How my domain got "robbed" for an hour

Oh man...
I couldn't believe what just happened...

My main domain got "robbed". The domain was pointing to a wrong IP-Address.
Luckily my wife noticed that the webmail was not working and I went to investigate the problem. I first thought my server was down, but all services were up and running.

I then noticed that it was not my server. The DNS-query (the A-Records) showed that the domain was pointing to completely wrong IP-Addresses, and the MX-Record was pointing to the domain itsself (therefore also to the wrong IP-Addresses).

I checked the nameservers I had configured at my registrar. They were correct.
I then checked the entries of my DNS-provider. They were correct too.

So what must have happened is that someone had access to the nameservers with higher priority than I had.

I opened an account on a new DNS-provider and I reconfigured the nameservers at my registrar to point there. Now my domain is working properly again.

It was pure luck that I noticed this whole thing within an hour. Man this gives me the creeps.... all emails went to the wrong server in this hour!! Everywhere you use an email address as login, the password can be (re-)sent by a click. I guess there's nothing else than to change all passwords where I use an email of this domain as login.

Cheers! - And I hope this doesn't happen to you!!
- leonard

that's a fairly chilling story leonard, could you explain a little what you mean by "Everywhere you use an email address as login, the password can be (re-)sent by a click.?"

He means that any site he is a member of people can use your username and have the password sent to the email address you registered with. All the emails that were sent to him while his domain was 'robbed' went to a different server someone could access them.

Right Johnathan

Example facebook:


All the aggressor needs to do is enter the email-address of my account, e.g. correctaddress@robbeddomain.com (of course he needs to know exactly which email I use for the account on facebook) and the password will be sent to his server (that is if he has set the MX-record of the domain to point to his server and has a mailserver to receive the mail).

Cheers
- leonard