My site was down for a couple of days because a damn hacker messed up my domain registry. He managed to hack into my account at namecheap.com. He changed my contact info, password, contact email address, DNS and nameservers for my domains. He even removed the “whois guards” for my domains.
Then, he tried to steal money from my paypal account. Luckily, Paypal system was more robust and was able to shut him out. Paypal notified me via email about this.
However, he made use of my namecheap.com account to purchase 3 domain names and 1 premier hosting services using a credit card. I suspect he may even have stolen the credit card information from someone.
Then he even tried selling a few of my domain names. I saw the message he posted on in my domain and I immediately asked my friend to contact him to pretend to buy over the domain name. In the process, he reviewed his Paypal id and this was passed on to Paypal for investigation.
I was fortunate Namecheap.com responded immediately and changed the ownership of the account and all domains to me. They even called me to discuss about improving the security of my namecheap.com account. But, changing of the ownership, DNS and nameserver for the sites was a painful process as I had to wait for a few days for the change to complete. During that time, my sites were down.
Just to share my experience with you, in case you have the same misfortune as me, a few things you need to check in your registry.
1. Change your contact email address in namecheap.com account to a different from your previous one.
2. Change passwords for your namecheap.com account and email addresses.
3. Check if DNS and nameserver are still the same as your previous settings.
4. Check if ‘whois guard’ is still ON.
5. Check your personal contact information in your account in namecheap.com
6. Check if any of your servers were put up for sales.
7. Check transaction reports for fund transfers and purchases from service providers.
You can use www.dnsstuff.com tools to check your domain settings and values.
Now back to the hacker or thief, he left his identity in my account. His email address is mubashar_siddique@yahoo.com I have left similar information in as many forums and websites about this person so that he may not cause further disruptions to the lives of bloggers and webmasters.
3 responses so far ↓
1 preciouspearl // Oct 22, 2007 at 4:02 am
oh no! poor you…. thank goodness it’s all sorted out now.
2 Hijackqueen // Oct 26, 2007 at 4:52 pm
Dang! You think my previous case is cause by hacker too?
3 leslie // Oct 26, 2007 at 11:46 pm
I don’t think so. It’s more like a routine maintenance by the hosting company. But, you can check with your webmaster on what he did to recover the sites.
Leave a Comment