#FreeDavidWalshDotName: Mission Accomplished
As you must certainly know by now, my domain name was stolen. After weeks of pressuring domain registrars to give me the domain back, DAVIDWALSH.NAME is finally in my name again. It was a wild few weeks so this post will attempt to recap just about everything that happened. Grab a cup of coffee (or actually, maybe some sedatives) reading this one.
"David, is your site down?"
While the domain theft actually occurred much earlier, the story with me started on Monday, November 21st. I was on vacation at a location five hours from my home, and awoke to a dozen tweets asking why my site was down. I jumped on my computer (of course I brought it on vacation with me!) and saw an ugly domain parking screen. My initial thought was that I had forgotten to renew the domain so I checked my own records and found that the domain couldn't have expired.
I did a quick WHOIS and found that the domain had been moved to a company called 1And1. The domain had private paid privacy setting enabled, so I couldn't see who had taken it. As you can imagine, I was furious.
I called GoDaddy's basic support number and asked what had happened. Their support person explained that someone had logged into my account, unlocked the domain, and transferred it away. I quickly told him that I hadn't done that and the domain had been fraudulently transferred. I hadn't seen any emails for the domain unlock or the transfer request; everything was done completely under my nose. The support tech was essentially powerless and told me to email GoDaddy's transfer disputes team. I knew further argument would be fruitless so I got off the phone.
My next action was taking to Twitter to wage the #FreeDavidWalshDotName war. I tweeted to my 8,000+ followers that my domain had been stolen from GoDaddy and that they had told me to email them about it. Chris Coyier and hundreds of others were quick to help with the cause, tweet to @GoDaddy that they should help me get my domain back.
Within 10 minutes I got a DM on Twitter from Alon at GoDaddy asking to call me. Alon quickly called me, reviewed what had happened and what the next steps for retrieval were. GoDaddy immediately filed a request for information from 1And1. Alon assured me that my case was a top priority and that now it was up to 1And1 to react. It was also revealed that the thief had started the theft in early November (November 12th, I believe); he unlocked the domain, changed the contact email on it, and waited for the transfer.
It was right after I had gotten off the phone with GoDaddy that I received two emails from the thief. The emails had come from firstname.lastname@example.org and were straight to the point:
- pay 2k to get ur domain back
- trust me godady can't help you
It was at this point that I knew I was in for a royal mess. I didn't respond to the emails but obviously kept them as evidence of the theft.
This was my sad introduction to 1And1. I called their sales team, was forwarded on to support, and explained that my domain had been stolen and moved to them. Their support person explained that the "losing" registrar needed to file a request to get it back and that my case would be reviewed when that documentation was provided. I requested the name of the person who would review my case and their phone number. That request met with a "send an email to ..." response, which I told them wasn't good enough. I continued to get nowhere with their tech so I left well enough alone. And by that I mean I took my fury to Twitter again.
Somehow a few of my tweets must have hit home and my Media Temple nameservers were restored so that my site was back up. This was obviously a boost but domain ownership was the key.
Within the day, 1And1 returned the information GoDaddy requested. In doing so, it was discovered that Name.com was also involved. Essentially the thief moved the domain from GoDaddy to Name.com and then on to 1And1. My initial feeling was that Name.com's involvement was very bad news. Another entity surely meant more delays and more people to convince. I couldn't have been more wrong.
GoDaddy quickly requested transfer information from Name.com. I immediately tweeted @namedotcom to let them know what was up. They provided an immediate response.
Name.com took up the fight almost immediately. They publicly tweeted to me and DM'd me to let me know they were on it and what they had found. I wasn't told to email a generic address and I wasn't made to wait days for a response. It was great to experience real customer service. I knew that Name.com cared when I got this tweet:
- @davidwalshblog @GoDaddy We've shut down an account and found a fan of yours in the Ukraine. Our abuse dept is getting details from 1and1.
Back to 1And1
As if I wasn't upset enough with 1And1 for their lack of responses during the first go-round, my patience was quickly exhausted on the second. In the coming week, despite dozens of tweets, phone calls, posts to their Facebook page (and numerous from all of you as well), 1And1 did not reach out to me once. Not once. When they finally responded to my posts, I always received canned responses which basically told me that they'd get to the problem on their time. It's not surprising that a thief would use them -- they seem like a company that cares only about volume and wants to bury their head in the sand when it comes to problems. They also seem to not care that thousands and thousands of their potential customers are seeing each tweet. I couldn't believe it.
Name.com saw my frustration with 1And1 and made extra efforts to contact them and keep me updated as to progress. Name.com also applied further pressure on the thief (dude provided a real phone number on the account!) and talked him into providing them the auth code for the domain, thus allowing Name.com to initiate a transfer of my domain back to them (Quick note: during the dispute, the domain can only be transferred back to the "losing registrar"; since Name.com was used as an intermediary, they were technically the losing registrar. As soon as Name.com became part of the thief's trail, GoDaddy really didn't have much ability to help.)
Script & Style
During this process, I remembered that SCRIPTANDSTYLE.COM was magically missing from my account as well. I did notice it a few weeks prior but thought nothing of it because I was planning to shut down the site anyway. I just assumed that the domain lapsed so I didn't investigate further. This incident spurred my curiosity and I came to find that SCRIPTANDSTYLE.COM was stolen by the same person. I quickly filed the theft with GoDaddy and they addressed it with PlanetDomain right away.
