Grow your CSS skills. Land your dream job.

This Site’s Domain is Stolen

Published by Chris Coyier

Hey ya'll. This is (really) Chris Coyier. I had css-tricks.com registered on GoDaddy. It recently came to my attention that the ownership of this domain has been transferred away from my ownership to PlanetDomain. For now, thankfully the nameservers still point to MediaTemple, so the site is still up. That could change at any time.

I'm going to keep track of all this.

Timeline of Events

Sunday, November 13, 2011

Hacker gains access to my GoDaddy account and GMail account. He initiates the domain transfer away from GoDaddy: unlocking domain, changing registration information, putting in request from PlanetDomain. Emails are likely generated from all this activity but I saw none of them. Presumably the hacker deleted them from my GMail account.

Strange: My GoDaddy account password was never changed, nor does that password exist in my GMail account. How did he get in?

Monday, November 14, 2011

I wake up and can't log into GMail. I reset the password through cell phone verification (I still have this text message and a screenshot of it). I honestly didn't think much of it at the time. I thought of a few reasonable explanations for it and went on with my day.

Question: Was the hacker able to gain access to my GMail account by resetting the password, or did he gain access some other way and then reset the password to attempt to lock me out.

Sunday, November 20, 2011

In the evening of this day the domain transfer was completed away from GoDaddy and to PlanetDomain. Again the hacker was able to access my GMail, gaining access to the needed emails and getting the transfer verification codes, and then delete them so I never saw them. He changed the password to the GMail account again.

This same evening, I had a minor site hack. VaultPress caught it. In my index.php file in the root (effects the entirety of WordPress) a link was added to 8oc.com. Later I found this same exact thing happened to Kirupa Chinnathambi of kirupa.com.

Uh oh: does this mean the hacker has access to my MediaTemple hosting too? FTP access? Account Center access? None of these passwords were changed.

Monday, November 21, 2011

I wake up to be locked out of my GMail account again. Again reset the password through cell phone verification code. Again, stupidly, didn't think much of it. (Thought something like my 1Password got out of sync).

Uh oh: does this mean the hacker can reset my GMail password at will? I have two-step authentication turned on now, hopefully that will prevent this in the future. My passwords for GMail have always been totally unique and complex.

Friday, December 2, 2011

The day I found out about all this.

7:30am - I found out about all this from emails from David Appleyard. I immediately thought of David Walsh who this is also happening to. It's also happening to instantshift.com and sohtanka.com. None of us share a GoDaddy hosting account. These are all separate instances. Important to note: I received no email or phone call verifying the transferring of this domain. The email address in my GoDaddy account was unchanged.

7:45am - Called GoDaddy support at (480) 505-8877. Was not helpful. Was told just to email domaindisputes@godaddy.com (which I did immediately).

8:06am - I tweeted about the problem. GoDaddy sent me a DM saying to fill out a form, but the form was a 404 page.

Friday 8:30am - I got the correct link to the domain disptute form and filled it out. This included a scan of my driver's license. The website says it will be 3 days for an initial response. I hope it's sooner than that.

9:00am - I went to my banjo lesson because at least nobody can take that away from me.

10:10am - Trying to contact PlanetDomain (just assuming this is them). They don't seem to have an active Twitter account. Just sending an email through the contact form for now.

10:15am - Got generic email back from GoDaddy:

We have reviewed your claim and we will contact PlanetDomain and request an FOA (Form of Authorization) for the transfer. If their records also show the same registrant at the time of transfer, we will work with them to see if they can transfer the domain name back. However, they are not required to transfer the domain name back.

If they are unwilling to transfer the domain name back you will need to contact the current registrar or registrant for further assistance.

11:50 - Just got off the phone with GoDaddy (Tony in domain disputes and Alon in customer service, I think). The current status is that they have already sent a request to PlanetDomain, and the next step is to wait for them to do the due diligence and get back to GoDaddy with an answer on whether or not they will return the domain. This be a matter of days, or a week (sine it's Friday, very likely won't be until early next week). Other facts about GoDaddy:

  • So far they have found this has happened to around 12 accounts, all within the "Web Design" genre (so most likely a targeted attack).
  • There is no accessible log from with your GoDaddy account to see what/when things happened.
  • They do have access logs, but they can't share that information with me.
  • The domain was transferred away from GoDaddy the evening of Nov 20th
  • They have, but cannot provide me with, the email address used to transfer the domain away.
  • GoDaddy confirmed my global account email has never been changed, but it WAS changed for the domain css-tricks.com prior to the move.
  • The request to unlock the domain happened on Nov. 14th at 4:30pm Mountain Time. Normally there is a 5-7 day waiting period, but GoDaddy offers instant transfer and they remarked that it was unusual that the hacker chose not to do that.
  • They confirmed no other domains have left my account.

Friday 12:15pm - I asked VaultPress if they could tell me the IP address of the person who changed the index.php file, but they don't have that information. It might be in my server logs if I have them from that long ago.

1:05pm - Former employee of PlanetDomain tells me that it looks as if the hacker attempted to remove the nameservers, but the PlanetDomain system for that failed. (This line in the WHOIS: "No name servers present.") The hacker would have to call PlanetDomain to "fix" this, which they have not (thank god).

5:25pm - About the end of the work day here and heading in to the weekend, so it's unlikely anything will happen until early next week. I'd love to get at least an acknowledgment from PlanetDomain / NetRegistry that they've gotten the domain dispute from GoDaddy. But no such luck.

7:10pm - Send off an email to MediaTemple letting them know the issue. They aren't really involved, but if they can find for me the IP address that changed that file on the server on Nov 21st, that might be helpful.

Saturday December 3, 2011

6:05am - Heard back from MediaTemple. The server logs don't go back that far, so no dice on getting IP address from that.

Sunday, December 4, 2011

3:50pm - First contact from PlanetDomain - Christine Dela Fuente of the Customer Support Team:

Hi Chris,

Thank you for your email.

We are currently in communication with GoDaddy regarding this. We will
advise you via email of the decision.

I'm hoping the drastic time zone different between Australia and the U.S. doesn't inhibit communication between PlanetDomain and GoDaddy.

Monday, December 5, 2011

Sometime during the night the status of the domain (viewable from the WHOIS information) changed to "LOCKED". I think it was "ACTIVE" before. Also, the nameservers are now listed correctly (NS1.MEDIATEMPLE.NET, NS2.MEDIATEMPLE.NET) instead of "No name servers present." as it said before. I don't know the implications of this.

Thankfully, my nameservers have not yet changed. instantshift.com and sohtanaka.com have not been so lucky, their sites are now offline. My heart goes out to them, so awful.

The same happened to designshack.net, but David Appleyard was able to speak directly with PlanetDomain and PlanetDomain agreed to change his nameservers back to his, so his site is back online. That is a great first step of cooperation from PlanetDomain, yay!

9:40am - David Appleyard talked to GoDaddy this morning. They said: "I just talked to [PlanetDomain] about it this morning. It was the first thing on their plate."

1:10pm - David Appleyard spoke with PlanetDomain directly again. They said that the criminal's account has been suspended, so they no longer have access to make changes. I don't know for sure if css-tricks.com was in the same account as David's, but I hope it is.

5:00pm - Email from Christine Dela Fuente at PlanetDomain:

As per the decision between PlanetDomain and GoDaddy, we have decided to reverse the transfer back. This means the domain will be transfer back to GoDaddy. At this stage, we are waiting for confirmation from GoDaddy in regards to this.

We will update you via email as soon as we hear from them.

EFF YES. Can't wait to see the domain back in it's original home.

Tuesday, December 6, 2011

10:00am From GoDaddy via Twitter:

There's some additional back-and-forth that needs to happen before the domain is actually moved. It's real close, though. All good news.

3:00pm From GoDaddy via Twitter:

We're still waiting for some key info from PlanetDomain.

9:00pm Email from PlanetDomain:

Thank you for your patience.

Please be advised the domain css-tricks.com has been transferred back successfully to GoDaddy.

WHOIS data is back. Good stuff! Still waiting to see the domain back in my GoDaddy account.

Wednesday, December 7, 2011

7:45am - Domain is back in my GoDaddy account.

Other Information

  • This happened to David Airey as well. He attributes a Gmail Security Flaw (this particular flaw has been fixed) as to why he was never notified of the domain transfer.
  • David Walsh received two emails on November 28th from moya.server@gmail.com. One said: "trust me godady can't help you," the other: "pay 2k to get ur domain back .."
  • This is not isolated to GoDaddy. Original registrants varied, see below.
  • A former employee of PlanetDomain tells me that PlanetDomain is owned and operated by a Sydney company called NetRegistry(NR). He also tells me the domain is in "active" status which is good news for the possibility of moving it back.
  • Official rules on Domain-Name Dispute-Resolution.
  • Hackers News conversation (was on homepage entire day Friday)
  • Slashdot conversation

Sites with Same Problem

davidairey.com - Resolved

abduzeedo.com - Prevented - Was able to stop domain transfer before it happened, but all signs indicate the same hacker tried to steal it (forserver@yahoo.com) - Originally on DreamHost

css-tricks.com - Resolved Originally at GoDaddy, Bad Guy moved to PlanetDomain - Domain is back at GoDaddy.

davidwalsh.name - Resolved Originally at GoDaddy, Bad Guy moved to Name.com then to 1and1 (highly unusual and isn't supposed to be possible) - Name.com is was able to get it back from 1and1, although I don't think it was through cooperation on 1and1's part.

scriptandstyle.com - Resolved Originally at GoDaddy, Bad Guy moved to PlanetDomain - David Walsh is the owner of this domain. Transferred back to GoDaddy on December 6th.

sohtanaka.com - Unresolved Originally at 1and1, Bad Guy moved to PlanetDomain - Soh Tanaka's site is offline (nameservers were removed). PlanetDomain is ready to give the domain back to 1and1, but 1and1 isn't responsive.

designshack.net - Resolved Originally at GoDaddy, Bad Guy moved to PlanetDomain - David Appleyard is the owner of this domain. Transferred back to GoDaddy.

instantshift.com - Resolved Originally at GoDaddy, Bad Guy moved to PlanetDomain - Daniel Adams has domain back in GoDaddy account.

kirupa.com - Resolved Originally on NetworkSolutions, Bad Guy moved to PlanetDomain - Kirupa Chinnathambi has domain back.

shiachat.com - Resolved Originally on 1and1, Bad Guy moved to PlanetDomain. Stolen on October 8, went down on November 24. Ali A. is now has domain back (actually kept it on PlanetDomain instead of moving back to 1and1 because they are so awful).

Comments

  1. Jason Day
    Permalink to comment#

    So godaddy is no longer secure – I’d be interested in finding other domain providers that are.

    • name .com is awesome!!!! i have all my domains with them

    • Permalink to comment#

      Using Name.com as well. Never a fan of GoDaddy.

    • eternicode
      Permalink to comment#

      I’ll third name.com. I’ve been quite happy with them since jumping ship from godaddy.

    • Permalink to comment#

      I have a bunch of domains in Godaddy. I should think about transferring them to another…

    • GoDaddy has *always* been a terrible option. A few years ago there were tons of horror stories of their bad service, many of which were chronicled on a site called “NoDaddy.com,” which no longer exists. There were even cases of GoDaddy mysteriously failing to renew a domain set to auto-renew, with the name being quickly put up for auction by GoDaddy.

    • Permalink to comment#

      No, it is secure. Someone either guessed the password, sent a password reset or got in some other way but they got the domain legitimately through a transfer. You can see the new registrar information from the whois information.

    • It does not appear at this time that GoDaddy is at fault here. Many other domains are affected similarly which started with different registrars.

    • I’m with Namecheap.com currently. Absolutely no problems so far, and very nice. Typically a promotion running every month.

    • Justin FYI
      Permalink to comment#

      Registrars need to protect their clients by providing methods which force secure passwords, etc. GoDaddy, and other registrars in this mess, need to wake up or lose more and more clients.

    • nick
      Permalink to comment#

      LOL are you kidding?! GoDaddy has never been secure! lol, there’s so many horror stories from people using GoDaddy, just Google it…

    • ramendoodle
      Permalink to comment#

      godaddy has always be a terrible choice.

      A good alternative to be sure to own your domain name is gandi.net

    • Permalink to comment#

      Also on Name.com

      I recently redirected my domain to my tumblr, and it was so quick (tumblr suggested 72 hours: it only took 20 mins) and easy that my opinion of an already good service has improved.

    • Permalink to comment#

      I’d never use GoDaddy unless I had too… Always found their site confusing and unhelpful.

      And their CEO shoots elephants :-p

    • Permalink to comment#

      I was GD for a long time, then became sick of their advertising and service, since then I’ve moved all my domains over to namecheap and I’ve been really happy there.

    • Mikołaj
      Permalink to comment#

      Fun fact: type “domain theft” into Google and you’ll see GoDaddy advert

  2. Permalink to comment#

    How come?
    I hope you are fine!

  3. Was your domain unlocked?

  4. amidude
    Permalink to comment#

    Hope this gets resolved soon and that you have some legal recourse in this situation. I personally am hosted with 1&1 and I haven’t had these issues. (maybe I should say “yet?”)

    • Ryan
      Permalink to comment#

      I have run into similar problems with a client that was hosted on 1&1. Due to a configuration error we were unable to renew, they charged us for falling into their hold period while we waited for support. About three months after it was resolved I got an email from a guy wondering why our domain was listed in his account.

      It seemed like someone had simply changed the account number on our domain. Fortunately for us the guy never wanted our domain. 1&1 told us to work out a deal with the guy… for what? None of us had initiated the transfer.

      I complained to ICANN and they responded saying that they would not do anything on the *very same day* we got access back from 1&1. What a terrible nerve wracking experience it was.

    • amidude
      Permalink to comment#

      Wow thanks for sharing. I didn’t know this was so prevalent.

  5. Sorry to hear about this, Chris. I’m shocked, but not surprised to hear yet another jaw-dropping bungle by GoDaddy. I’ll be keeping a close eye here (for now) and on your Twitter stream to see how it all unfolds. Good luck!

  6. Permalink to comment#

    Scary stuff!
    I hope you get it all sorted, Chris!

  7. Brian
    Permalink to comment#

    NNNOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!

  8. I can’t even imagine what it’s like to have this happen. I’ve been following David Walsh’s experiences over the past several days (can’t believe it’s still ongoing) and it frustrates me to see the sites of people such as David and yourself going through this.

    I really hope that this gets sorted out quickly for you.

  9. Permalink to comment#

    I’ve always heard bad things about GoDaddy, never anything good. I’ve always stayed clear of them simply because I think their website is hard to navigate, and kind of ugly. Hover.com has been good to me, and their site is pretty. :)

  10. This is exactly why I do not use GoDaddy!

    Isn’t the first time I’ve heard of it happening and am also a victim myself. It happened to me about two years ago. It took over 6 months to resolve and a variety of “confirming” steps to verify who I was. Overall the experience was not very pleasurable and it caused me to never use their services again!

    I hope its a learning experience for everyone out there. A shame it has to be learned through such means as this but people who limit their trust in the services provided by GoDaddy, its just not worth the chances!

