but all services were up and running.

I then noticed that it was not my server. The DNS-query (the A-Records) showed that the domain was pointing to completely wrong IP-Addresses, and the MX-Record was pointing to the domain itsself (therefore also to the wrong IP-Addresses).

I checked the nameservers I had configured at my registrar. They were correct.
I then checked the entries of my DNS-provider. They were correct too.

So what must have happened is that someone had access to the nameservers with higher priority than I had.

I opened an account on a new DNS-provider and I reconfigured the nameservers at my registrar to point there. Now my domain is working properly again.

It was pure luck that I noticed this whole thing within an hour. Man this gives me the creeps.... all emails went to the wrong server in this hour!! Everywhere you use an email address as login, the password can be (re-)sent by a click. I guess there's nothing else than to change all passwords where I use an email of this domain as login.

Cheers! - And I hope this doesn't happen to you!!
- leonard
:%s/^M//
There are 10 kinds of people:
Those who understand binary and those who don't.
User avatar
leonard
100+ Club
 
Posts: 147
Joined: Tue Dec 18, 2007 8:11 am
Location: Switzerland
Top

Postby DC3 on Wed Oct 22, 2008 12:15 am

that's a fairly chilling story leonard, could you explain a little what you mean by "Everywhere you use an email address as login, the password can be (re-)sent by a click.?"
DC3
 
Posts: 4
Joined: Wed Oct 22, 2008 12:09 am
Top

Postby Johnathan on Wed Oct 22, 2008 7:45 am

He means that any site he is a member of people can use your username and have the password sent to the email address you registered with. All the emails that were sent to him while his domain was 'robbed' went to a different server someone could access them.
Johnathan
1000+ Club
 
Posts: 1204
Joined: Thu May 31, 2007 4:28 pm
Location: Belfast, Northen Ireland
Top

Postby leonard on Wed Oct 22, 2008 3:32 pm

Right Johnathan

Example facebook:
Image

All the aggressor needs to do is enter the email-address of my account, e.g. correctaddress@robbeddomain.com (of course he needs to know exactly which email I use for the account on facebook) and the password will be sent to his server (that is if he has set the MX-record of the domain to point to his server and has a mailserver to receive the mail).

Cheers
- leonard
:%s/^M//
There are 10 kinds of people:
Those who understand binary and those who don't.
User avatar
leonard
100+ Club
 
Posts: 147
Joined: Tue Dec 18, 2007 8:11 am
Location: Switzerland
Top
Post a reply

Return to Domain Names Forum

Who is online

Users browsing this forum: No registered users and 0 guests