#FreeDavidWalshDotName: Mission Accomplished

Written by David Walsh on December 12, 2011 · 35 Comments

As you must certainly know by now, my domain name was stolen. After weeks of pressuring domain registrars to give me the domain back, DAVIDWALSH.NAME is finally in my name again. It was a wild few weeks so this post will attempt to recap just about everything that happened. Grab a cup of coffee (or actually, maybe some sedatives) reading this one.

"David, is your site down?"

While the domain theft actually occurred much earlier, the story with me started on Monday, November 21st. I was on vacation at a location five hours from my home, and awoke to a dozen tweets asking why my site was down. I jumped on my computer (of course I brought it on vacation with me!) and saw an ugly domain parking screen. My initial thought was that I had forgotten to renew the domain so I checked my own records and found that the domain couldn't have expired.

I did a quick WHOIS and found that the domain had been moved to a company called 1And1. The domain had private paid privacy setting enabled, so I couldn't see who had taken it. As you can imagine, I was furious.

GoDaddy

I called GoDaddy's basic support number and asked what had happened. Their support person explained that someone had logged into my account, unlocked the domain, and transferred it away. I quickly told him that I hadn't done that and the domain had been fraudulently transferred. I hadn't seen any emails for the domain unlock or the transfer request; everything was done completely under my nose. The support tech was essentially powerless and told me to email GoDaddy's transfer disputes team. I knew further argument would be fruitless so I got off the phone.

My next action was taking to Twitter to wage the #FreeDavidWalshDotName war. I tweeted to my 8,000+ followers that my domain had been stolen from GoDaddy and that they had told me to email them about it. Chris Coyier and hundreds of others were quick to help with the cause, tweet to @GoDaddy that they should help me get my domain back.

Within 10 minutes I got a DM on Twitter from Alon at GoDaddy asking to call me. Alon quickly called me, reviewed what had happened and what the next steps for retrieval were. GoDaddy immediately filed a request for information from 1And1. Alon assured me that my case was a top priority and that now it was up to 1And1 to react. It was also revealed that the thief had started the theft in early November (November 12th, I believe); he unlocked the domain, changed the contact email on it, and waited for the transfer.

Ransom

Ransom

It was right after I had gotten off the phone with GoDaddy that I received two emails from the thief. The emails had come from moya.server@gmail.com and were straight to the point:

  • pay 2k to get ur domain back
  • trust me godady can't help you

It was at this point that I knew I was in for a royal mess. I didn't respond to the emails but obviously kept them as evidence of the theft.

1And1

This was my sad introduction to 1And1. I called their sales team, was forwarded on to support, and explained that my domain had been stolen and moved to them. Their support person explained that the "losing" registrar needed to file a request to get it back and that my case would be reviewed when that documentation was provided. I requested the name of the person who would review my case and their phone number. That request met with a "send an email to ..." response, which I told them wasn't good enough. I continued to get nowhere with their tech so I left well enough alone. And by that I mean I took my fury to Twitter again.

Somehow a few of my tweets must have hit home and my Media Temple nameservers were restored so that my site was back up. This was obviously a boost but domain ownership was the key.

Within the day, 1And1 returned the information GoDaddy requested. In doing so, it was discovered that Name.com was also involved. Essentially the thief moved the domain from GoDaddy to Name.com and then on to 1And1. My initial feeling was that Name.com's involvement was very bad news. Another entity surely meant more delays and more people to convince. I couldn't have been more wrong.

GoDaddy quickly requested transfer information from Name.com. I immediately tweeted @namedotcom to let them know what was up. They provided an immediate response.

Name.Com

Name.com took up the fight almost immediately. They publicly tweeted to me and DM'd me to let me know they were on it and what they had found. I wasn't told to email a generic address and I wasn't made to wait days for a response. It was great to experience real customer service. I knew that Name.com cared when I got this tweet:

  • @davidwalshblog @GoDaddy We've shut down an account and found a fan of yours in the Ukraine. Our abuse dept is getting details from 1and1.