    Chris, I wish you and those mentioned all the best in resolving it!

    • Permalink to comment#

      You’re incorrect in believing it’s isolated to Godaddy. If someone gets your password for any site that is endgame.

    • nick
      Permalink to comment#

      Mark, you’re wrong, it’s isolated to GoDaddy… You sound like you work for GoDaddy… i’d advise people to not listen to you.

    • Permalink to comment#

      Nick, I think what Mark is referring to is that this can happen with ANY registrar you use. I realize it’s easier for people to believe Go Daddy is “insecure” because of this, but they might needlessly frustrate themselves if ever they find their domain name hijacked with (registrar).

      Do a Google search for (registrar) hijacking, and you’ll invariably find it’s happened with everyone else. The important thing, though, is that registrar takes prompt and serious action once they’re notified of such.

      Unfortunately registrars also get cases of alleged hijacking where it’s not necessarily so, few of which I handled in my ex-registrar life.

  11. Good luck sorting this out, Chris. We’re on the case for the same situation with Design Shack as well. Here’s hoping that GoDaddy get everything reversed as soon as possible.

  12. This is atrocious. I’ve got lots of domains registered with them and am now scared. Keep logging your experience wherever you can. If this is how they’re going to treat customers people ought to know.

    • @trentwalton

      I Just moved all my domains off godaddy yesturday. (45 domains) The reasons I left:

      – Sick of the constant upselling (6 screens to buy or renew 1 domain)
      – I personally don’t agree with the CEOs hobbies (http://www.youtube.com/watch?v=HXVH4OsfapI)
      – The user interface is slow and confusing (and ugly). I want to encourage and reward good UX from web companies.

      I went with namecheap.com after reading a heap of users experiences, and trying the control panel.

      I used the code SWITCH2NC to get $1 off the transfer. They also take the existing expiry date and add one year, so some of the the domains I switched now expire in 12+8 months.

      contact me @lukeholder with my transfer experience. Hopefully this was helpful trent, and didn’t sound too much like an ad :)

    • Permalink to comment#

      If you’re scared about having your account hacked then get a password that has eight capitals, seven lower cases, nine special characters and 11 numbers. Then change all of your validation methods for godaddy’s side. change your username and get domain protection on all your domains so that you have to submit your photo identification before you transfer, cancel or expire. This makes you safe on any site not just Godaddy.

    • If you’re scared about having your account hacked then get a password that has eight capitals, seven lower cases, nine special characters and 11 numbers.

      That’s good password advice, but no password will keep you safe if someone can reset it at will.

  13. Sean
    Permalink to comment#

    I am using Dotster, and they have the ability to lock transfers. They also email you about EVERYTHING you do to your account, which is normally annoying, but in a case like this would be very handy!

    • I think the whole point of breaking in to your account is that they have the ability to change your email and so the verification email would be routed to the thieves anyway.

    • Permalink to comment#

      If I had your password I could go in, turn off notifications, change the email in the whois information and unlock for transfers. No matter what company you are at you are vulnerable if they have account access. I can’t believe this is such a hard concept for 70% of the people here.

  14. Jose Duran
    Permalink to comment#

    Outrageous!
    Hope this will be resolved soon.

  15. Permalink to comment#

    I really dislike GoDaddy… I’ve used them once… and only once. I still have them for my one domain but have never been happy with their service… truthfully, the only reason I don’t switch is because I’m not sure how and am too scared of losing the domain…

    • eternicode
      Permalink to comment#

      If you use your one domain for anything serious, I’d recommend switching sooner rather than later. “Better late than never” doesn’t apply here ;)

      A couple of resources:

      GoDaddy – Transferring Domain Names to Another Registrar

      http://help.godaddy.com/article/3560

      Name.com Blog – How to Transfer your Domains from GoDaddy to Name.com (video)

      http://blog.name.com/2011/11/how-to-transfer-your-domains-from-godaddy-to-name-com/

    • Permalink to comment#

      You’re unhappy with their 24/7 service and all you have is one domain name with them? Sorry, I have to call shenanigans on this.

    • nick
      Permalink to comment#

      TO anyone reading Marks comments here, he works for GoDaddy. Read all of his comments, he’s hard core defending GoDaddy, don’t trust what he has to say. Mark, your distasteful.

    • Permalink to comment#

      Sorry, Nick, but do you have irrefutable proof “mark” indeed works for Go Daddy, just because you find his comments disagreeable? I’m not with Go Daddy either if ever you get that impression, and it’s understandable if one finds that hard to believe.

      I also realize some people might not like to “hear” what mark said, but I actually agree with him based on my ex-registrar work. One can only do so much to keep their possessions safe, especially if they don’t control everything and anything that can make that happen.

  16. Permalink to comment#

    That sucks, especially since GoDaddy is being unhelpful. :/ Can you see what the domain is now registered under?

    I looked up the WHOIS and it’s registered somewhere in Austria:
    Bakulina 12,
    Kharkiv, gras 61166
    Austria
    Phone: +61.4354353455
    Record last updated on: 21 Nov 2011 16:20:33 EST

    Good luck!

    • Andy
      Permalink to comment#

      That’s a bogus address. Kharkiv is in Ukraine, and Bakulina is a street in that city. I’m not sure why they’ve put Graz, Austria in the address too! Also, the phone number is +61 for Australia. I guess the whole WHOIS entry is duff.

    • Permalink to comment#

      These european hackers are getting absurd.

    • Nate
      Permalink to comment#

      An Australian hacker?

  17. I was made aware of these guys via Lifehacker.com:

    http://www.namecheap.com/

    They apparently have a stellar reputation. I’m planning on transferring all of my stuff over there ASAP, especially after hearing about this. Best of luck to you.

    • Permalink to comment#

      And then, if your account gets hacked, they’ll do the exact same thing and you’ve just wasted your money transferring to a different registrar.

    • Permalink to comment#

      NameCheap has worked well for me too. I’ve been a customer of theirs for several years.

  18. Sorry to hear about your issue using GoDaddy. Talk about piss-poor customer service!

    I wish there was something we all could do to help (other than spread the word about it). CSS-Tricks is an awesome resource.

    – jeff

    • Permalink to comment#

      Piss poor? The guy hacked into his account and transferred the domain through legitimate methods to a completely different registrar which they have no control over. Honestly the fastest method would be to sue the hacker using the whois information as a base. How is there any way to defend against this when more than 50% of domains are registered through their site? That’s more than half of all domain names and you want them to… what? Monitor each account for a hacker who legitimately transferred a domain (which is 100% automated)?

    • nick
      Permalink to comment#

      Mark, buddy, we can see you work for GoDaddy. Maybe you should get back to work and actually do something about this problem, instead of coming here and whining about everyone who’s experienced GoDaddy’s piss poor performance and customer service. Nobody’s going to buy anything your selling here, I think people see past it… Go and make your website(GoDaddy.com) better, improve your security and customer service. Be the bigger man and make your business better, don’t sit there and complain that everyone hates you because you suck, do something about it and show people that GoDaddy actually could possibly maybe provide somewhat maybe good customer service someday, maybe… Time to put your pants on. Have a good day.

  19. Evert
    Permalink to comment#

    I had a problem like this with a client last year. It wasn’t a GoDaddy account but like with you the email account was unchanged.
    Long story short: we found out that the hacker (it was a hacker) had gotten into the control panel, changed the email address. changed everything else, including ownership, and then changed the mail address back again. The problem was that changing the email did not send a confirmation to the old address.
    I found out later that that hosting company had a lot of security problems like hacked websites, ftp-accounts, etc.
    I am not saying this is a similar problem, but it sure sounds similar.

  20. It reminds us to keep a close eye on our own site domains and providers.

    Besides I think it is a shame it’s happening with you Chris, I’m sure you’re gonna resolve this problem very soon.

    Keep us up to date. :)

  21. Bottom line of this blog post: Under all circumstances, avoid doing any business with GoDaddy.

    Their customer support is awful. Last time I called in, they said I needed to renew something in order for them to fix a problem with database import/export.

    They sent me to to wiki pages on how to do what I needed to do, which did not work.

    LDB: Lie, Deny, Blame – is their motto.

    Funny thing is they tried to pitch me on managed hosting. Yeah right!

    They are liars, cheap-skates, and they will do anything to get you off of the phone.

    If you want to do business with them, use a headset or speaker phone, and do not get off the phone with them until your issue is resolved (even if it takes hours.)

    That’s the only way to get business done with GoDaddy.

    • Permalink to comment#

      LDB: Lie, Deny, Blame

      LOL. Learned a new acronym today.

    • Permalink to comment#

      You know what the funniest part about your post is? Each telephone representative is held personally accountable for the success of your problem. If you call back in they are penalized for that occurrence so it’s in their best interest to keep you on the phone and help you with the problem. The only way they would want to get you off the phone is if they can no longer support your issue, ie. coding/database management/programming language issues (php4 to php5 issues for example) or if you are straight up too ignorant to google your issue and find out how to fix it yourself.

  22. I hope this will be resolved with success…
    You are a great man, with a gold info on this site…

  23. Permalink to comment#

    What a pain. So sorry to hear about your issues at GoDaddy. I’ve always recommended GoDaddy to clients for domain name registration.

    Wish there was a GoDaddy “Frank Eliason” on Twitter who could take on the issue and resolve it quickly for you.

  24. A similar thing happened to graphic design blogger David Airey. He got his domain back with the help from someone who is friendly with the CEO of GoDaddy. This hugely improved GoDaddy’s helpfulness. Maybe you can contact /david Airey to see if he can put you in touch with the same person.

    Here is a blog post describing the recovery.

  25. John Attebury
    Permalink to comment#

    Ugh. I’m keeping an eye on this. We use GoDaddy at work and may have to switch registrars.

    • James Thompson
      Permalink to comment#

      Find one which emails you on any change including email addresses and lock the domain. So if your email address is changed you can reset it and verify the lock is still in place.

      Personally I think GoDaddy shares some negligence here for not sending such change notices.

  26. Ali
    Permalink to comment#

    Hi Chris,

    I’m the guy who initially reported this to you and David as my domain was the first to be hijacked followed by all yours straight to the same package on Planetdomain. Luckily, I convinced Planetdomain to put a lock on my domain and remove the dns and remove it from the package under the hacker’s control.. I suggest we work together to do the same for your domains if you don’t want them to be transfered out. Keep in mind, there is a 60day lock on domains after they’re transfered.. After the 60 days he can transfer it out from planetdomains and then you’re really screwed.

    I need you guys to reply-all to the emails I sent you so that we can work as a group seeing that I’ve raised a heavy case with planetdomain and 1and1 (my original registrar) and we seem to be making good progress and they’re willing to work with me.

  27. Heidi
    Permalink to comment#

    What an unscrupulous action! I have all my domains registered with Godaddy but have become increasing dissatisfied with their service and charges. I do like the ease of administering DNS but if anyone has a better, smaller and secure suggestion, please suggest!
    Chris, your articles, tutorials and general notes on all things CSS and beyond are priceless. I hope your issue is resolves soon. Maybe a boycott of Godaddy.com is in order!

  28. Occupy godaddy! Let’s all stop giving giving our money$ to godaddy and boycott them!

    • nick
      Permalink to comment#

      lol, if they have your credit card info, GoDaddy wont let you leave, they’ll keep charging you even if they don’t provide you any service.

  29. John Tanedo
    Permalink to comment#

    Jeez Louis! Our Support to you Chris… Hope you get this solved… And hopefully they wont hold your domain for ransom… Did you not know if or when your domain registration expired or something? or where you not notified? =(

  30. Charl du Plessis
    Permalink to comment#

    Not sure whether it will be of much use, but have you done a “whois” on your domain? Looks like it’s a chap in Austria…

    Reverse Whois: “oca” owns about24 other domains Email Search: is associated with about 3 domains
    Registrar History: 2 registrars NS History: 1 change on 2 unique name servers over 4 years. IP History: 7 changes on 5 unique IP addresses over 4 years. Whois History: 317 records have been archived since 2007-10-27 . Reverse IP: 3 other sites hosted on this server. Log In or Create a FREE account to start monitoring this domain name
    DomainTools for Windows®
    Now you can access domain ownership records anytime, anywhere… right from your own desktop! Download Now>

    Domain Name: CSS-TRICKS.COM
    Reseller…………..: PlanetDomain Ltd Pty
    Created on…………: 4 Jul 2007 16:26:57 EST
    Expires on…………: 4 Jul 2019 16:26:57 EST
    Record last updated on: 21 Nov 2011 16:20:33 EST
    Status…………….: ACTIVE

    Owner:
    oca
    (465144)
    Bakulina 12,
    Kharkiv, gras 61166
    Austria
    Phone: +61.4354353455
    Email:
    Administrative Contact, Billing Contact:
    oca
    (465143)
    Bakulina 12,
    Kharkiv, gras 61166
    Austria
    Phone: +61.4354353455
    Email:
    Technical Contact:
    oca
    (465145)
    Bakulina 12,
    Kharkiv, gras 61166
    Austria
    Phone: +61.4354353455
    Email:

    Domain servers in listed order:

    No name servers present.

    • Tom
      Permalink to comment#

      Like one siad before: Kharkiv is somewhere in Ukraine, not Austria. And the phone area code is from Australia.
      This means, that this domain info was faked too.

      Good research includes also cultural aspects and knowledge.

  31. Permalink to comment#

    I’d say use bluehost or fatcow (which I’ve been using for about a year now). The only reason goDaddy gets so much traffic and customers in Danika Patrick. (It’s a scam. They’re trying to sell her, not good service and domain names.)

  32. Jason
    Permalink to comment#

    I wish you the best of luck with this Chris. Thanks for keeping us updated too. I’ll be watching this thread like a hawk (since I too use GoDaddy). I’d also be interested in GoDaddy alternatives if you find some.

    Again, good luck man!

  33. Permalink to comment#

    They’ve already screwed-up some pages. check this link to your nth-child tester

    http://css-tricks.com/examples/nth-of-type-tester/

  34. Yet one more reason to transfer all my stuff out as soon as agreements are up.

    Hope everything turns out ok!

  35. Brannon
    Permalink to comment#

    I use ICDsoft, and have always been happy with their service. It’s not a big hosting company, but their features and setting options are great and their support has been fantastic. They only offer support by email, but I don’t think I’ve ever waited more than an hour to receive support on any issue by email. Once while I was in college, they even helped me with my PHP homework! (seriously, I was amazed) They’re have a lot of integrity as a hosting company; they offer you everything they should without making it seem like you should be paying extra, warn you when they’re going to change something big months in advance, and have amazing up time. I can’t recommend them enough.

    If you can afford it, I’d go with Media Temple. It costs about three times as much as ICDsoft, but gives you a ton of extra features, fantastic 24 hour phone support, the best control panel I’ve ever seen, possibly better up-times than ICDsoft (which is hard to do), and great server stability/speed.

