DavidWalsh.Name Has Been Stolen

By  on  

If you follow me on Twitter or Facebook, you probably already know that this blog's domain name, DAVIDWALSH.NAME, has been stolen. The domain had been registered and managed at GoDaddy for approximately 5 years with no problems. A hacker logged in, changed the email address on the domain, and moved it to Name.com, then to 1And1. I've also received a ransom email for the domain. Scary times.

The process of fighting to get the domain back has been very difficult, time-consuming, and painful. It's involved dozens of phone calls, emails, and tweets to the vendors listed above. You're now seeing this website because (presumably) 1And1 restored the domain's nameservers. It is important to note, however, that DAVIDWALSH.NAME IS STILL NOT UNDER MY CONTROL.

Thank you to everyone for your continued support in this matter. There's a lot of working going on behind the scenes at GoDaddy, Name.com, and 1And1 to cut through the red tape and get my domain back. Since I'm not always aware of who needs to get in touch with who, I can only continue to badger them on Twitter. I appreciate everyone's continued retweets as well.

Let's #FreeDavidWalshDotName.

Updates

  • Day 6, 10:00 am: I awake to see my domain name in "pendingTransfer" status. Desperately hoping it's a transfer back to Name.com
  • Day 5, 10:00 am: Chris Coyier (CSS-TRICKS.COM), Soh Tanaka (SOHTANAKA.COM), and InstantShift (INSTANTSHIFT.COM) have discovered their domains were also stolen.
  • Day 4, 11:19 pm: I just called 1and1 and they repeatedly refused to give me their legal/admins. They also made me aware my only means of communication with them was via email; their support person also informed me that their legal department does not have phones.
  • Day 3: 1and1 posts a Movember photo on their Facebook page during their downtime

Recent Features

  • By
    fetch API

    One of the worst kept secrets about AJAX on the web is that the underlying API for it, XMLHttpRequest, wasn't really made for what we've been using it for.  We've done well to create elegant APIs around XHR but we know we can do better.  Our effort to...

  • By
    How to Create a RetroPie on Raspberry Pi – Graphical Guide

    Today we get to play amazing games on our super powered game consoles, PCs, VR headsets, and even mobile devices.  While I enjoy playing new games these days, I do long for the retro gaming systems I had when I was a kid: the original Nintendo...

Incredible Demos

  • By
    CSS Background Animations

    Background animations are an awesome touch when used correctly.  In the past, I used MooTools to animate a background position.  Luckily these days CSS animations are widely supported enough to rely on them to take over JavaScript-based animation tasks.  The following simple CSS snippet animates...

  • By
    Animated AJAX Record Deletion Using jQuery

    I'm a huge fan of WordPress' method of individual article deletion. You click the delete link, the menu item animates red, and the item disappears. Here's how to achieve that functionality with jQuery JavaScript. The PHP - Content & Header The following snippet goes at the...

Discussion

  1. Sean McNeil

    What’s the hold up on 1and1’s part? It seems like the other two registrars get it; why is 1and1 so slow to respond?

    Good luck David. This must be incredibly difficult for you.

    • 1and1 is probably the worst register ever. I know a lot of people that have nightmare stories about them.

    • I’ve heard far more horror stories about GoDaddy than 1and1. There used to be a site called NoDaddy.com that chronicled various stories of domains mysteriously not being renewed and being put up for sale by GoDaddy, or other crazy things. The site seems to have vanished, though.

      I’ve never had a problem with 1and1, but that’s just my anecdote.

      (Plus, 1and1 doesn’t have clutter-filled pages that try to push 100 paid extras on you when you try to register a domain.)

    • Jason

      Yes because 1and1 allows for at least 12 domains to leave the hands of tech savvy customers…

  2. Christophor S. Wilson

    Wow that is very scary!

  3. Alex

    That really sucks man. I’m sure everything will soon be back to normal :)

  4. brave_dick

    DAVIDWALSH.NAME FTW!

  5. Sorry to hear this. My dealings with 1&1 is that they’re idiots and barely know (technically) what they’re doing with the office people and technical people worlds apart. Hope you get your domain back quick.