Badass.

Back to 1And1

As if I wasn't upset enough with 1And1 for their lack of responses during the first go-round, my patience was quickly exhausted on the second. In the coming week, despite dozens of tweets, phone calls, posts to their Facebook page (and numerous from all of you as well), 1And1 did not reach out to me once. Not once. When they finally responded to my posts, I always received canned responses which basically told me that they'd get to the problem on their time. It's not surprising that a thief would use them -- they seem like a company that cares only about volume and wants to bury their head in the sand when it comes to problems. They also seem to not care that thousands and thousands of their potential customers are seeing each tweet. I couldn't believe it.

Meanwhile...

Name.com saw my frustration with 1And1 and made extra efforts to contact them and keep me updated as to progress. Name.com also applied further pressure on the thief (dude provided a real phone number on the account!) and talked him into providing them the auth code for the domain, thus allowing Name.com to initiate a transfer of my domain back to them (Quick note: during the dispute, the domain can only be transferred back to the "losing registrar"; since Name.com was used as an intermediary, they were technically the losing registrar. As soon as Name.com became part of the thief's trail, GoDaddy really didn't have much ability to help.)

Script & Style

During this process, I remembered that SCRIPTANDSTYLE.COM was magically missing from my account as well. I did notice it a few weeks prior but thought nothing of it because I was planning to shut down the site anyway. I just assumed that the domain lapsed so I didn't investigate further. This incident spurred my curiosity and I came to find that SCRIPTANDSTYLE.COM was stolen by the same person. I quickly filed the theft with GoDaddy and they addressed it with PlanetDomain right away.

Misery Loves Company

On December 2nd, Chris Coyier found out that CSS-TRICKS.com had also been stolen and moved to PlanetDomain. The same thief also stole SOHTANAKA.COM, INSTANTSHIFT.COM, DESIGNSHACK.NET, KIRUPA.COM, and SHIACHAT.COM. This proved a few things:

  • Not all of them were initially registered with GoDaddy, so you cannot fault them or accuse them of being hacked.
  • It was a calculated attack on web development blogs, not just mine (I knew some people didn't like what a wrote, but stealing the domain is a bit much, yeah?)
  • This person had a system for what they did

CSS-TRICKS.COM and SCRIPTANDSTYLE.com were promptly returned by Planet Domain to GoDaddy. Most of the others have gotten their domain back, but Soh Tanaka still hasn't gotten his back from Network Solutions. Please support @sohtanaka by tweeting to @netsolcares and @1and1_4u.

Result!

Name.com Saved Me

On Saturday, December 3rd, Name.com initiated a transfer to get the domain back. This is generally a five-day process so during that time I didn't contact 1And1 and prayed they continued to be complacent in helping me. These five days were possibly the longest of my life. On December 8th, I awoke to seeing the domain back at Name.com and from there Name.com put the domain back in my name and put it under uberlock. Mission accomplished!

Click here to see Name.com's hilarious video of how this all played out.

THANK YOU!

The outpouring of support during this rough time was incredible. All of the tweets, retweets, phone calls to 1And1, posts on their Facebook wall, and research was absolutely shocking -- without your support I wouldn't have my domain back right now. I don't know how I can repay you all. Special thanks go to Daniel Buchner, Chris Coyier, and a few people that did some undercover work and wanted to remain nameless. Wow guys -- I still can't believe it.

How it Happened

I still don't know how the thief was able to get hold of our domains. I think blaming GoDaddy is out of the question because the thief took the domains from numerous different vendors. Domains were taken from both GoDaddy, 1And1, Network Solutions, and Dreamhost. My only thought is that the thief hacked my Gmail account, set up filters which would catch emails from the domain vendors, hide them, and work around me that way. One of those emails would be the reset password email from GoDaddy, and that's how he'd be able to get it. The one hole in that theory would be that my GoDaddy account password was the same when logged in, so I really don't know how all this happened. I guess where there's a will, there's a way.