    As a professional web developer who has worked with agencies/freelanced, I’ve used a lot of control panels and rangled with a lot of hosting companies. GoDaddy is by far one of my least favorite hosting companies; they’re dishonest, scammy, have horrible advertising, and their site seems like it’s intentionally unusable. The two companies I mentioned above are the best I’ve ever gotten the chance to use. I try to put every client seeking hosting on one of those two services; if they can afford Media Temple (20$/month minimum), I put them on that without hesitation, if they can’t, I put them on ICDsoft (about $6/month for everything most people probably need). Both services have great integrity and are really dedicated to providing great service. I’d say once you can, get off of godaddy as fast as possible; I hate that service for a reason.

    I hope you can get this resolved! I’m sorry it’s happening to you. There are some really horrible people out there in the world.

  36. GoDaddy focuses on only finding sexy girls and brand them as GoDaddy girls. Other than that security and customer care utterly poor. Like other guys, I’m also scared as I have lot’s of domain with them. :(

  37. Ryan
    Permalink to comment#

    For what it’s worth, I use http://softsyshosting.com/. They are awesome and I have never had a problem. Their support is incredible as well. They usually reply to any of you questions within minutes. I used godaddy once and I will never use them again. Navigation is clunky and hard to use and their customer support is down right terrible as you are finding out the hard way. I’d consider a switch.

  38. Peter
    Permalink to comment#

    I’ve been transferring my domains away from Godaddy over the last few months, they are just full of gimmicks and a really hard to use admin panel

  39. Permalink to comment#

    I have been in process of transferring to namecheap.com and I think I’ll expedite this process now. Good luck!

  40. I hope this issue gets resolved soon.

    I use register.com which has great customer service.

  41. Tieson
    Permalink to comment#

    Hope you get it all sorted Chris. This site is pure gold.

  42. Ben
    Permalink to comment#

    If GoDaddy has half a brain they’ll sort this stuff out immediately for you, not in 3 days.

  43. Permalink to comment#

    It amazes me that scammers are able to get their way with GoDaddy, but website owners often have to struggle for weeks to resolve the issues that are created, even when they are clearly the owners and there is no documented proof that they authorized a transfer.

    This is not an isolated incident, or even an uncommon one – this sort of thing happens all of the time, and has been for years. Obviously, GoDaddy doesn’t care, even when it is fairly high profile websites that are being affected. The only appropriate solution is to take your business elsewhere.

    GoDaddy is an awful company with some of the worst customer service I’ve ever had the horror of dealing with, and there are plenty of competitive alternatives.

    Best of luck in getting this resolved, Chris. Hope it happens sooner rather than later!

  44. Godaddy is awful – especially in terms of support. Its 30-45 minutes to talk to a human and then when you get a person, they aren’t knowledgable enough to actually assist.

    I wish you the best in getting this garbage straightened out.

    • Permalink to comment#

      It’s the human nature to generalize from just one situation. For me, it gets 10 sec to talk with someone, a true specialist. And i’m a network engineer and my problems where really hard to solve.

    • Permalink to comment#

      What you don’t realize is that this is the fault of the recruiters and management team. You are “required” little to no experience to get a level 1 support job @ GoDaddy. In addition, all of the level 1 support “techs” have a sales quota. The ones that are actually good at Sales, keep their jobs and end up moving to other departments. The ones that are actually decent at the technical aspects, generally aren’t that good at sales and end up losing their jobs.

  45. Permalink to comment#

    I use InnocentHost – really secure and affordable but the customer service is brilliant – can’t fault them.

    I get my clients to use them as well for domains and hosting – that was all is in one place.

    I hope you get everything sorted though – I had one of my domains from Holdfire.net hijacked once, they got it back but weren’t much help about the whole situation.

  46. Permalink to comment#

    You probably did not unlocked your domain. I think it’s a mistake from your part. No one needs to think that GoDaddy is not safe.

    • dj
      Permalink to comment#

      Spoken like a true Go Daddy employee! With grammar and spelling to match.

  47. Permalink to comment#

    I can’t imagine how frustrating that might be. I use Gator Host mostly for hosting, but I’m thinking of transferring my domains registration there also. They seem very reliable. Good luck. I hope it all ends well.

  48. Shane
    Permalink to comment#

    All the best Chris. I used GoDaddy once, never again. Hope it gets sorted soon.

  49. Steve
    Permalink to comment#

    I hope it works out. I use godaddy as well… I’ll probably switch too.

  50. Stephen
    Permalink to comment#

    I’ve moved all over my clients/personal domains to namecheap from godaddy over the course of this year. Their customer service is just terrible.

  51. I don’t think that this has anything to do with GoDaddy. If you look at the other sites listed, several different registrars were used. This guy actually targeted sites that got lots of traffic, and he took them. It is as simple as that.

    You will get it back, but it is going to take time.

  52. Time to switch to NameCheap!

  53. Jimmy
    Permalink to comment#

    Alex, how long have you been employed by GoDaddy?

  54. Bill Hess
    Permalink to comment#

    I could see this maybe happening to cccp-tricks.com ;p.
    Best wishes for getting it sorted out!

  55. Permalink to comment#

    Best of luck : ( we stopped using go daddy a long time ago.

  56. Permalink to comment#

    Good luck Chris, let us know if we can do anything to help! I work at Name.com, we’ve been helping David Walsh troubleshoot his issues – we’ve seen it all but are never ceased to be amazed…

    Not trying to give you guys a hard sell but do want to let you know that Name.com is an awesome SECURE registrar out of Denver, Colorado. We’re your small local alternative that will give you customized support while maintaining competitive pricing – and we’re just way cooler than the competition :) Feel free to hit us up on Twitter, @namedotcom or facebook.com/namedotcom or check us out at blog.name.com.

    Through the end of December we’re running a $7.39 COM/NET transfer special – no hidden fees, price includes ICANN fee. We’d love to help you guys keep your domains safe should you want to give us a try :)

  57. Ryan
    Permalink to comment#

    Anyone who recommends a company they have been with “for a few months” should not be posting. Domains are renewed, at a minimum, YEARLY. If you don’t have a few years of experience with a registrar I don’t consider that a useful recommendation.

    I use domainsatcost.ca, they are the largest registrar in Canada and have been stable and reliable over the years. Not to mention cheap.

  58. I have been using easydns.com for over 10 years, and LOVE THEM TO PIECES! I will gladly pay $25/year per domain for the piece of mind of an awesome, professional service!

    • D Dickson

      I’ve also used EasyDNS, and have found their technical support is very poor. I have recently moved all of our accounts away from EasyDNS for this reason.

  59. Permalink to comment#

    Godaddy are absolutely awful to use. Please give our service a look. At the very least, give anyone but them a chance. The domain industry is a commodity one but people are starting to realise they don’t have to be mistreated to get a domain. It’s like watching the entire web recover from an abusive relationship.

  60. Permalink to comment#

    Hi,

    Check out this story. I read about this about an year back.

    Excerpt from this http://timonweb.com/domain-theft-story

    Remember, you have only 15 days to undo domain transfer if you’re on GoDaddy (really dunno, maybe this is Icann’s rule and is applied to all registars). So contact undo@godaddy.com immediatelly!

  61. Permalink to comment#

    I’m with Web Hosting Hub and have been very pleased with them. Their tech support is friendly and doesn’t rush to get you off the phone. One time some hacker took down many websites hosted with them and within an hour or two they had fixed the problem and restored backups.

    Good luck Chris!

  62. Permalink to comment#

    That’s a little scary dude. Hope you are able to resolve. Keep us posted!

  63. Permalink to comment#

    Unfortunatly it’s not a problem unique to godaddy. The bad guy likely cracked password and logged in as “Chris” and requested the domain transfer. It can happen on any registrar. What I hope godaddy will do is check ip logs and see that when the transfer request was made, that the real Chris was not in Austria. Then godaddy has to ask ICANN to return the domain back to them. That’s what takes time but not 3 days if they bother doing it at all and not ask you to settle in court with the bad guy.

    • Permalink to comment#

      Unfortunatly it’s not a problem unique to godaddy.

      Also unfortunately, that’s true. That can happen with virtually any registrar one uses.

      The arguably tricky part is finding one who’ll immediately respond and act upon being notified promptly. However, that depends on the hijacking situation itself since some aren’t necessarily easy to solve than others.

      Take it from someone who’s worked with a registrar in a previous life.

  64. All 35 of my domains have been bought through Dreamhost over the past 6 years since 2005. I have a few domains with Godaddy, but I’ve been moving those over as their renewals have come up since Dreamhost now supports extensions beyond the common three (.com, .net, .org).

    The only downside to Dreamhost is you have to maintain a hosting account with them to be able to have full access to all the domain settings (DNS, nameservers, email, etc). They have an easy Google Apps set-up when you register a domain. Nice little feature.

    I don’t use them for site hosting because I build all my sites and client sites on Squarespace.com so I can’t really recommend Dreamhost for that as I don’t use it. But I’ve used MediaTemple, Network Solutions, Nettica, Doster, Register and a couple other domain registrars in the past and recently for clients who already have accounts with them. Dreamhost for me provides a great interface with their “non-cPanel” for managing my domains. Plus they have a quirky sense of humor on their blog. I can’t recommend them enough for domain registration.

    Sorry this has happened to you. I’m sure a domain registration company out there would be more than willing to help you migrate your domains when you get this one back. Good Luck.

  65. Permalink to comment#

    Hey Chris,
    Sorry to hear about your problems. I had a similar situation recently with my entire hosting account. The hacker changed the contact information, so I no longer had access.

    Well, years ago I got rid of GoDaddy because of various reasons that have been mentioned already. My new friends at Dreamhost were very cool and returned control of all my websites very quickly.

    I didn’t read all of the comments, but the first 20 or so had no mention of Dreamhost. I highly recommend them. ;)

    I hope you get your issues resolved soon!

  66. I’m surprised GoDaddy have not sorted this out. We’re not talking about a few anonymous bloggers here, there’s yourself, David Walsh, Soh Tanaka, all highly visible and influential in field. What GoDaddy don’t seem to understand, is that we, the Designers and Developers who read your blog, are also the people who tell advise the little guy (i.e. Joe Public) on which registrar to use.

    I currently use GoDaddy for most of my domains but don’t know how much longer I can do that given the length of time they, and certain others, have taken to resolve (or not resolve) this current batch of hyper-jackings. If they take this long to resolve problems when they happen to such a well-read blog, how long will they take when the site in question is less well-known.

    Finally, is there any idea how this happened? Is there any suggestion that GoDaddy are insecure or did they perhaps hack your machine? Guess your password by hacking another less secure site where you use the same password etc??

    • Permalink to comment#

      I’m surprised GoDaddy have not sorted this out.

      What many people don’t know (and probably don’t care) is that hijacking cases aren’t always easy to resolve. Each is assessed individually, especially if the domain name is transferred out to another registrar.

      If the latter happens, that makes recovery harder and longer to resolve. Essentially, registrars rely on whatever goodwill they’ve established among themselves to solve problems like this. (e.g. you help me get this name back, and I’ll do the same for you if ever…)

      Unfortunately that also depends how soon the registrar where the domain name was transferred to gets back to the original registrar. Not making excuses here, but telling how it happens in real life in my previous work.

  67. Permalink to comment#

    GL with this Chris. Hope everything gets sorted.

    I do not recommend anyone to use GoDaddy. I lose my mind with when I have to deal with clients who are hosted with them. I always have nothing but issues.

  68. Will
    Permalink to comment#

    Dude, how have you NOT heard all the horror stories about godaddy over the years? I would NEVER EVER use that company. This is another classic example of how shoddy they are. I hope things work out for you.

  69. Sorry to hear about your domain problems! That really sucks that there is shady people on the net that would do such a thing. I’ve also heard nothing but problems about GoDaddy.

    So, this is another vote for Dreamhost: http://www.dreamhost.com/r.cgi?461969

    I was on cheap-domainnames.com (which is just a branded reseller for another site) for many years and I was happy with them. But then I realized that I was paying for dreamhost already so I might as well use them for my dns too.

    They are about $0.05 less expensive than other providers per year (lol), and DH has a free whois anonymizing service, which other sites tend to charge for.

    Good luck.

  70. Permalink to comment#

    NoDaddy.

    Your website deserves better. We won’t let clients use them as a host anymore.

  71. cnwtx
    Permalink to comment#

    The IP address to this site is 64.13.251.230, if you put that in the place of http://www.css-tricks.com, you’ll still have access to the site even if the DNS gos down.

  72. cnwtx
    Permalink to comment#

    Glad to see you play banjo Chris! I play mandolin, guitar, and banjo.

  73. Chris, best of luck to you. I hope you can get everything resolved without loosing too much hair.

  74. brent
    Permalink to comment#

    This is an Arab or Persian (supposedly from Iran) ‘hacker’ that’s been doing this since at least 2008. Usually he/she/they get your domain user/pass through phishing scams. It’s not a problem with GoDaddy. Sorry to hear of your troubles none-the-less.

  75. Permalink to comment#

    I had to re-read this because I first couldn’t believe it.

    First of all, HOW did they change this stuff or made the transfer?

    Second, I don’t know how US legislation is, but do you have your logo and name registered as a trademark in the US? That can help in any disputes (including) a domain name.

    You better lawyer up after this.

  76. Permalink to comment#

    Btw, I also will get on the bandwagon with Dreamhost, though for domain registrations , I don’t know. You can look into Network Solutions, they are quite good too.

  77. Hey guys, this happened to us. We worked with the FBI (weren’t helpful) and then Godaddy did fix it in the end, took about a week. The “bad guy” sent a ransom note, not sure if you guys got the same. Good luck, feel free to reach out if you want to hear more details.

  78. craig reville
    Permalink to comment#

    I use 24 character passwords for all my domains after this exact issue happened to me with Godaddy last year AND I make sure all of my domains run through cloudflare to prevent anything dodgy from happening.

    I’ve had nothing but issues since godaddy sold off my domain name in 2009 to some spammer while I was updating and transfering my domain from godaddy.

    Fingers crossed it gets resolved quickly

  79. Abel
    Permalink to comment#

    Godaddy sucks, the support too, the hosting in godaddy its very awful too, i move to megacheap and i dont have any problem again.

    Make a request to the iccan and move the domain to another domain manager.

  80. Permalink to comment#

    Had a similar issue where the alternate spelling of my name got stolen and became a porn site. Luckily they only kept the site up for a few months and then they abandoned the domain and I got it back a year later. I had it registered through my hosting company who I no longer use.

    The situation made me angry for months. Hang in there Chris, we will follow you wherever you may go.

  81. Matt
    Permalink to comment#

    I had a domain attempt to be stolen through a Turkish affiliate of Network Solutions. I had all my domains at Enom bar one – the really expensive one that these guys attempted to steal – which I kept at Network Solutions thinking it would be safer there. No.. some affiliate of theirs did the transfer but luckily they hadn’t changed the email contact yet so I managed to transfer it back.

  82. GoDaddy takes your whois searches in their interface and captures the domains for a “brief period”. then they will attempt to get you to pay a certain amount (in my case they asked $85 for each domain) for them to unlock the domains they captured. They denied that they captured the domains I searched for (while logged into GoDaddy) 1 day prior to them “holding them”, but it’s pretty obvious given the timing and that there were 3 domains all of which i searched for. GoDaddy needs to learn a few things about how you can’t play both sides of the fence. I’ve never used them since.