  6. Dan

    Gosh, your whining is boring. It’s your fault, get it.

    • My fault how?

    • Christophor S. Wilson

      Does Dan work for 1And1 LOL

    • Alex

      Either this or he’s the hacker?

    • Either way an insensitive a$$ hole

  7. Lionel

    You should stop watching Arsenal games and focus on your website :-)

    Good luck!

  8. Good luck! 1und1 is even slow if you want to transfer a regular domain. 4 weeks for the transfer is not unusual.

    • That’s not too bad, I once had the pleasure to dealing with a UK domain name and hosting provider, who wouldn’t release the domain to me unless I faxed them a written letter with the username and password (in plaintext!), and a paragraph explaining why I wanted to transfer the name.

      Thank god I got out of there.

  9. Neal G

    What makes this even more complicated is you have to deal with two of the largest (and worst) hosting companies on the web. Smaller companies could probably give you more attention. Like another comment said, it also took me a good 3-4 days to legitimately transfer away from 1and1 so this will probably take awhile to complete.

    Did you have a weak password? If you haven’t already it’s probably time to change all of your passwords or at least any that used the same password as your hosting account did.

  10. Dan

    Nah, neither am I working for any webhosting company nor do I have the skills to hack something. But well, since we didn’t read about mass-hacking of GoDaddy or anything else, we can assume it’s only one account. Davids. Which means on the other hand, he was the one using a not-that-good password or whatever. And if he did, it’s just bad luck. Not his fault, but not the one of anyone else either. I understand that it sucks if your domain was taken, especially with a successful one like this, but it’s pretty lame to make all this stuff public.

    • Lame? I had 50+ people email and tweet me my site was down. I’m just letting people know what’s happening. And judging by the number of people continuing to tweet, email, and ask, they want to know.

      Feel free to unfollow me.

    • Additionally, the only way to get companies to move is by continuing to follow up and make sure people see what’s happening. Otherwise they’d take their time.

      Having your domain name stolen is the same as having your identity stolen. It’s not just a trivial thing, it’s not an annoyance, it’s a BIG problem.

    • Nathan

      Dan: I am going to resort to name calling. You’re an idiot. The fact that there wasn’t a mass-hacking of GoDaddy is rather revealing. It means quite simply, that davidwalsh.name was targeted specifically. Why? It’s a very popular domain.

      Secondly, David is doing exactly the right thing by making this public. If he hadn’t, his site wouldn’t be up again. And putting public pressure on 1&1 is the only way they will react. @David: as you’re well aware by now, 1&1 are the worst shit company on the planet. I’ve had experience with them and they stay within the law, just, but that’s it. They don’t care about their customers or making a good product, just about filling their coffers. I loathe them.. Good luck and you have my support..

    • Fabian

      Calling him an idiot is – oh wait! – idiotic. Of course it was targeted specifically – and it looks like the password was just too weak, right? Let me quote gkoberger (taken from http://news.ycombinator.com/item?id=3297302): “Basically, he had his domain stolen, which sucks. All parties involved (none of which were at fault, and don’t really owe him anything) acted quickly, but he spent 4 days bashing them on Twitter.”

    • As I posted on that post: I’ve not based GoDaddy or NameDotCom.

      To say that none of the parties owe me anything is also wrong. Part of being a domain registrar is preventing and handling domain theft. The least they can do is communicate with me; two of them are doing that, one is not.

    • Fabian

      Actually, who knows if you didn’t sell the domain for a lot of money and now want to get it back? (Of course you didn’t, but it COULD have been that way…) There is a reason things are going a defined way and it would be hilarious, if any company would make an exception for you.

    • I am going to go ahead and agree with Fabian and that gkoberger dude.

  11. Wild! Godaddy password very important.

  12. I don’t have anything good to say about go daddy or 1and1 but best of luck getting this mess sorted

  13. george

    Hey David ….Don’t worry you’ll most likely get the domain back. Have contacted a lawyer yet? You might have to take legal action against the person that now controls the domain. It’s going to take some time and effort but its very clear that you can claim the domain for copyright reasons. Also get the name registered as trade mark. Having a registered trade mark can also help you in cases like this.
    Good luck.