The Devil is in the Details

The thief made two crucial mistakes in my domain theft:

  1. Changing Nameservers: The namerservers were changed when the domain got to 1And1; without seeing that domain parking page, I wouldn't have known my domain was stolen
  2. Real Phone: Thief put his legit phone number on the domain. Without that Name.com would have had a much more difficult fight to get the domain back.

The mistakes will kill you!

Haters Gonna Hate

I actually had a few people say that the domain theft was my fault. That it was "my fault" was dispelled by the fact that so many others had their domains stolen as well. I didn't have a rubbish password and I don't give my information away. I've never heard anything so stupid in my life.

Someone also mentioned that I should stop tweeting about it because they were tired of seeing it. Besides the obvious "unfollow if you don't like what I tweet" comment, that's a really careless thing to say to someone that's had their intellectual property stolen. That domain/blog has gotten me jobs, allowed me to travel the world and speak, and besides -- without that domain, you wouldn't know who I was.

Advice

A bit of advice for those of you who own or manage domain names:

  • Check your WHOIS often: My domain was actually stolen two weeks before I recognized it. If the thief doesn't change the nameservers, you may lose your domain without knowing.
  • Don't use private registration: Public registration provides a living record of who truly owns the domain.
  • Harass the vendors: I've been in this business long enough to know that if you don't continually contact the vendors after your domain is stolen, they'll get things done on their timelines. Since many vendors work on volume, you'll be nothing more than ticket #23482938.
  • Call attention to yourself: Make sure that the vendors know that other developers (potential customers) are seeing their handling of the issue; that tends to make them work faster.

The Vendors

A lot of people are having a go at GoDaddy and I don't think it's warranted. They helped me very quickly and it doesn't appear that they were hacked. I don't have any animosity toward you.

1And1: You are absolutely useless. Over the course of two weeks I continually tweeted to you, posted on your Facebook wall, called your support techs (BTW, I taught one of them that ".NAME" is a TLD; you're welcome), blogged about the issue, posted on Digg, Reddit, Hacker News, and DZone, and you did absolutely nothing but ignore me or give me canned responses. This signifies one of two things: either you simply don't care (and why would you, as I've never paid you a dime) or your PR people are completely, completely inept. In two weeks I'd estimate that at least 100,000 people (web developers, a.k.a potential customers) saw that you weren't helping me (or even communicating with me). In fairness, you could have been busting your asses to help, but your inability to communicate with me was reprehensible. During the ordeal, I received hundreds of tweets and emails telling me about bad experiences with you, and I sure as hell believe them.

Name.com: You are absolute legends. I did not pay you one dime this entire time, nor have I ever, and to say that you went above and beyond is the understatement of the century. You made gutsy moves to contact the thief, and not only monitor his account but also get the auth code from him, and transfer the domain back. You were in touch with me every day and weren't going to take "no" for an answer. I cannot get over how far your company (and Scott in particular) went to return my domain. Your company owed me the least and gave me the most. Absolutely brilliant service. You deserve every bit of business you receive from my story.

Name.com Promo - DAVIDWALSH

Name.com Domain

To celebrate their epic work, Name.com is offering a discounted $7.25 transfer price (w/ extra year added on) for .COM and .NET domain names, as well as a $6.99 transfer price on .NAME domain names (yes, 1And1 tech support, that TLD exists). The promo code to use is DAVIDWALSH. I highly recommend you give them a shot; if you haven't figured out why, re-read this post.

Comments

  1. Great news that you and others have managed to get their domain names back thanks to some amazing companies and people out there willing to help. You must be relieved!

    Don’t want to shovel the **** but 1and1′s reputation is just disastrous. I’ve not heard a single good thing about them and yet somehow they manage to keep going. *sigh*

    • On the other hand, I have never heard anything but horror stories about GoDaddy and have had zero problems with 1and1 so far. (Other than the minor annoyance of having to email them to cancel a service once.) It looks like GoDaddy’s service and business practices may have improved in recent years, but their site still sucks.

  2. Hey David, glad you got your domainname back.

    I see a new season for 24 comming up.