    • Permalink to comment#

      GoDaddy takes your whois searches in their interface and captures the domains for a “brief period”. then they will attempt to get you to pay a certain amount (in my case they asked $85 for each domain) for them to unlock the domains they captured. They denied that they captured the domains I searched for (while logged into GoDaddy) 1 day prior to them “holding them”, but it’s pretty obvious given the timing and that there were 3 domains all of which i searched for. GoDaddy needs to learn a few things about how you can’t play both sides of the fence.

      Where the domain names registered TO Go Daddy or AT Go Daddy that time?

      Actually, one of their VPs Tim Ruiz announced online years ago they don’t log searches to sell them to people. But I guess that won’t stop some people from believing otherwise anyway. *shrug*

    • CJ
      Permalink to comment#

      I’ve noticed that whenever I search for a domain to see if it already exists that, if it’s not taken at the time of my search, it will be taken within 24 hours. I never attributed this problem specifically to GoDaddy, though. But the conclusion I’ve come to is that you’d better be ready to go ahead and snatch whatever name you’re checking out immediately at the time of your initial search. So, with whatever domain name I become interested in, or a client is interested in, I advise them to not search for that domain name until they are ready to pony up the cash, lest it be unavailable when the come back for it a few days later. I think it’s a dirty trick on the parts of whatever registrars are doing that sort of thing.

  83. RyShark
    Permalink to comment#

    It appears the domain has been successfully transferred to a new IP. People who can still see this comment can you please add the address “http://64.13.251.230/” to your bookmarks. This is the IP Address of CSS-Tricks.com and will not be affected. Thank you, and my provider for being slow at updating their DNS so I could find the IP and post this comment.

  84. Permalink to comment#

    Like Michael above said, it’s probably not Godaddy’s fault. The hack enabled this guy to get the info he needed to pretend to be you, and transfer the domain away. That could have happened no matter which registrar was used. Noticed that one of the others that had this problem above, did not use godaddy – he used 1&1. So, everyone needs to stop bashing any particular registrar – it’s fine to hate on Godaddy for any reason, but not necessarily for this one.

    In any case, Chris, it’s a crying shame that this happened to css-tricks. This site is one I’ve long adored. Hope you get it back.

    • Permalink to comment#

      Like Michael above said, it’s probably not Godaddy’s fault. The hack enabled this guy to get the info he needed to pretend to be you, and transfer the domain away. That could have happened no matter which registrar was used. Noticed that one of the others that had this problem above, did not use godaddy – he used 1&1. So, everyone needs to stop bashing any particular registrar – it’s fine to hate on Godaddy for any reason, but not necessarily for this one.

      If anything, people (understandably?) blame the party expected to handle things like these. But +1 to your comment still.

  85. BB
    Permalink to comment#

    That is HORRIBLE!! I noticed that PlanetDomain is registered with ICANN. If you don’t make any progress with GoDaddy and/or PlanetDomain you might want to head over to this site (http://www.icann.org/en/dispute-resolution/). If ICANN notices that pattern of behavior then ICANN and Network Solutions can take action against PlanetDomain. Hope this helps.

  86. I used to host with Godaddy until my site came to a crawl. I have sense moved everything over to ASO but left my domains with Godaddy.

    Ugh…don’t tell me they can’t even do domain name hosting well. I so don’t want to go through the hassles of changing.

  87. Kiki Kane
    Permalink to comment#

    Hey Guys –

    If you host a lot of domains with Godaddy, see if you qualify for their corporate level customer service.

    It’s a small team of great people who will truly take care of you.

    I handle hundreds of domains through godaddy corporate, and it’s saved my bacon many times. From international squatter deals to bulk transfer nightmares, I can only say great things about Gabe and his team of helper ninjas.

    I can’t speak for their vanilla level service, and I’m sorry to hear so many domain disaster stories! The stuff of nightmares for anyone whose business depends on their online presence.

    Best of luck to you!
    Kiki Kane

  88. I hope things turn out ok for you.
    I still have some domains at Godaddy, because they were cheap and situations like this really make me think … Name.com sounds trustworthy, anything that includes ‘cheap’ somehow doesn’t.

  89. I am seeing this happen very often and it happens because of stolen passwords.

    Goes like this:

    -Your desktop is infected with a virus and your gmail/ftp passwords are stolen.
    -Your site gets hacked by using the stolen FTP password (matched your case)
    -Your email gets used to send spam (did this happen?)
    -Sometimes your registrar account is hacked / domain stolen.

    If there is anything we can help, let me know. I would ask your hosting company for FTP logs and check your email logs to see if anyone is using it.

  90. Todd Mette
    Permalink to comment#

    Is it just a coincidence that your site and David Airey’s site were hacked right around the same day? Just 4 years apart?

    • Conor Haining
      Permalink to comment#

      Hmm, Now you mention that. That’s quite odd..

    • Permalink to comment#

      I’d say it’s just coincidence. Not unless it’s the exact same hacker.

      Unfortunately we’ll likely never really know.

  91. Sheesh, this is awful. Good luck Chris, hope it all gets resolved soon.

  92. Permalink to comment#

    Had to login to GoDaddy a couple of times – from Germany – never liked it.

    Wish you good look, and just in case css-tricks has to be found on antoher domain – I am sure we all stay – since we love css-tricks

  93. Permalink to comment#

    :/ good luck mate. will remove all my domains from godaddy asap.

  94. Permalink to comment#

    I’ve been dealing with GoDaddy domain name problems for the past month. It’s been a long, ugly battle. Best of luck, Chris.

  95. Craig
    Permalink to comment#

    Just an FYI but all the domains that have been stolen also seem to be hosted at Media Temple. So there seems to be this common thread of godaddy name registration and Media Temple Hosting.

    2 cents

    • Robin
      Permalink to comment#

      Hosting has nothing to do with this, and not all of the sites were even registered at GoDaddy. Media Temple is just the obvious choice for any high-traffic site in this field, which is obviously the group that the baddie is targeting.

    • Craig
      Permalink to comment#

      My Point was that if either a) Media Temple was hacked or b) If someone working at MT got their password they could use it to log into their Godaddy Account (or any other account) barring they use the same Password for theirhosting and registrar accounts.

      It just seems awfully coincidental to me. None of these sites were hosted on Amazon, Rackspace, Linode, Privately, Godaddy itself, or any of the other perfectly good alternatives to MT. MT is the common thread.

    • Permalink to comment#

      The common thread is ‘web design’ blogs. MT has nothing to do with domains registered at 3rd parties.

  96. Permalink to comment#

    Fuck you GoDaddy, and your slutty advertisements.

  97. Permalink to comment#

    I also use Dreamhost for registering my domains – never had an issue there
    Hope yo ucan get this sorted out soon

  98. Permalink to comment#

    I’m watching this thread closely. I have about 50 domains with GoDaddy. What I fail to see is how GoDaddy is the one at fault? Did GoDaddy just give your domain way? No it sounds like your account(s) got hacked. This has happened to other on other registrar services. In fact I am trying to help a client get two domain back that were taken from them from a different registrar prior to them becoming my client. Getting hacked is a security flaw on your part in most cases. Weak passwords, virus/trojan on your computer, reusing passwords etc. Unless there is a security hole in the registrars system this really isn’t their fault. Once a domain is out of their control there is little they can do. ICANN sets those rules. http://www.icann.org/en/udrp/udrp-policy-24oct99.htm Go ahead and hate GoDaddy all you want, but be honest with yourselves and realize this is happening at other registrars also.

    • Paul Willhite
      Permalink to comment#

      I have had a similar problem with Godaddy. They were very helpful in getting the issue resolved for me. I agree that in a situation like this, where anyone that WANTS to access your information and has the knowledge/ability, there is pretty much no stopping them. I don’t care where your domains are kept, how secure your passwords are, etc., there is always a risk of something like this happening.
      If there is a will, there is a way.

    • Permalink to comment#

      If anything, some (if not many) people automatically blamed Go Daddy because they’re not necessarily aware how hijackings like these occur, and expect Go Daddy to fix it. As some have already mentioned, it can happen with any registrar one uses.

  99. One interesting thing is that all the affected sites use WordPress (except maybe kirupa.com, I can’t tell). That may not mean anything. Tons of people use WordPress.

  100. Look, I’m really sorry to hear about this. I would never dream of using GoDaddy but all our domain names are with register4less which is more expensive but has never been a problem over a period of years. I write fiction mostly, but I’m interested in privcy and security, so sticking my nose in here because I was horrified at a security issue that no one else seems to question:

    “Friday 8:30am – I got the correct link to the domain dispute form and filled it out. This included a scan of my driver’s license. The website says it will be 3 days for an initial response. I hope it’s sooner than that.”

    Pardon me? Why do they need a scan of your driver’s license? My family has 7 domain names and have never needed to give out a driver’s license. The information highway doesn’t require a driver’s license. Do you think GoDaddy got a legitimate driver’s license from the person who hyperjacked your domain name?

    this whole situation seems to indicate GoDaddy isn’t particularly secure. Sites get cracked because our security is not careful enough.

    Don’t EVER scan personal primary identification and trust it online without *at minimum* very secure encryption. This is how identity theft happens.

    • Permalink to comment#

      Yeah, it just seems stupid that Chris is asked to scan his driver’s license after the domain is stolen but when a major change was made to his account, he didn’t even get an email informing him or asking him to confirm the change.

      Something is wrong with domain security and it has to change immediately. Hackers cannot have this much control.

    • uscareme
      Permalink to comment#

      Um, you guys… That’s a standard practice in the industry when account security has been compromised. Only the e-mail address of the Administrative Contact can be used to initiate/confirm transfers or request changes.

      If the e-mail address gets hacked, or the Administrative Contact can’t access it, or there is evidence of a security issue, you have to prove that you’re the Administrative Contact through other means.

      The most common is faxing your driver’s license.

      If you have 7 domains I highly advise you visit ICAAN and read up on domain policies. Otherwise, if you have an issue someday you won’t be prepared.

  101. That sucks man. Let the us know if we can do anything to help.

  102. Hope things work out. Sounds like it’s time to switch to a good registrar like NameCheap.

  103. Thanks for sharing your story. It is a wake up call for all of us. I wasn’t even aware this could happen. Glad you have a platform and reputation that we all take seriously, very seriously. This will effect my future decisions on domain name registration.

  104. Angian
    Permalink to comment#

    About the specific-date trail: the previous stealing case talked of a Turkish man, and 2 december is the anniversary of http://en.wikipedia.org/wiki/Treaty_of_Alexandropol, which is a somewhat meaningful historical event for Turks. I don’t mean to ignite a racial witch-hunt, just playing the detective; lots of others anniversaries reported by wikipedia :p.

  105. Fol
    Permalink to comment#

    Terrible to hear Chris, hope you get it back soon. Just terrible. Hope this guy gets found, this is identity fraud and very serious. Your whole business. Just terrible.

    GoDaddy with all those screaming ads everywhere on their own website is a company not my style.

  106. Permalink to comment#

    Wow, this is unbelievable. This better get resolved, or else everyone in the web design community should call for a boycott of these domain registrars, especially GoDaddy. Thank goodness I switched from GoDaddy a long time ago.

    But honestly. This is a very serious matter. The problem with online properties is that they don’t seem to get the same security as physical properties. Can you imagine someone walking into a WalMart store and announcing that he’s the new owner, just because he figured out the current owner’s email password? Crazy.

    Things like this need to change. The CSS-Tricks domain is worth hundreds of thousands of dollars, maybe even millions. That’s public knowledge. Therefore, domains like this should automatically be entitled to an extra level of security.

    For one thing: If there is any major change to the domain’s status, it should be required that someone at the current registrar make a telephone call (no, not just send an email) to the owner of the domain. This should be done if there is any activity that suggests major changes (like changing contact info, email address, password, transfers, etc.) It’s just inexcusable that something like this can happen so easily to such a valuable property.

    At the very least, when an online change like this is made, an email should be sent to the current domain owner, and the change must be rejected unless the owner does not “click to confirm” the change within the sent email. I mean, web apps do this sort of thing all the time for simple changes like password changes and email changes — is there really a problem with doing this for major transfers?

    IP addresses should also be considered for this sort of thing. For example, each domain owner should be able to register what country he’s in, or something along those lines, and thus prevent any major changes to be made from his/her account outside of that country, or outside of that IP address. Obviously that could have implications I’m not aware of, I’m just thinking out loud here. But something needs to improve. I think the telephone call is the best and most secure method, to be honest.

    If for nothing else, these types of extra security measures should be present in order to combat the possibility that someone that works at GoDaddy could easily do something like this without detection. When I worked tech support for an agency that did hosting, I had access to tons of stuff with which I could have done any number of scams. Does that explain why you didn’t get any emails or notifications from GoDaddy? I don’t really know. Seems very stupid that you wouldn’t get a simple auto-generated email outlining what had been done.

    Chris, if you require legal action, I’m willing to fork over a tiny amount of cash to help you out. And I’m sure most of your readers would be willing to do the same. It’s the least we can do in return for how you’ve helped the web design community over the past 5 years or so.

    • Permalink to comment#

      Not meaning to argue, but there are certain points I’ll address in your comment:

      For one thing: If there is any major change to the domain’s status, it should be required that someone at the current registrar make a telephone call (no, not just send an email) to the owner of the domain. This should be done if there is any activity that suggests major changes (like changing contact info, email address, password, transfers, etc.)

      IIRC Go Daddy offers that “extra option” of requiring a phone call for confirmation prior to transferring out a domain name. Domain registrar Moniker used to require that until ICANN itself modified registrar transfer rules years ago to do away with making a phone call mandatory.

      Besides, if every registrar required a phone call to confirm before allowing a domain name to move out, imagine how many people will complain to the registrar, to ICANN, and whoever consumer body about that. After all, people desire…nay, demand convenience.

      I just don’t know how many, or how much, people prefer convenience over security.

      At the very least, when an online change like this is made, an email should be sent to the current domain owner, and the change must be rejected unless the owner does not “click to confirm” the change within the sent email. I mean, web apps do this sort of thing all the time for simple changes like password changes and email changes — is there really a problem with doing this for major transfers?

      Generally that’s what happens when a domain name is about to be transferred between registrars. Heck, some (if not all registrars) even email the domain name’s contacts if a change is made in their domain name.

      Unfortunately if the hijacker compromises that very same email, the owner obviously will not receive the notification of that impending transfer.

      IP addresses should also be considered for this sort of thing. For example, each domain owner should be able to register what country he’s in, or something along those lines, and thus prevent any major changes to be made from his/her account outside of that country, or outside of that IP address. Obviously that could have implications I’m not aware of, I’m just thinking out loud here. But something needs to improve.

      Some registrars like Name.com offer that option, I think. I’m not aware about the other registrars, though.

      If for nothing else, these types of extra security measures should be present in order to combat the possibility that someone that works at GoDaddy could easily do something like this without detection.

      Absolutely. Given that registrars don’t make money off of domain names any longer, any calls for more “human interaction” in domain name’s security will rather cost the registrar more.