  14. Been following your twitter feed… maybe it’s just me but it appears something was taken from you?

  15. Good on you for trying to get it sorted out.

    I have had no positive interactions with either 1and1 or GoDaddy with regards to domain name registration, webhosting, tech support, or anything else, other than that they’re reasonably priced.

    I knock wood that none of my own hosting and registrations are ever affected like this. I intend to revisit all my credentials and authentication schemes for my hosts this weekend just to make sure it’s all as bulletproof as is practical.

    Best of luck.

  16. I’ve been following this for the last couple of days and this is just horseshit on the part of these providers, specifically 1and1. The hubris and absolute lack of commitment to customers service is revolting. Good on you, David, for badgering these people.

  17. Ben Coleman

    Every time a client says they host with 1and1 I cry a little because I know its going to be hard work. Hope this gets resolved soon :)

  18. Crap service from GoDaddy and the like is so unfortunate. Sorry to hear. I wish there was something we could do you for you, Chris Coyier and the others affected. Spreading the word about the issue will hopefully expedite a resolution.

  19. Tomdanme

    Oh my word, you’re really unlucky, I feel sorry for you. And, yes, I agree, 1 and 1 are stupid!!!

  20. Tomdanme

    1 and one are idiots and don’t know that they won’t get any customers if they act like this!!!

  21. Good luck with 1&1 support. Personally, I’ve had several painful and frustrating experiences with them – hope I never have to deal with their offshore support staff again

  22. I shared my comments on Chris’ site but it’s the same here. You need to trademark your stuff, just as a back up. You never know if the domain CANNOT be transferred back.

    I don’t know how legislation is in the US, but your domain should be registered to a company and it should be a registered trademark.

  23. Jon

    Good luck, David. Sorry to hear of this. I’d just ignore the fools who are saying it’s your fault and making lame assumptions like “oh your password must have been weak.”

  24. Ege

    This is plain weird. Someone planning an attack on the people who make web better? I wish the best luck for getting it all sorted out.

  25. Chris B

    Fair warning, dealing with 1and1 is the worst experience you will ever have in your life. They’re customer support is horrendous, just take a look at their Better Business Bureau complaints (one of which is mine).

  26. I am amazed by this whole situation. Who would have thought it would be so difficult to get what is essentially your property (even if leased) returned! More so given that there is a paper trail showing you’re the owner!

    I wish you all the best in getting your domain returned.

  27. Allan

    This story and how it happened confuses me, mostly after reading everyone’s comments. Domain transfers happen with your registered email address. Godaddy wasn’t hacked the original email was, from what it sounds like to me.

    And what’s with people hating on godaddy? If you know what you’re doing, you should have no problems.

    Good luck, love your tips and tricks when I need them.

  28. Hummm! You want trouble??? Go with 1and1! They are bunch of idiot that make me lose 3 days of work by reseting all the config I have done on a dedicated server of one of my client!

    Sorry to hear that you have problem about your domain name, but at the same time I think there is a lack of security at GoDaddy! You should have received an email that asking you if you have made those change… this on the original email that you use when you open your account at GoDaddy! :P

    I hope it wont affect your good work! :)

  29. Marc J

    Looks like it’s back under your control. Nice one :)

  30. It remind me the sex.com story, it take like 6 years to get his website back after the guy who stole the domain name did many million$ with this domain.

    Check for the story on the web, very interesting. hope it will take you 6 days to recover your domain :)

  31. Theodore

    if it’s a matter of strong passwords then use ‘lastpass’ mate
    it’s easy and convenient, just be sure to read the FAQ
    https://lastpass.com/

  32. Sorry to here this happened to you.

  33. My domains has been stolen too in Godaddy.

Wrap your code in <pre class="{language}"></pre> tags, link to a GitHub gist, JSFiddle fiddle, or CodePen pen to embed!