    Jack get these domainname terrorists!

  3. Christophor S. Wilson December 12, 2011

    Congratulations David, I’m glad to see you where able to get your domain back, this is really scary, thanks for all of helpful tips to help avoid this from happening with our own domains.

  4. That’s good to hear. Can’t image the stress that created..

  5. Hmmmm – I’m with 1and1. I feel sad right now.

    Those name.com guys seem very on-the-ball with the marketing spin. Good for them!

  6. Glad you got it back! For the advice portion I would add in to use two factor authentication on your domains (Name.com has a Namesafe service for free http://blog.name.com/2011/12/is-your-website-safe/), with your email (gmail offers it), or for the safest of all… with both!

  7. I’m glad everything worked out for you! Name.com is really an excellent company that I’ve recommended to many people.

    On a side note, name.com has some useful security features. One time password cards that give you a second level of security. Also, what I personally use is their ip based protection. If you have a static ip, you can set it to only allow logins from that ip. I’d recommend adding a backup like your work just in case.

    Once again, I’m glad this worked out. I can only imagine the frustration. Woot!

  8. Glad it all turned out well for you. I’ve had experience of 1&1 before and it wasn’t pleasant.

    Thanks to your saga, I found out that name.com offer their NameSafe VIP service which essentially lets me use my PayPal token as an added layer of security when logging in to name.com…I’ll be transferring all my domains (around 100) over to name.com from GoDaddy as they’re renewals become due :)

  9. Congrats David and everyone that helped you in getting your domain back!

  10. Guillaume December 13, 2011

    Agreed. 1And1 sucks as hell.
    To all web developers: NEVER go to 1and1

  11. Guillaume December 13, 2011

    Agreed: 1and1 sucks as hell.
    To all web developers NEVER go to 1and1 !

  12. Quite talented (if not affiliated with a domain registrar) but stupid hacker if you ask me. He managed to steal the domains, but used a valid phone number… for what?

    Also dude, why don’t you had the Gmail alert settings enabled so you could had possibly detected any ‘unusual’ logins? I’m pretty sure you’re aware of this feature.

  13. when i try to visit my page , i could see the name.com’s full mainpage appers on top of my main page. i had mailed them and i been waiting for long time. still i havent got any replay from name.com. i had mailed to support@name.com. (more than 3 hours my site is down).

  14. sory i forgot to mension ma site its http://www.isaithuli.com .if this continues i will have to loose all ma coustomers…

  15. Sorry to see you go through all of this, but at least it is educational for all of us. Thanks David.

  16. Mr. Walsh…Great post sir! You really managed to make a lengthy process into an interesting read. And thanks for the great review of name.com!

  17. Weird. My original comment didn’t show up for some reason.

    Anyway, I too want to congratulate you for persistently pursuing this until you got your domain name back. And kudos too to Name.com for batting it up for Mr. Walsh despite the inherent hardships with this issue.

    I’m also sharing your story so others won’t necessarily have to experience what you went through. Cheers and happy holidays.

  18. Congrats David
    We missed your articles.
    Thanks for sharing your pain as a lesson to us all.
    Make the hacker’s phone public so we can’t send it to every Nigerian scammer!!!
    Alex

  19. You got a real patience and it is right said that Patience is a Virtue. Finally you can concentrate on web again.

    Many Congratulation…

  20. Thanks for the support everyone!

  21. Woah… are you closing Script & Style? I missed that part.

    That project had been so usefull and interesting for the last year to me… I have learned a lot thanks to u anyway, so thank you very much for all your effort.

    Congratulations by the way. You are free again.

    PD: I hope you change your mind about S&Style, XD.

  22. Glad to hear you managed to get your domain back – I know retrieving domains under such circumstances can be a pain! Having dealt with this situation under a corporate theft scenario, I know how many hoops the registras have you jump through – but it seems Name.com, and even GoDaddy really did go full out to help you on this.