      If a registrar employee is paid, say, $8-$10 per hour, given that domain names average $8-$10 a year, and if that employee focused exclusively on addressing that hijacking case, the registrar essentially loses money on that already.

      I’m not writing these as excuses, even though some people will (understandably?) treat what I said here as such. I’m just stating realities on the registrar side of the fence, having been there in a previous life.

    • Permalink to comment#

      Excellent points, Dave. I have no problem with what you said. I was mostly thinking out loud and certainly don’t have the experience or technical expertise to have all the answers.

      One possible solution to the fact that registrars don’t make much (any?) money off domain-related activity:

      Have an option that allows any domain owner to opt-in to a higher level of service, with better security, monitoring, and human interaction — for a yearly and/or monthly fee. Obviously, domains are dirt cheap. Certainly someone like Chris whose domain is worth a mint would be glad to shell out a few extra bucks per month for some extra security in this specific area.

    • Permalink to comment#

      Thanks, Louis. I doubt anyone has all the answers anyway, but sharing things like these to possibly help someone makes it worthwhile. :)

  107. kikito
    Permalink to comment#

    Wow, that sucks big time. I hope you are able to get your domain back.

    I currently use 1and1 for domains, but I’m thinking about changing to another provider. Some people I respect quite a lot have been recommending dnsimple.com for these matters – I might give them a try.

    Regards, and good luck!

  108. Rey Bango
    Permalink to comment#

    Seems a lot of people are blaming GoDaddy for the theft but I saw a mention in this post about an email hack. I’m confused.

    Was GoDaddy hacked or was it an email security issue?

    • Permalink to comment#

      Was GoDaddy hacked or was it an email security issue?

      Either the domain name’s email was compromised (which is often the case), the OP’s computer was compromised, or someone did a “social engineering” attack on Go Daddy. Unless Go Daddy is willing to share specifics on this, unfortunately no one will really know for sure.

  109. John Fish
    Permalink to comment#

    I personally use 10dollar.ca for my domains, mainly because of the video on youtube of GoDaddy’s CEO killing the elephant. However, I’ve looked at 1and1 before, and considered it. But, I really hope that you’ll be able to get your domain back.

  110. Doesn’t GoDaddy send notification emails everytime a domain is locked/unlocked or any change has been made?

    • Permalink to comment#

      apparently not?

    • Permalink to comment#

      Yes they do. But if that very same email is compromised anyway…

    • Permalink to comment#

      If I understand the situation correctly, I don’t think Chris’ email was compromised. Was it? Chris tweeted that he seems to know what happened, so we’ll get more details later.

      I would be surprised if both the GoDaddy account and his email address were compromised. But I suppose both would be necessary to ensure there’s no immediate footprints and to be able to intercept any emails.

      This whole situation with Chris, David Walsh, and the others has really impressed how fragile our industry is. Many benefits to making your living online, but when the drawbacks hit, they can be quite frustrating.

  111. Permalink to comment#

    Well, this is scary stuff. I know a lot of clients that have their domain with GoDaddy.

    What choices do we have? it is expensive is you have to move 30 plus domains!

  112. Sorry to learn of your issues, Chris.

    My domain theft resulted in me opening an account with GoDaddy (I wasn’t previously a customer of the company, but as the thief transferred my domain to a GoDaddy account, it was necessary for me to open my own account to get it back).

    Since that time, and after accumulating a number of different domains with GoDaddy, I’ve transferred all domains to Heart Internet, a UK-based company that’s reasonably-priced and seems to offer a much better (less up-selling) service.

    If you think there’s anything I can do to help, you’re more than welcome to send me an email.

    Good luck.

  113. Like many others on this thread, I’ve been in the process of moving my domains to namecheap, this is the last straw for godaddy. I just finished the process by moving my last 2 domains over.

    No more godaddy for me.

  114. http://www.wired.com/politics/law/news/2000/01/33571

    Same thing happened to me back in 2000. I feel for you. It’s like getting a car stolen.

    -Joe

  115. Permalink to comment#

    Now that I finished (whew!) replying to some comments here, let me add my very own.

    For those asking how this thing can outrageously happen, it’s one of 3 ways:

    1. Your domain name’s contact email is compromised.

    2. Your way to access your domain name account is compromised (e.g. your computer is infected with a “keylogger” to record what you type on your keyboard, someone correctly answers the security question on account, etc.).

    3. Someone calls Go Daddy and (somehow?) passes their security verification methods. (e.g. correctly answers your security question)

    OP, I’m sorry to hear what happened to you and the others. You did the right thing contacting Go Daddy as soon as you could.

    Like I said earlier, unfortunately hijacking cases aren’t always easy to resolve. This is especially true if the domain name was transferred to another registrar.

    Registrars practically rely on whatever relationships they’ve formed with one another, just like that Name.com agent commented here. If the domain name was transferred to a registrar they don’t even have a cordial relationship with, unfortunately it’ll be up to that other registrar if they’ll cooperate or not.

    As said a few times also, this can happen with any registrar you use. I regret that that’s not what some of you probably want to hear, but I’m stating reality that one ought not to ignore.

    I’ve said before in my blog (shameless plug, I know) that the one thing to help you when trying to recover your domain name from a hijacking is persistence. Persistently (and periodically) follow up with the registrar, and be as polite as you can if they especially ask for some kind of verification.

    I too hope this will be resolved sooner, especially since the holidays are around the corner! Goodness!

  116. Permalink to comment#

    It’s good to read there are people like Ali (mentioned way up above), who took the trouble to contact other people like yourself who were also affected at this time.

    I sure hope you guys get this resolved right.

  117. From what I see, “Bad Guys Loves PlanetDomain.”

  118. Ben Ackles
    Permalink to comment#

    Your post made on Hacker News.

    http://news.ycombinator.com/item?id=3304512

    I just read David Walsh’s post yesterday. This seams like a very targeted attack. Good luck to both of you!

  119. Chris M.
    Permalink to comment#

    All the high-profile web developers out there (are you listening?) should raise cain about this issue! Give GoDaddy a call, send an email, etc. This is completely unacceptable.

    I hope things get sorted for you Chris (as well as the others that you mentioned).

  120. so sad chris. hope that everything will be on track soon.
    chris do you notice this http://ww.coloredlists.com/ when you type it,
    css-tricks.com website opens.

  121. Permalink to comment#

    You want to get your domain back? Lawyer up and sue these people http://who.is/whois/css-tricks.com/

    You have receipts of purchase and I’m assuming you registered this until 2019 (unless those hacker bastards registered it after transferring) and it is your domain.

    If it’s important to you don’t dick around with the company that it’s no longer with. Get it forced out of the account at the company it’s currently at. Do you have a DBA or any tax forms? Do you own the trademark for “Css-tricks.com”? If you don’t have any of that information you need to seek legal council and force the domain out of the account. Seriously, don’t expect people to just grab things for you, if you want it go get it. And while you’re at it, get a plane ticket and go kick the shit out of that asshole who stole your domain.

  122. Robin
    Permalink to comment#

    You can add Abduzeedo to the list. It happened to him last week, and the perp used the same admin email in the whois as yours. He was registered on Dreamhost.

  123. network-tools.com
    Permalink to comment#

    There is a transfer dispute policy that covers thee types of situations:

    http://www.icann.org/en/transfers/dispute-policy-12jul04.htm

    • Permalink to comment#

      Unfortunately only registrars can avail of that TDRP, which will cost at least $1,000 to file a non-guaranteed-result dispute over an $8-$10 a year domain registration.

  124. Stephen Howells
    Permalink to comment#

    This seems like something the FBI should be involved with investigating. This must violate like a thousand federal laws. Best of luck to you Chris. I’m sorry to hear that this happened.

  125. Man, I saw your posts today on Twitter and that is some freaky stuff! Hopefully it gets sorted fast!

    On a different note, GoDaddy sorted out some really odd DENIC issues for me recently I was happy with their service in that matter. But I do agree that there may be better registrar options out there. I just shutter to think about the potential issues with transferring a couple of my domains.

    Back to this though, good luck Chris!

  126. Permalink to comment#

    well all this has prompted me to move my domains from godaddy finally, it’s something i’ve wanted to do for a while–i’ll certainly miss logging in to do a quick task on my account and having to navigate through their ridiculous website and the random boxes trying to up-sell me on some service

  127. I had to check all 12 of my sites to make sure I still had them. I do. This is apalling, I can’t believe your website has been hijacked. I remember calling godaddy a few years back about a password reset. They asked me two questions and plopped in a new password. Hopefully they’ll help you out. I have had both bad and good experiences with godaddy, I use the, for domains because there cheap but that may change depending on your outcome.

  128. GoneGoneGone
    Permalink to comment#

    Godaddy just lost me. The over the top upselling has been grating on me for years but if my domain was snagged like this I would be ruined. Then to have Godaddy tell this site to get stuffed is just wrong. I have about 10 domains and some hosting with them. Not much but I wonder how many domains they are going to loose? Also how many are they not going to get? They are trying to sell the company. Part of the formula used to price a company is growth. So if this stops or slows growth then it can have a compounded effect on their price. A 1 percent drop in sales this year could be many millions shaved off the value of the company.
    BTW I have been with Godaddy for at least 8 years.

  129. Robert
    Permalink to comment#

    real sorry to see this happening to you, you produce talented work.

  130. From what you say, it sounds very unlikely that GoDaddy has done anything wrong in this case. If somebody have been able to get access to your mail account, it would be very easy to pull something like this off. I suggest making that very clear in your post, unless you actually believe that GoDaddy is to blame here.

    If you use a mail system you trust not to be compromised, then it must be a matter of a guessed password or similar.

    I suggest checking the strength of your password at https://www.grc.com/haystack.htm and maybe change your password even it is strong.

    Best of luck to you, and keep the great articles coming.

    – Egil

  131. John mulligan
    Permalink to comment#

    http://css-tricks.com/examples/nth-of-type-tester/

    they are messing with your pages!!!!!!!!!!

  132. Pete N
    Permalink to comment#

    Hummmm not good caused me to check my sites out all ok if you are looking to move your hosting i would urge you to stay well clear of 1&1 we had a horrendous game with them on a domain name problem almost wound up in court over it .

    Hope you get sorted quickly very useful site .

  133. Permalink to comment#

    This is terrible news.

    Chris, any chance you can do a poll on the home page for which domain service users would recommend? I currently have 100+ domains in GoDaddy and pretty terrified right now.

    Good luck with everything.

  134. that’s bad new wish you to solve the problem soon , we all love css-tricks and wish you best

  135. So did godaddy get hacked, was your password insecure, or was it this Gmail exploit you hint at which could let people request a password reset but redirect the email to a different email account?

  136. guy
    Permalink to comment#

    might not be a good idea logging into this site for the time being if it’s been compromised

  137. John S
    Permalink to comment#

    I’m sorry to hear you guys are going through this BS. I hope you get it sorted soon Chris. I won’t be using GoDaddy as I had planned for 5 accounts. Vote with your feet.

  138. RyShark
    Permalink to comment#

    CSS styles are back. Might be good.

  139. nick
    Permalink to comment#

    I’m sorry Chris but how did you not know about GoDaddy’s reputation? If you go to GoDaddy.com and search for a domain you want to register in the near future, if it’s a domain name that seems like it could be popular, GoDaddy will register it before you come back to register it yourself. GoDaddy has a HORRIBLE reputation with everyone i’ve ever met who has known them or heard of them. I had a friend who worked there who confirmed that they watch for people to search for good domains the person wants to register, then GoDaddy pounces on it before the customer can register it. They’re a very sketchy company, they’ll lie straight to your face too. I’m REALLY surprised you were duped into registering your domain there… I would bet that GoDaddy sold the domain themselves, made some money, then they say “oh wow we didn’t even know this happened!”… they’re cheaters and liars, watch out!!

    • Permalink to comment#

      GoDaddy will register it before you come back to register it yourself

      Do you know this for a fact? Or…did you hear that from someone who in turn heard it from someone else?

      I realize it’s very tempting to believe a registrar will do things like that. But they’re not going to necessarily risk their reputation over something like this. (at least those catering to end users like you and me, maybe…)

  140. This happened to me as well. I had a domain which was like 6 years old and I didn’t renew it for couple of days. And, then Godaddy steals it & calls it a “Premium Domain” :)

    • Permalink to comment#

      Were you eventually able to renew it on time, though? Because if not, then can you kindly enlighten me as to how could Go Daddy “steal” what you let go, even if you didn’t intend to do that?

      I mean, if you didn’t pay your apartment rental on time, do you think you can still do what you want inside that apartment unit long after?

  141. Damn, hope that everything will get back on track soon. :(

  142. Permalink to comment#

    I never liked GoDaddy. I tried it a few times, and it never satisfied me. Poor and clumsy interface, and every time I open GoDaddy, It feels like they try to rob me, instead of trying to sell me something (just like a very annoying vacuum cleaner salesperson). Switch your hosting provider. name.com is a really good choice.
    Have you thought about seeking legal advice and suing in case something happened to css-tricks? I’m not an agressive person (or the type who would sue), but in your shoes, I would. They failed to protect your baby :o

    p.s. I cannot understand how could you went to banjo class. Seems impossible.

  143. Permalink to comment#

    In my experience the threat of a lawsuit is a great motivator. I’d threaten strait up the chain all the way to ICANN. Some of these comments are incorrect in stating that your registrar is not responsible. They are managing your domain on your behalf and they certainly can be held accountable in cases like these.

    • Permalink to comment#

      Some of these comments are incorrect in stating that your registrar is not responsible. They are managing your domain on your behalf and they certainly can be held accountable in cases like these.

      Although I understand some folks feel and/or believe that, your registration agreement/contract defines your respective responsibilities, limitations and relationships. To be specific, look at yours and see what they can and won’t handle when it comes to keeping your domain account secure.

      While registrars can and do take steps to prevent hijacking, they don’t control everything such as your email address. Unless you’re using their email services maybe, why do you think they’re responsible for that as well?

      If you rented an apartment unit, is your landlord accountable if, say, an ex-girlfriend unlocked your unit’s door or opened the window to steal your stuff?

  144. Permalink to comment#

    I’m sorry it happened. I hope it all ends up well.

  145. Permalink to comment#

    This is a worst thing that can happen to a site owner.

    Keep your head up Chris.

    I hope it all works out in the end.

  146. Hellscream
    Permalink to comment#

    You can’t blame godaddy if someone exploited GMail and transferred your domain, much less if they somehow got logged into your account. How is it their fault?

  147. Alex
    Permalink to comment#

    A ton of these comments got me a bit unnerved. How difficult is it for me to transfer all of my domain names and my hosting service to Cheap Domain Names. How much would that run me?

    • Permalink to comment#

      I hate to say this and maybe unnerve you even more, Alex, but what happened here can occur with virtually ANY domain provider you use. An important thing is to know how and what you can control (namely your domain account, your domain name’s contact email, and how you access them) to at least lessen the likelihood of this happening.

      Keep billing and detailed records of your domain name, use hard to guess passwords if you can, etc.