Misery Loves Company
On December 2nd, Chris Coyier found out that CSS-TRICKS.com had also been stolen and moved to PlanetDomain. The same thief also stole SOHTANAKA.COM, INSTANTSHIFT.COM, DESIGNSHACK.NET, KIRUPA.COM, and SHIACHAT.COM. This proved a few things:
- Not all of them were initially registered with GoDaddy, so you cannot fault them or accuse them of being hacked.
- It was a calculated attack on web development blogs, not just mine (I knew some people didn't like what a wrote, but stealing the domain is a bit much, yeah?)
- This person had a system for what they did
CSS-TRICKS.COM and SCRIPTANDSTYLE.com were promptly returned by Planet Domain to GoDaddy. Most of the others have gotten their domain back, but Soh Tanaka still hasn't gotten his back from Network Solutions. Please support @sohtanaka by tweeting to @netsolcares and @1and1_4u.
On Saturday, December 3rd, Name.com initiated a transfer to get the domain back. This is generally a five-day process so during that time I didn't contact 1And1 and prayed they continued to be complacent in helping me. These five days were possibly the longest of my life. On December 8th, I awoke to seeing the domain back at Name.com and from there Name.com put the domain back in my name and put it under uberlock. Mission accomplished!
The outpouring of support during this rough time was incredible. All of the tweets, retweets, phone calls to 1And1, posts on their Facebook wall, and research was absolutely shocking -- without your support I wouldn't have my domain back right now. I don't know how I can repay you all. Special thanks go to Daniel Buchner, Chris Coyier, and a few people that did some undercover work and wanted to remain nameless. Wow guys -- I still can't believe it.
How it Happened
I still don't know how the thief was able to get hold of our domains. I think blaming GoDaddy is out of the question because the thief took the domains from numerous different vendors. Domains were taken from both GoDaddy, 1And1, Network Solutions, and Dreamhost. My only thought is that the thief hacked my Gmail account, set up filters which would catch emails from the domain vendors, hide them, and work around me that way. One of those emails would be the reset password email from GoDaddy, and that's how he'd be able to get it. The one hole in that theory would be that my GoDaddy account password was the same when logged in, so I really don't know how all this happened. I guess where there's a will, there's a way.
The Devil is in the Details
The thief made two crucial mistakes in my domain theft:
- Changing Nameservers: The namerservers were changed when the domain got to 1And1; without seeing that domain parking page, I wouldn't have known my domain was stolen
- Real Phone: Thief put his legit phone number on the domain. Without that Name.com would have had a much more difficult fight to get the domain back.
The mistakes will kill you!
Haters Gonna Hate
I actually had a few people say that the domain theft was my fault. That it was "my fault" was dispelled by the fact that so many others had their domains stolen as well. I didn't have a rubbish password and I don't give my information away. I've never heard anything so stupid in my life.
Someone also mentioned that I should stop tweeting about it because they were tired of seeing it. Besides the obvious "unfollow if you don't like what I tweet" comment, that's a really careless thing to say to someone that's had their intellectual property stolen. That domain/blog has gotten me jobs, allowed me to travel the world and speak, and besides -- without that domain, you wouldn't know who I was.
A bit of advice for those of you who own or manage domain names:
- Check your WHOIS often: My domain was actually stolen two weeks before I recognized it. If the thief doesn't change the nameservers, you may lose your domain without knowing.
- Don't use private registration: Public registration provides a living record of who truly owns the domain.
- Harass the vendors: I've been in this business long enough to know that if you don't continually contact the vendors after your domain is stolen, they'll get things done on their timelines. Since many vendors work on volume, you'll be nothing more than ticket #23482938.
- Call attention to yourself: Make sure that the vendors know that other developers (potential customers) are seeing their handling of the issue; that tends to make them work faster.
A lot of people are having a go at GoDaddy and I don't think it's warranted. They helped me very quickly and it doesn't appear that they were hacked. I don't have any animosity toward you.
1And1: You are absolutely useless. Over the course of two weeks I continually tweeted to you, posted on your Facebook wall, called your support techs (BTW, I taught one of them that ".NAME" is a TLD; you're welcome), blogged about the issue, posted on Digg, Reddit, Hacker News, and DZone, and you did absolutely nothing but ignore me or give me canned responses. This signifies one of two things: either you simply don't care (and why would you, as I've never paid you a dime) or your PR people are completely, completely inept. In two weeks I'd estimate that at least 100,000 people (web developers, a.k.a potential customers) saw that you weren't helping me (or even communicating with me). In fairness, you could have been busting your asses to help, but your inability to communicate with me was reprehensible. During the ordeal, I received hundreds of tweets and emails telling me about bad experiences with you, and I sure as hell believe them.
Name.com: You are absolute legends. I did not pay you one dime this entire time, nor have I ever, and to say that you went above and beyond is the understatement of the century. You made gutsy moves to contact the thief, and not only monitor his account but also get the auth code from him, and transfer the domain back. You were in touch with me every day and weren't going to take "no" for an answer. I cannot get over how far your company (and Scott in particular) went to return my domain. Your company owed me the least and gave me the most. Absolutely brilliant service. You deserve every bit of business you receive from my story.
Name.com Promo - DAVIDWALSH
To celebrate their epic work, Name.com is offering a discounted $7.25 transfer price (w/ extra year added on) for .COM and .NET domain names, as well as a $6.99 transfer price on .NAME domain names (yes, 1And1 tech support, that TLD exists). The promo code to use is DAVIDWALSH. I highly recommend you give them a shot; if you haven't figured out why, re-read this post.