    I’m happy to see that there indeed still humans behind these giants! :)

  23. Tymon Sturgeon December 16, 2011

    Interesting. This seems to be common. The thief must have been well prepared for this heist.

    The same thing happened to a designer I know (Craig Reville) to his domain craigreville (dot) com

    The only difference is that he hasn’t gotten it back yet, and I think it was a similar ransom (price wise).

  24. Living in Europe, it really amazes me that American companies can be contacted directly using twitter these days.. it’s more or less unheard of here..

    Glad you got your domains back – the lesson in all this: Don’t use the same password for all services!

  25. Glad to know that the story has a happy ending. This post will give hope to all the others like you whose domain has been stolen!

  26. “they seem like a company that cares only about volume and wants to bury their head in the sand when it comes to problems.” – unfortunately, that response pretty much sums up 1&1. Have had some horrible experiences with them myself on behalf of clients. Glad everything had a happy ending.

  27. I’m glad you got your domain back!! I’ve been with Name.com (and their sister company DomainSite) since 2006, they’re really awesome. :)

  28. Congtrats!
    I suggest onlinenic.com, I registered a lot domains in 10 years.

  29. John Kitson January 7, 2012

    “they seem like a company that cares only about volume and wants to bury their head in the sand when it comes to problems.”

    100% truth.

    We used to be a customer of theirs. Utterly shocking customer service. Our 1and1 dedicated server failed and was un-recoverable last year and they took a full 24hours to respond to the support call. Even then the response was “There’s nothing wrong with the server”…!

  30. 1. It’s just a domain name FFS.
    2. Why would you call the sales team to resolve a technical problem?
    3. You were targeted randomly or by having many visitors, not because of what you write. Stop trying to pose like a martyr.
    4. I really do enjoy your writing, but I hate it when people overdo it.

    Good luck. :)

    • 1. “It’s just a domain FFS” Incredibly ignorant. If I had to get another domain, how long would it take to gain back all my traffic and site’s credibility (with users, employers, Google, etc.)

      2. Because their sales team is also their tech team. They would not allow me to talk to anyone else.

      3. Doubt its randomness when several likewise webdev bloggers also had their domains stolen.

  31. I only just found this (and used the code @ name.com*), but I know your pain!
    A similar thing happened to me at Christmas Eve (of all days! I believe that was planned) 2000, when a Russian guy got into my registration and diverted all my domains. At the time I owned around 30-40, mostly adult, some were at the time in the top 100 of alexa… He kept them with the same registrar, but changed all address entries to a fake address in Belgium, and he reset the password. He then went after all my affiliate accounts through info found in my yahoo email account (which STUPIDLY had a variation of the same password as the domain registration = one thing I learned). Over the Christmas break I couldn’t reach anybody, particularly considering the time difference between USA and AUS, but my wife and I worked frantically on 2 networked computers to secure as many accounts (and substantial amounts of income held in them) as we could. In the middle of all that my modem and the BIOS of my main computer fried up (to this day I don’t know if it was due to an attack through the internet, but very likely – no firewall in those days!), so we were down to one rather old computer on 56K dial up… Next to me was all day the phone on speaker, because I was trying to contact support people in the USA and as many fellow webmasters as I knew phone numbers of.

    Long story cut short: 3 days later, through some insider contact at my registrar (I won’t name the co or the friend), I had my domains set back to my address and nameserver settings with a new, stronger password. This wasn’t quite kosher, but neither was the theft in the first place. In the end I lost only one affiliate account with adultfriendfinder, which held at the time around $400-500. We saved some $18,000 in other accounts. By February I even knew the physical address of the guy, can’t remember anymore how I finally got to that piece of information. The real hammer came short before Easter, when the guy sent me an email “complimenting me, that I had put up really good fight, and saying that I was really good at what I was doing and that it had been fun.” A fun I won’t forget for the rest of my life.

Be Heard

Tip: Wrap your code in <pre> tags or link to a GitHub Gist!

Use Code Editor
Older
DavidWalsh.Name Has Been Stolen
Newer
DOM Events in JavaScript