  148. komiska
    Permalink to comment#

    Oh, dear!Outrageous! Just read the whole list of the affected domains in your newsletter, and am wondering is this affecting ONLY webdesign / webdev blogs? But even if not , why so many of the industry are hit by the same problem?
    Someone got an idea of making biz with this?
    Recently, Leo Verou was “forced” to change her domain name , are the same people behind this?
    Strange.

  149. Alberto
    Permalink to comment#

    What company do you think to use instead of Godady?

  150. Eileen
    Permalink to comment#

    So sorry to read all of this and see this has happened. Thank you for letting us know of the situation so we are for warned. Wishing you a happy resolution and the best!

  151. HC
    Permalink to comment#

    Look up the EFF, Ars Technica and basic searches on “S.O.P.A.” (Sopa)
    This is all big business, big government theft and huge power grab.
    Communism is NOT dead.

    http://news.firedoglake.com/tag/stop-online-piracy-act/

    http://www.anayacs.com/?p=563

  152. Mukarram
    Permalink to comment#

    Ohh So sorry to hear this … i learned a lot things from you Chris.

    Oh’ God Please help this guy !!!

  153. HC
    Permalink to comment#

    Dave, read the links.

  154. Rawrs
    Permalink to comment#

    Sadly this kind of stuff has been happening at GoDaddy for a while. We recently had to fix and migrate a site off GoDaddy, as a disgruntled former employee of theirs deleted a bunch of sites and left behind a photo of him urinating on a server in their datahouse.
    Suffice to say we don’t recommend their services any more. Not worth the risk – they treat their employees like crap, and I bet that’s where all their security issues lie.

  155. Amjad
    Permalink to comment#

    I never liked GoDaddy ever since I was first registering for a domain name. Name.com is the best!

    Sorry to hear about this issue Chris! Hope everything works out for you! Love your blog!

    -A

  156. Permalink to comment#

    It was really shocking news for me, because I am a Godaddy costumer for some of my domains and host. Also it was the first time to know non secure problems with Godaddy. But I think it will be solved immediately by Godaddy’s customer care center and hope any one the Godaddy technical person also will explain in the blog what was happening and how it solved with css-tricks.com and we can understand how they are committed to care customers.

  157. Th3D0ct0r
    Permalink to comment#

    The reason GoDaddy has so many horror stories, is that they register so many domains. They have almost 4 times as many registered domains as their next closest competitor (somewhere around 50 million, there’s a company called NetApp or something like this that tracks all that stuff). When you have more customers, you will naturally have more complaints. Same with someone like WalMart. They have so many customers that it’s very easy to find horror stories about them.

    There’s only one way to transfer domains between registrars, so obviously these hackers found a way to gain access to the accounts to do that. That’s not the fault of any of the registrars.

    @Chris, if GD or PD can’t/won’t help, I’d suggest getting the registry involved, in this case Verisign for .coms names. Good luck.

  158. Chris- Go Daddy has never been my favorite service, but after reading this, I’m horrified! Thanks for detailing what’s going on, please keep us updated.

  159. I don’t know, but I have many domains at GoDaddy, and it is quite good, I like it. Also, I also have transferred a domain in past from GoDaddy to other registrar, at GoDaddy sent me like at least a dozen emails., plus it took some 8-12 days or so. Even if I transfer a domain from one GoDaddy acct. to another GoDaddy acct., then also they send plenty of emails. I am pretty sure the email must have got into Chris’ account(since email info. is not changed) and the cracker must have deleted those emails as soon as they reached.

  160. mộŝŧẵ7їℓ ẵňŝẵҝ
    Permalink to comment#

    GoDaddy a very bad and racist against us, we Muslims

    It is a failed company

    I advise you to Nimes. Com

    I wish you health, Chris and go away

  161. We never use godady or name.com. We used always work with local partner which we can contact them easily by phone. I hate to use a contact form for urgent case.

  162. Permalink to comment#

    hey Crhis, What we do for help you to regain control of your domain? please Excuse my English. I am from Argentina but in your place would make an application to some hacker team until you get your domain back.

    bye

  163. me
    Permalink to comment#

    Check your GMAIL filters list to check for and delete any unusual filters that may have been added. Could be how the account keeps getting compromised.

  164. Nir
    Permalink to comment#

    Hey Chris,
    sorry to hear about all this.
    Hope it will all clear out soon.

    In the meantime you might want to consider giving us, your loyal followers, your site’s IP address so we’ll make sure (by altering our hosts file) that it leads to your site…

    Just a thought…

    Nir

  165. Permalink to comment#

    Good luck in getting your domain back…. :-/

  166. Permalink to comment#

    You must have fell for the GoDaddy fake ICANN e-mail. Scammers send out fake ICANN e-mail disguised as an e-mail coming from GoDaddy. They use typo domains like goddaddy dot com. Scammers target GoDaddy because it’s the largest registrar. The scammers will use your username and password to gain access to GoDaddy account and transfer away domains.

  167. Wow !!! This is so SHOCKING !!! Did the hackers request any money to return your domain safely ???

  168. Permalink to comment#

    Hi Chris,

    Not sure how much more information this adds or not to what you already have, but in case you haven’t checked, here’s a bit more information of the person who made the transfer.

    http://whois.domaintools.com/css-tricks.com

  169. Hi Chris,

    I’m so sorry for you, it’s one of my worst nightmare… I wish you good luck to resolve this.

  170. Permalink to comment#

    Chris,

    Best of luck with sorting all of this stuff out. It’s scary that things like this happen.

    Just a thought, do you force HTTPS when you you GMail? There’s an option to always use HTTPS when connected to GMail, and I’ve had it activated since I started using the service a while a ago.

    With the advent of hacking tools and such readily available on the ‘net, I feel that SSL is super-important. Again, just a thought.

  171. WithinRafael
    Permalink to comment#

    I’m confused.

    You clearly indicated your Gmail account was compromised. And yet you’re still questioning how your GoDaddy account was compromised?

    By stating “Presumably the hacker deleted them from my GMail account”, I can presume your GoDaddy account is tied to your Gmail. Any conclusion outside of “the hacker clicked Forgot my password at GoDaddy” is a crazy. This isn’t a GoDaddy or Gmail issue.

    Just suck up the fact you messed up and move on. No one is judging you. :)

  172. temerity
    Permalink to comment#

    I just want to point out that, if you find your Gmail has been compromised, the first thing to do after regaining access is to look at the Last Account Activity Details page. That will show you from what IP addresses your account has been accessed in the last 24 hours, and whether the device was a mobile or fixed type. It’s better than nothing when trying to track down such a miscreant, and it helps weed out when it’s your own fault, and when it’s a hacker.

    BTW. I’d purge that machine. Like Mr. Hand Grenade, it is no longer your friend. Someone has likely subverted it, likely with a keylogger, and perhaps with a full rootkit and backdoor. Your own machine may be performing the changes to your accounts when you aren’t looking, all done remotely.

    But then, I’m paranoid.

  173. Richard Reeve
    Permalink to comment#

    GoDaddy has so many horror stories because they have such a massive customer base and SO MANY people building websites and buying domains who really have no idea what they’re doing from a technical perspective. GoDaddy are a victim of their own success.
    I’ve been using them for the last 8 or so years, I’ve hosted countless websites and bought 100’s of domains off them and I can honestly say with my hand on heart that I’ve never had one single serious problem or complaint thats worth mentioning. I always rate a service based on my own experiences and I do this regardless of what other people say so from my perspective GoDaddy are great and I will continue to use them.

    In regards to people having their domains names stolen, I think its incredibly unfair to blame Godaddy for this because it is clearly not their fault. Their services are secure enough, well, as secure as can be expected when dealing with the public. Its virtually impossible for a service like GoDaddy to protect its customers, if a customer doesn’t take their own security seriously. Any website is only as secure as its weakest link and unfortunately in most cases, the customer is the weak leak. Theres no deterrent from this without sacrificing basic website access.

    99.9% of domains that are stolen are stolen because someone has gained access to your email account. You email account is basically a password database of all your web profiles and a hacker can do a lot of damage with 5mins inside your email account. Most people online tend to use the same password over and over again and this is a MASSIVE mistake to make. Think about it, anyone can set up a beautifully designed website that looks 100% legit and above board. They could then set up user profiles, forums, blogs etc and just imagine how many of their registered users have added the same password as the email account they used to register. This extremely simple technique is extremely powerful and much more widespread then you can imagine.

    In fact, I would put money on it that every one of them hacked domains that Chris has listed all have one thing in common. Because their all in the same design niche, I’m guessing at some point they have all subscribed to the same design related newsletter, forum, or design community and the owner was the hacker responsible.

    Anyway, always use a STRONG AND UNIQUE password for your email account and ALWAYS delete any emails that contain login info. If you ever register, subscribe, or sign up to something, NEVER EVER use the same password that you use for the email account that your using to register, subscribe, or sign up with. This is basic stuff.

    Finally, Chris, I hope you resolve this issue quickly. Sorry to hear the bad news.

    • Permalink to comment#

      +1 about rating a service based on your own experiences, the foundation of empiricism ;) Also I have to agree that it doesn’t sound like GoDaddy did anything too irresponsibly in this situation.

      That said, there’s a lot of reasons to dislike GoDaddy that aren’t related to their service, first and foremost of which are their sexist advertisements which insult the intelligence of their customers.

    • Permalink to comment#

      because it is clearly not their fault.

      Heh, if only it were that “clear” to other people here. But I agree with you that they can only do so much if people don’t take their own account security seriously as well.

      It’s a two-way street. Just a shame some (if not many) people see it only one-way. *shrug*

    • Permalink to comment#

      They are all big, popular sites. They don’t need to have been subscribed to the same things or part of the same community. The fact that they are well-known makes them target enough.

  174. Magid
    Permalink to comment#

    Sorry to hear about this and hope you resolve it.

    The hacker hacked your email account not godaddy’s. You should change your accounts password and the passwords of every site you used this account to register in. In case he used the forgot password feature of these sites too.

  175. Permalink to comment#

    I never thought much of Go Daddy before due to their misogynistic and insulting advertising campaigns, not to mention their ignorant elephant killing CEO. Their half-assed response to this situation sounds like another great reason to move away from them.

  176. Hey Chris,
    I think you just sped up my godaddy exudus. Even if it wasn’t them at fault for this there are too many other reasons to leave.

    I hope this may help a little. I added a subdomain so that I could find your site in the future if something happens and your dns gets changed further. I thought it might help others too, it is http://css-tricks.jasonbrennan.com it will send users right to your servers ip.

    Hope this helps Good luck.

  177. The same thing happened to me and feedblog.org … which now no longer points to my domain.

    GoDaddy was amazingly evil/incompetent in helping me resolve the issue.

    I tracked it down and I’m 99% certain this was GoDaddy’s fault but at this point in time they’re telling me I have to send them a subpoena for any additional information.

    So FUCK YOU Godaddy…

    Seriously… if you have a GoDaddy domain transfer it NOW.

    Even if the domain is transferred due to an error NOT on their part they will obstruct your ability to resolve the issue.

    • Hello Kevin
      I see that the your domain feedblog.org is unlocked now so
      If you know the EPP Code for feedblog.org when you buy it
      I think you can transfer it again to your account.

      Good luck

  178. Dawn
    Permalink to comment#

    Wow, really terrible. You have a lot of fans all over the place and many of us would find it fun to go to an office in our area and “act up”! If you find any nefarious offices in NYC I’m game! When you find the IP address and track down the location, please publicize it so we can tell all our friends in that location.

  179. Dawn
    Permalink to comment#

    Hey, any fellow tricksters in Melbourne by the Planet Domain offices? The WHOIS directory shows PlanetDomain.com is owned by:

    Planetdomain Pty Ltd
    Angelina Potapova (ID00293340)
    P O Box 7526
    St Kilda Road
    Melbourne, Victoria 8004
    Australia
    Phone: +61.388444200
    Email: angelina@planetdomain.com

    Act Up, fight back, fight domain theft!

  180. Dawn
    Permalink to comment#

    Looking for a good time? Call Angelina Potapova at +61.388444200. Ask her “how’s tricks?”

  181. Permalink to comment#

    Chris, sorry you had to go through this mess. What a nightmare pain in ass.

    Another interesting tidbit on planetdomain.com; look at the entry in Whois info (admin at snapnames.com)

    Administrative Contact, Billing Contact:
    Planet Domain Pty Ltd
    (137)
    PO BOX 270
    BROADWAY, NSW 2007
    Australia
    Phone: +61.299340501
    Email: admin@snapnames.com
    Technical Contact:
    Planet Domain Pty Ltd
    (138)
    P.O. BOX 270
    Broadway, NSW 2007
    Australia
    Phone: +61.299340501
    Email: domains@planetdomain.com

    Take a look at http://www.snapnames.com/
    (Site TItle: Auction marketplace Buy and Sell Domain Names)

    Tagline: “When the domain you need is taken”

    Search box Home Page:
    “Find already taken and expired domains now:”

    What are we to make that planet domains and the other site are somehow linked?

  182. Hi Chris,

    I think you should go a little forward and create an email account only for security purposes and that only you use to register those domains.

    BTW, it looks that they are targeting design and development blogs, so it is possible that they are not done yet.

    Good luck and anything we can help…

  183. Jonathan [JCM]
    Permalink to comment#

    Domain.com all the way.

  184. Permalink to comment#

    One thing to emphasize from Chris’s post is that this isn’t limited to just GoDaddy. My domain (kirupa.com) was registered on Network Solutions. Someone was able to log-in as me and change the e-mail addresses to authorize the transfer to Planet Domain.

    Cheers,
    Kirupa

    • Permalink to comment#

      Kirupa, check back with Network Solutions when you can:

      Domain Name: KIRUPA.com
      Reseller…………..: PlanetDomain Ltd Pty
      Created on…………: 10 Feb 1999 16:00:00 EST
      Expires on…………: 10 Feb 2016 16:00:00 EST
      Record last updated on: 30 Nov 2011 18:12:44 EST
      Status…………….: PENDING TRANSFER

      It looks like it’s in the midst of being returned to NS?

    • Permalink to comment#

      Dave – I am not sure that is the case, for the date showed 30 Nov 2011 when I contacted them for the first time about it. It was also showing Pending Transfer at that time as well. The domain information for the transfer was made on October 16th according to their support representative.

  185. James
    Permalink to comment#

    “Hey ya’ll. This is (really) Chris Coyier.” – Oh yeah that’s not suspicious at all….Chris, or may I say HACKER!

  186. Permalink to comment#

    scriptandstyle.com and shiachat.com seem to be down. It has begun… :(

  187. vale
    Permalink to comment#

    Hi Chris,
    you have all my compassion for what has just happened to you.
    You really don’t deserve it cause you’re cool person.
    Reading about the way this stuff happened, and especially thinking about your gmail account, made me think two things:

    1) If you log to your gmail via web you can check logs for recent activity: ip and kind of access (POP, IMAP, WEBMAIL) are recorded.
    2) If the cyber criminal (let’s call this guy with the right terminology) had access to your gmail account right after you have changed the password, couldn’t be possible that this guy has access to your local keychain on your Mac (1Password app)?

  188. vale
    Permalink to comment#

    PS I forgot to add something: I’m giving him a “Macumba” (curse). We should all do that!
    Hoping he’ll get very bad hemorrhoids and that he’ll need to get in surgery for that.

  189. In my case i am not using Godaddy though when i registered my first domain ie freakify.com it was present their .

    Well ! Chris i would like to know was there any attempt of hacking that can get WordPress involved in being the reason for it?

    I mean is their any security flaw at WordPress end? if so kindly share it with world !

  190. Permalink to comment#

    i would like to know was there any attempt of hacking that can get WordPress involved in being the reason for it?

    Unless one maybe uses the exact same password and/or email for his/her WordPress blog and his/her domain account, a domain name’s web site (WordPress or otherwise) has nothing to do with its name’s hijacking.

  191. Never Been fan of Godady their services never satisfied me. Namecheap, Resellerbiz are Good.

  192. Permalink to comment#

    Wow, that’s horrible to hear. Sorry to hear that. I’ve heard in the past that GoDaddy has some security issues. You should consider contacting the people at DomainTheft.org to see if they can help you. I know that they have helped recover stolen domains in the past.

  193. Ann
    Permalink to comment#

    “Strange: My GoDaddy account password was never changed, nor does that password exist in my GMail account. How did he get in?”

    Sounds to me like someone might have hacked your 1Password account.

    Do the other domain-owners use 1Password?

    Frightening — I just checked all my stuff, seems ok.

  194. Michael Chang
    Permalink to comment#

    This story and all of the comments points to the sad state of affairs when it comes to registrars. I have NEVER, EVER registered a domain with a registrar that hasn’t pissed me off. You would think that by now someone in the world would be competent at running DNS servers AND hook up with someone else who is competent at creating a good user interface. And yet it has never happened. I’ve used almost half a dozen registrars, and not a single one has make me go, “Finally!”

    Chris, get yourself a virtual server with shell access. Then lock it down and turn on auditing and remote logging. Then you won’t have to fight with incompetent, irritating, obstinate people who refuse to give you access to log info that is rightfully yours. IOW, “get root.” And if you don’t have the UNIX skills, I’m 500% sure you have a buddy who does and who wouldn’t mind administering it for you for free.

    Registrars should configure everything so that, by default, all newly registered domains have the highest security (2-factor auth; multiple e-mails setup which receive e-mails upon transfer initiation and which require you to hit a unique URL in order to authorize the transfer request; multiple strong passwords required to initiate a transfer; yadda-yadda-yadda * 10^6.

    Don’t use webmail for this kinda thing. Host sensitive e-mails on a hardened server which requires SSH access. Then use pine/alpine for mbox access.

    Sad state of affairs. IIRC, Google themselves had this same thing happen to them in the past 1-2 years. Quite embarrassing considering it’s Google with some of the best sysadmin-fu.

    • Permalink to comment#

      Registrars should configure everything so that, by default, all newly registered domains have the highest security (2-factor auth; multiple e-mails setup which receive e-mails upon transfer initiation and which require you to hit a unique URL in order to authorize the transfer request; multiple strong passwords required to initiate a transfer; yadda-yadda-yadda * 10^6.

      From what you described, Name.com seems to be the closest thing to all that. While I’m sure other registrars would love to do something similar, it ultimately depends on their intended market.

  195. My god you people are stupid. Hundreds of posts about how Godaddy sucks, or use this registrar to be “safe” over another one.

    You haven’t had any problems with your registrar because this hacker was targeting very specific blogs. If they wanted YOUR account they could probably get it.

    No matter if it was on GoDaddy or Registrar.com or wherever. All of these blogs were registered with different companies, it didn’t matter which registrar they use, the hacker got to them anyway. He/she has his email address password as well.

    The domain registrar you choose doesn’t matter because the hacker was able to get ahold of both email and domain registrar passwords.

  196. Permalink to comment#

    I’m so sorry Chris. I recently got my domain held hostage by someone who knew my passwords (through me, I was stupid and too trusting) and I know exactly how this feels. I’d suggest you see it as a chance to change names, I’m sure you can find something even better. Then if you get your domain back, you just redirect. ;)
    That’s what I did at least.

    I wish you good luck from the bottom of my heart.

  197. WPHead
    Permalink to comment#

    The hackers clearly gained access to the email accounts first and then to the registrar accounts. Once you know the domain owners email account, you can search for the owners user id within the emails, and with the email and the user account, you can gain access to the password through the password hint feature at most registrars without having to reset the password.

  198. Permalink to comment#

    I’m sorry Chris. What a mess…. I think GoDaddy is the worst registar out there and MediaTemple by far the worst Hosting Company.

    GoDaddy’s admin dashboard is just a mess, security is minimum and their support takes too long. I prefer NameCheap.

    Don’t let me start on MediaTemple…

    I hope you resolve the issue fast and painless :)

  199. Alaa Nayfeh
    Permalink to comment#

    i’d say it is a MAC thing..
    if you check all the sites that got hacked.. the admin is always on a MAc PC ..
    and none of them got a real protection solution. i remeber reading about a proggie for Mac that was able to steal passwords and other informations and even get access to the root
    .. from now on every mac user should get a better protection , and dont believe the shit whne other people say.. MAC is immune .

  200. Bruno Pouliot
    Permalink to comment#

    how you thing you can resolved this? Me GoDaddy stole my domain and i have to pay some extra money to get badk my name domain. GoDaddy is take the agressive bisness way.

  201. Permalink to comment#

    Really bad news Chris, whish you all the best!
    But what do we can learn again? Nothing is secure and don’t be trustful especially not on the net.

    Well, there are a lot bad comments here against GoDaddy may it true or not I personally never had to do with them I’m on Hetzner myself.

    My knowledge about security issues (doesn’t matter if its a Mac or Windows machine) is that mostly not the Application or OS is insecure but the man infront of the screen!

    Asked yourself:

    Are you one of those guys who saves your passwords inside of the browser? Yes I know its so easy and so fast when you come back to a login who want’s to re-type their credentials over and over again?

    Trust me its a really bad idea!

    You re-type your credentials and not using autosave passwords? Better but still insecure using your keyboard.

    Use on-screen keyboards instead!

    Someone emailed you a superduper app you should try out?

    Don’t trust this person even the mail comes from your mother.

    There are a lot of tools which might help you in that case:

    Use a sandbox or use a vm for stuff like that some antivirus products have a build in functionality which will help you out there. The good thing is if your antivirus product had such functionality it can analyze it while running in a save enviroment.

    Another thing is protect your privacy where you can.

    But there are so much nice apps out there how about twitter, facebook and such?

    Yes so nice but do you really know what kind of informations are saved about your person?

    Try to finetune your profiles data and try to control it yourself. E.g. what informations can be found about you and which shouldn’t…

    Also suggesting facebook, twitter blocker available for firefox and chrome which will prevent data is beeing tracked about you from facebook and such while you are logged in.

    So you have a MAC and you think you are secure because of that? No you are not!
    I know I read it all on the net things like: A Mac is so much secure compared to a Windows machine…

    Again the man infront of the OS is insecure!

    My opinion is that if you don’t have an idea how your OS works, why the process XYZ is running and for what it stands for it makes no different on which OS you are you still will be insecure.

    Learn how your OS works that will help you identify when something runs in the background which shouldn’t run! It helps a lot track down the evil.
    You don’t have to be a security analyst for this there are a lot of sources on the net which will help you to find things out.

    But a fact is you need to get at least a basic knowledge how things works and why.

    Well, you might all know this but people are lazy they might forget about those things often so its just a reminder.

    It will not prevend getting hacked but it makes hackers life a lot harder if you take care of the above.

    Just my 2cents

  202. Renee
    Permalink to comment#

    This happened to me last year! I didn’t know what to do, so I didn’t make a big deal over it. What happened is I registered a domain with crazydomains.com.au, and then one day it said it was registered with BottleDomains, who were a reseller of PlanetDomain (or something similar, I obviously can’t access the whois now). When I emailed Bottle, they tried to tell me the domain had always been registered with them – despite the fact I’d never heard of them before they appeared on my whois.

  203. AngelaInMpls
    Permalink to comment#

    Hi Chris,

    I’m new to web design and I recently discovered your site. I’m horrified by what’s been happening to you, but I’m also grateful that you’re sharing this experience with us. Best of luck getting it resolved. Regardless of your domain name, I’ll continue to read your posts.

    Angela :)

  204. i just query to name.com for get help to protect my domain names and even need help to know about more tips and tricks on these kind of attacks.

  205. Looks like that hacker has a lot of expertise. It’s really terrorizing that the hacker could reset your GMail account password at will.

  206. Permalink to comment#

    Ugh, sounds like such a headache! And (mt) should have logs everything? My company has logs ~6months and archives the rest…

    GoDaddy, ugh I have a small virtual and a few domains there, I’ll eventually migrate elsewhere. It also sounds like gMail could have been involved too?

    I want a full synopsis, when everything is fixed!

  207. Alaa Nayfeh
    Permalink to comment#

    Gmail and/or Google Chrome = Openning the doors for hackers .

  208. Permalink to comment#

    I had the same problem but I was able to close the transfer process and regained access way faster as I knew my gmail password very well and the hackers where changed my mobile phone number and secondary email, so I was 100% sure that there is something wrong with that.

    Later on I discovered that my password was leaked by my friend to whom I gave ti while ago because there were urgent case and he due to his stupidity got caught my phishing website. It was that simple.

    It’s really easy to reset gmail password if you have once been in account ant took a screenshot(Google asks for what folders did you have there, to whom where you sending last emails etc.), that’s why hacker was able to access account second time as well and probably you didn’t change secondary email after you got hacked 1st time.

    Everything here started because your email was the same to some other online service of you just accidentally typed it in wrong place(software, phishing site etc.)

  209. greg
    Permalink to comment#

    Chris,
    In your gmail account you can see a login history and IP address, scroll to the bottom of the page and click on activity details. That may be able to give you some idea on where this attack came from.

  210. Konstantinos
    Permalink to comment#

    Hi Chris,
    How is it possible to hack Gmail with two-step authentication enabled+https?
    I think it is GoDaddy’s problem.

  211. PVieira
    Permalink to comment#

    I think is a Gmail security problem.

    Someone hacked my friend email too and know it sends some spam message to all her contacts in her name. She had the 2 step authentication thing.

    The problem is that we don’t have any way to contact Google (no costumer service).

  212. Soh Tanaka’s website is now ‘offline’ let’s hope the same does not happen to the other affected domains :(

  213. After a re-read, it sounds like you might have a keylogger on your computer. You probably want to nuke it and put a fresh OS install over it.

    I can’t imagine how someone could manage to so specifically get a keylogger onto the machines of people who have domains, though.

  214. Permalink to comment#

    I’ve been using DirectNIC [directnic.com] for over a decade for all my domain purchasing with no issues to date.

    Good Luck with this Chris and if you need any help feel free to contact.

    • I have been using DirectNic for too. And I know that this is not what this post is about…. However they are more little more expensive – but they are easy to use and you new domains are almost instantly available. No waiting for an hour for your domain to update on their severs.

  215. Beno
    Permalink to comment#

    Hope all gets resolved for you man. I really enjoy reading your site and learning new things thanks to you (every time a new “a-ha” moment).

    I personally (if you’re looking for a host/registrar) would recommend Combell in Belgium (www.combell.com). I’m not doing this as advertisement (so no flames on that please). They have rather higher prices compared to many many others. But at the otherhand you do have 24/7 support and I can always call them by phone for free (ok you pay more than a godaddy, one, … but you get the support for it).

    Hope all gets resolved for you man.

    Regards

    Beno

  216. ssam
    Permalink to comment#

    Hi,

    I also have had my GD account accessed (a while ago though), the hacker also had gained access to my email account associated with Godaddy account. Strangely only 1 domain name was transferred away even if I only noticed the hacking 2 days after the fact. In the end I sent the letter with my passport scanned to Godaddy claiming that I hadn’t authorized the transfer and I got my name back in a couple of days.

    Best luck to you!

  217. Dave
    Permalink to comment#

    I hate the thought that our lives online are so insecure, that you can add in all the security measures you like but someone can break it within a matter of hours if not minutes.

    One thing I think you (Chris), Dave Walsh, Soh Tanaka and others affected by this should take from it all is that you attract a big enough audience for these cretins to target your sites. This means that you all provide a great service to the people that count (us readers).

    One thing that I thihnk you all need to do is look for commonality between your selves though. Could the common issue be wordpress? maybe some security issue that has been monitored to find ways into each of your machines or something similar. Obviously needs discussion between all those affected to find the original source. the dates for these attacks are too close to each other for it not to be the same issue that is being exploited.

    I also think it raises another issue of how easy it is to transfer a domain and maybe there should be some action into how this authentication process for transfering should be managed.

    hope you all get this sorted soon and keep up the great work. We all appreciate it (even the toe rag hackers).

    • Permalink to comment#

      It’s not that it is easy to transfer a domain. The Google exploit, if you were affected, would mean that you would have never seen the emails anyway. So regardless if your Registrar had a ton of notifications and security options, if you never got the warning email because of the Google exploit, it wouldn’t matter.

      All this has made me do is verify my security settings at my Registrar and that no strange filters/accounts/forwarding were setup in my Gmail account.

  218. Permalink to comment#

    I am your site fan!So, I don’t wanna this site down. I wanna kick that hacker instead of you! Anyway, Chris Coyier, I am always thank you for tutorials or knowledge share!

  219. Andrew
    Permalink to comment#

    Does this require money to resolve – i.e. to take legal action? If so, would anyone consider joining me in supporting Chris via http://www.pledgebank.com? For clarity I’ve not set up a pledge yet.

  220. thats crazy!, i have all of my sites on godaddy.. the funny things is that i went to soh’s site first and realized it was down (SMH…) and then came here to realize the problem. how does one obtain such private information like this…

  221. Sarah
    Permalink to comment#

    This thread made me immediately go to Dreamhost and figure out what account settings I should enable…

    Result:
    – Logged in and went to “Edit Profile”, then “Preferences” and checked the box saying “Require email confirmation before allowing a new IP to log in to your web panel”
    – Automatically was logged out and told I must confirm my IP address
    – Entered account email address and was sent email verification

    This way, no one can log in to my Dreamhost web panel from a different IP address without having access to my email. And I have 2-step verification on my Gmail. While I don’t have any domains that are high-traffic, it still helps me sleep a little better since I am responsible for other people’s websites.

    I’d also like to recommend Dreamhost – I haven’t had any serious issues, but I have had to transfer a domain to them from Intuit (who was extremely less. than. intuitive) and Dreamhost went above and beyond!

    Best of luck in getting your issues resolved!

  222. Try to get in touch with Elliot Silver of elliotsblog.com That guy knows seriously everything about domain names and I bet he knows what legal options you have as well. They can’t get away with it, look up what happened with p2p.com case. There’s also a lawyer called Ari Goldberger that could help you as well. Howard Neu could help as well I bet.

    Post about this in namepros.com and find out what options you have now. You have ways to get it back but it will take some legwork.

    Anthony

    • Permalink to comment#

      Already posted in NamePros, actually. Just spread the word to wherever you know to help increase awareness of this.

  223. Hardik
    Permalink to comment#

    Hey chris,

    Problem could be Godaddy if someone have hacked one of there box which handles the domain transections then this is possible. if you remember few months back iranian hackers hacked the root ca server which breached the https all together.

    What i know about go daddy hosting is few years back when i tried them they have the worst setup and very law level security, you can ssh and do anything to other users on the same server. i don’t know if its the same for there domain services too. but after that i never trusted them for anything as they told me it’s out of there scope.

  224. Wow, that’s really worrying. We have lots of domains with godaddy and always presumed they were pretty secure, obviously not!

    Might have to consider alternatives now…

  225. For those who think GoDaddy is not secure, I’d not worry overly much.

    First, no site is as secure as it should be. Everyone takes compromises between usability and security. GoDaddy seems to, from an outsider’s look in, perform equally well to any other registrar out there.

    That said, if only their ad to content ratio wasn’t nearly 2:1 on some pages…

    I switched to GoDaddy because they would accept DNSSEC records (DS records or DNSKEY records) but have no love for them. Overall, I find their user interface to be inane at best and difficult to get “what I really want” done at worse. But I personally am not concerned about their security vs other sites.

    (I am not affiliated with GoDaddy or any other DNS registrar, but I do write DNS software for a living. Of course, the software I write is all server-side and open source. Just sayin’ for full disclosure.)

  226. It’s a weird kind of theft. Imagine reporting to the police that your car was stolen.
    Officer:”could you describe your car?”
    you: “it’s that one over there.”
    Officer: “it’s stolen?”
    you: “yup, woke up this morning and it’s registered in someone else’s name. The are driving to work in it every day now.”

  227. Quail
    Permalink to comment#

    Uggh. GoDaddy. I inherited the webmaster duties of a nonprofit and whoever set them up used GoDaddy. What a horrible interface, a cross between MySpace and eBay of the early 2000s. And they took Zuckerberg to a whole other level when it comes to obfuscation and click throughs. Phone support is helpful enough but I can’t wait to pass the webmaster baton to someone else. One wrong click and you’ve bought $500 worth of service from them by accident.

    As to what others have been saying, I’ve read numerous accounts of clean web code being corrupted with trojans & malware while sitting on a GoDaddy server. Not sure if its still an issue. Hope not.

    • Permalink to comment#

      While I don’t buy domains from GoDaddy the Gmail exploit linked would make is so that any registrar could have been affected. I think it’s more a coincidence that many of these sites in Chris’ list were using GD.

  228. This is a really good example as to why domain name registrars should implement a system that is more than just a username and password. Something you know or have. Security questions, like banks, or a second authentication layer via an SMS text message requiring a response.

    Email should also be like this. It is the front door to a lot of private account information for most people.

    Good luck with your domain name woes.

    Chris

  229. Kevin
    Permalink to comment#

    I have multiple domains with GoDaddy also and am now re-thinking my decision making skills in using them. I pray this gets resolved in your favor Chris

  230. I use Laughing Squid and I’ve never had a problem (knock wood). Plus they have really good customer service. I don’t like using GoDaddy because it is impossible to navigate; I have to use Google to fine anything on their site. I try to discourage clients from using GoDaddy, but most times it’s a done deal. Now I have even more ammunition.

    I’m kind of afraid to visit your site while it’s having these kinds of problems because you never know what kind of viruses they might be trying to introduce. How will we know it’s you?

  231. g
    Permalink to comment#

    Chris, thank you for posting your story and sorry to hear what you and others are going through.

    curious on why godaddy and why gmail.

    with insiders, backdoors, spoofing etc, it can be hard to secure your virtual possessions.

  232. This is why I do not use free services like gmail for anything that is vital. Getting comment replies notifications in gmail is fine but other than that, no way. Also, enom for example locks payments, orders and account functions to allowed IP addresses, so unless the hacker cannot spoof his IP and get the reply back (which as far as I know is impossible), there’s no chance they can do anything serious.

    But then again people hacked into NASA so nothing is secure these days if on any network.

  233. Permalink to comment#

    Sounds like a buffer overrun on a wordpress script allowing an injection into the index.php file.

    I suspect many more WordPress sites will be effected….

    Let me know when you are ready to defect to Drupal :)

  234. Dear Chris,

    I’m quite active in the domain investing community so when I heard about this I was very angry about it. I can see from your timeline of events you have taken a lot of actions so far to get the domain back. This is a very serious breach and I imagine its a very high priority issue for both Godaddy and Planet Domain. Especially for GoDaddy as this is not the first time its happened to them. P2P.com had people the thief doing jail time over it.

    I have emailed PlanetDomain (which Ive had domains registered at before) to freeze the domain in question and not let it be transfered out at this point, nor to let the nameservers be changed so that css-tricks.com will continue to resolve. Its important that the thief can do nothing to transfer out the domain while the issue is still open.

    I also suggest you keep the blog post “This sites domain is stolen” as the top post on your site until this is completely resolved. This will keep the pressure on both Godaddy and PlanetDomain to resolve this for you asap. If you want to make new posts make them appear below this one. Your top priority right now is getting the domain back in your hands.

    Anthony David
    FreightForum.com

  235. Bartimaeus
    Permalink to comment#

    I highly recommend the registrar 000domains.com; it’s a bit more expensive than other registrars— $15 per year per domain— but they have great, live, local customer service and have NEVER failed me before.

  236. I got some feedback from Planet Domain. They are ready to send the domain back to GoDaddy. Hopefully this will have a happy ending very soon.

  237. Permalink to comment#

    Thanks for the update, Chris. Just a matter of waiting then, but it’s practically resolved.

    For those wanting to ask if it’s possible to go after the hijacker: unfortunately it might not be practically realistic (or realistically practical, take your pick) if that person is outside the OP’s country, especially if that country doesn’t see eye to eye with them. But the more important thing is at least one can get their possession back.

    I wish the others good luck as well in trying to recover their respective domain names.

  238. Permalink to comment#

    I have had nothing but problems with GoDaddy’s customer service. They’re not completely horrible, but for shared hosting I definitely prefer InMotion above them.

    Gmail is a love hate when it comes to being hacked too – so great to have the convenience of all that Google stuff linked, but with convenience comes great risk :(

  239. Seems like you’ve went through some terrible situation with GoDaddy. I had some websites with them, too although I have other sites registered in other registrars so I don’t have all in one basket.

    I never had problems so far but your experience is an eye opener and scared me a bit.

  240. Permalink to comment#

    In godaddy’s defence I have to say …

    Well I would have said that, but over the weekend I scheduled an upgrade to my servers – the documentation states that is could take as much as 24 hours.
    After 24 hours I was still locked out of my control panel.
    After 36 hours I am still locked out and now apps fail because neither my old nor my supposedly new daabase references work.

    Customer support say there is ‘nothing they can do’

    The first time they called they said it could take another 24 hours. The second time I called they said it could take 72 hours (a pattern is emerging here?)

    It is like something from Kafka.

    I was born in the UK and they invented bureacracy, but I have to hand it to godaddy that they have perfected it.

    disgruntled of wapping
    Sorry to sound disgruntled but it is 1 in the morning and I am trying to get my apps

  241. John
    Permalink to comment#

    Ah, Good News! will you stick with GoDaddy when it’s back or transfer out?

    Hopefully the root cause is eventually discovered. (design-related phishing attack you guys had in common, flaw in the WordPress installs, or a Security hole at GoDaddy).

    To all the sites that were taken down by this, good luck with getting back online! Even if you have to change names, think of it as a fresh start, I’m sure your followers will be back in no time.

    Glad this site dodged the bullet, would hate to lose this amazing resource :)

    Regards,

    Some guy named John.

  242. Permalink to comment#

    Moving from godaddy to another company will not protect more your domain. Why you people don’t understand that?

  243. Oh, this is so F**ked up! Hate to see hackers attack design industry.. But really glad you got your site back now and everything seems to be okay!

    Sorry to hear about your misfortune, let’s hope such things don’t happen to any of us in future..

  244. Much as I dislike GoDaddy, it doesn’t seem at fault for this sitejacking.

    People need to start paying attention and taking responsibility for our own security. A username and password is fine if the password is good, and if you keep it secure.

    If the password is “password” or anything (a) easily guessable middle name, dog’s name, etc.) or (b) simple enough that password cracking software can breach it then it isn’t, or (c) a password you use in more than one place (d) password stored “in the cloud” you are playing with fire.

    Adding a “second layer” doesn’t help when the question my BANK uses is “mother’s maiden name.” Any public information is insecure. One thing that would help enormously with online security is to stop giving out personally identifiable information. But once you have given it out, used it anywhere, online, EVER, it is not secure.

    “Security questions” are rubbish. They give the *appearance of security*. Most of the questions are publicly identifiable information, like the old standard “mother’s maiden name” etc. so you end up using public personally identifiable information which identity thieves can find. #FAIL

  245. Permalink to comment#

    This site stealing thing is getting out of control!
    As of 0130 this morning my company web site was hijacked from a local company a few countys away.
    The theif was not able to change the whois info but some how they were able to get the site redirected.
    Still checking on that. what I don’t understand is why anyone would wat my site name? It’s the company name and not in any way related to the site that is now showing.

    It’s good to vent thanks.

    P.S love your site chris I have learned so much from you and your community Thanks again Everyone.

    Thebusgod

  246. Why was Planet domain involved in all the theft cases? I smell something fishy over here…

  247. Lucas Rolff
    Permalink to comment#

    I’m using Leaseweb as my register, it’s both cheap, and secure. At the moment, if you want to change name servers, you need to take contact to the support, which someway is bad, but also knowing we’re secure.

    It sometimes take longer time to change the nameservers (Happy DNS Records) but they want to be sure it’s you.

  248. Chris,

    So good to hear that the css-tricks.com domain is about to be saved.

    That was freaky..

  249. Sure css-tricks has many followers. Look at all these comments. I’m also glad that you’ve got control of your domain back. But this is a serious problem. What if they really had gone beyond that? What if your website had been stopped for a week?

  250. Permalink to comment#

    December 7: Hackers kidnap Chris’ banjo teacher…

  251. Good to hear that you also got your domain back. David from designshack.net also able to restored his domain back in his power.

    Still waiting for updates from kirupa, shiachat, sohtanaka and davidwalsh. Hope they also get what is rightfully theirs.

    It’s time to have few beers after stressful last 5 days.

    Daniel A.

  252. Tony
    Permalink to comment#

    I don’t know why the people use Godaddy.com

    It is the worst hosting company over the internet.

    I prefer http://www.exclusivehosting.net. The technical suport is awesome and the price is the best. Also, they respect you as a domain owner.

  253. Permalink to comment#

    Chris ~ just checking on updates – very, very glad to see you’ve got your domain back! Phew :)

    Thanks for the news, and as always: thanks for this site, for sharing :-)

    PS: just noticed the little touch on text box focus ~ love it :)

  254. Barry
    Permalink to comment#

    Chris, I’ve been following this since day 1 from your rss feed. Glad to see you back in control. Looking forward to see what you come up with to try to prevent this.

    Maybe another AMSU approach???
    AMSST (Still There)

  255. Am I wrong or is the question how the transfers were at all possible still not fully answered?
    It looks like a lot of people haven’t learned their lesson, yet!

  256. Liz
    Permalink to comment#

    Chris I am so sorry that you had this experience.

    I personally have researched and learned better how to protect sites in the future becasue of your pain. I even found a tool to export your Gmail messages. I think it would be nice to backup email in case you loose your account.

    One of the big issues is the use of an email address that connects everything you own. How to protect ourselves and the things we create on line is a big issue.
    Additionally, the ease of switching registrars needs to be upgraded in my opinion. Depending on an email verification and moving along is probably no longer secure enough.

    I hope you will have a Huge tutorial on this. You are such a wonderful resource and educator. I now the folks who rely on your resource are so happy you regained your domain. Here’s hoping the others regain theirs very soon too!

    I used to use Godaddy and moved because of their constant abusive spamming selling emails were overmuch. I use namecheap and am very happy with their customer service and notifications of any entry into my account.

    However, I will say that on the one occasion that I talked with Godaddy’s customer service they were helpful. And it seems they did do the necessary duty in this case.

    Best to you,
    Liz

  257. That is some Crazy $hit…

  258. Aaron
    Permalink to comment#

    Wow. The maturity level is so high in here.
    A man gets his email hijacked and through it the hackers are able to access his other services.

    Somehow the page becomes a wall of Godaddy hate.
    Anyone who says “wow maybe the fault lies in the email getting hacked” gets shouted down as clearly working for Godaddy. I have never used them and can’t vouch for how helpful their support might be, but they clearly got the guy’s domain name back, after someone used legitimate procedures to transfer it away.

    This is a joke. It must be. With so many links floating around I can only hope the rampant stupidity is because other domain companies are trying to get their links posted and whine about their competitor.

  259. Permalink to comment#

    How safe is Reseller Club? any idea please?

  260. This is some crazy stuff. Completely turning me off from GoDaddy.com that’s for sure. I’m glad I only have a handful of domains with them.

  261. very nice to know that you are solved your problem.keep rocking :)

  262. Permalink to comment#

    The list with the hack attacks is really big! I have 2 friends who were affected by the same hacker!!

  263. Permalink to comment#

    Soh just tweeted about sohtanaka.com, oh brother that’s not cool at all. We can’t be too careful with anything nowadays.

    Cheers,
    Emil

  264. Permalink to comment#

    That’s really scary.. I am glad that you got it back.

  265. Shawn
    Permalink to comment#

    GoDaddy sent me a DM saying to fill out a form, but the form was a 404 page.

    Couldn’t help but to laugh…hahaha

  266. kingmo
    Permalink to comment#

    Name.com is better! I’ve lost 3 domains with name.com because they’d lost the emai to remeber me the expiration of those doamins!

  267. Permalink to comment#

    so scary :( I hope all domain registrar should protect all their clients.

  268. In a post entitled WordPress 3.3.1 Security and Maintenance Release I noted this. Relevant? (Emphasis mine.)

    “WordPress 3.3.1 is now available. This maintenance release fixes 15 issues with WordPress 3.3, as well as a fix for a cross-site scripting vulnerability that affected version 3.3. Thanks to… the Go Daddy security team for responsibly disclosing the bug…”

  269. I agree with all of Chris’s points regarding GoDaddy and am myself on MediaTemple, too; I must admit though that I’ve always had amazing, possibly over-zealous service from GD (calling me in Canada to give me better deals, etc.) – AND the reason I first went with them was because they “saved” a kazillion domains (including mine!) that were basically stolen and left to rot in domain limbo by the former sleazeball Registerfly.com registrar who left us to try and reclaim our domains with no access to our records (one of many articles about it here). What an ordeal that was! I recently moved all my domains to hover.com (Canadian registrar, wonderful service, great UI) mostly to escape the GD upsell mentality, so I hope all will be good with this new turn of events… thinking positive!

    • …and I meant to leave this comment on the newer post about Media Temple’s purchase by GoDaddy. Oops. Wrong browser tab!

This comment thread is closed. If you have important information to share, you can always contact me.

*May or may not contain any actual "CSS" or "Tricks".