Hi everyone,
Just wanted to let you all know that the kirupa.com domain was stolen by a hacker.
Currently, the nameservers still point to mediatemple, but if that were to change, that would be quite bad.
In case the domain no longer points to the correct location, my e-mail address is kirupa[at]gmail.com, and I’ll post updates on Facebook (kirupa) and my twitter.
This isn’t isolated to just this site. You can read a full summary of other sites that were affected on css-tricks: [URL=“http://css-tricks.com/”][SIZE=3]http://css-tricks.com/
[/SIZE]
I’ve chronicled my path to getting this issue resolved below.
[SIZE=5]November 30th / December 1st[/SIZE]
I was contacted by the webmaster of shiachat.com who notified me and others that our domains had been stolen.
After checking the WhoIS information, I was shocked to find out that was indeed the case.
I immediately called Network Solutions, and they were helpful in filing a case and mentioned that they would start the process for a formal transfer dispute. They mentioned that the domain was transferred on October 24th.
In parallel, I contacted Planet Domain, but I haven’t heard back from them since.
Separately, I also noticed that the site itself was hacked with the footer of the home page displaying a link to the hacker’s site. The same link that was found in the new WHOIS information for the domain.
With both the site and the domain having been hacked, someone having gained access to my e-mail seems the most likely case.
[SIZE=5]December 2nd/3rd/4th[/SIZE]
I contacted Network Solutions a few more times, and they assured me that the process for filing the dispute is underway. Within a few business days, I will be contacted with more information on this.
I noticed a handful of entries to a moya.server[at]gmail.com in my Network Solutions account. I am assuming this is the account the intruder used to have all notifications and approvals sent to. Doing a google search on this account shows others who had their domains stolen using this address as well.
[SIZE=5]December 4th[/SIZE]
Planet Domain contacted me and asked for some proof that I was indeed the original owner of the domain. I forwarded them some information from Network Solutions that will hopefully satisfy them.
[SIZE=5]December 5th[/SIZE]
Planet Domain, the registrar my domain is currently with, has been extremely helpful. They’ve put a lock on the domain to make sure it doesn’t get transferred or have the nameservers get updated.
I contacted Network Solutions to ensure there were no holdups with sending the form (something they said they would do last week), and was floored when the person told me that he didn’t believe my case. According to him, I legally authorized the transfer - despite me repeating that my e-mail address was hacked and all of this happened under the radar without me knowing about it. There were more wild accusations such as me being like someone who sold this domain for a lot of money. When I told him I could prove to you no money was transferred, he mentioned I could have donated it to a charity instead. I didn’t lose my cool and tried to explain why all of these weren’t true and pointed him to Slashdot (which he had never heard of, so it wasn’t true according to him). In the end, he didn’t believe me. We made our standard end-of-phone-call courtesies and hung up.
Someone in their upper-tier support department left me his e-mail and phone number, and I’ll contact him tomorrow. I have to admit that I was saddened by that. After having spoken to 3 really helpful representatives, having 1 that completely ruined the experience is unfortunate.
So, the good news is that Planet Domain has placed a lock on kirupa.com and won’t allow it to be transferred or have the nameserver information changed. The bad news is that I need to see why Network Solutions didn’t mail the transfer dispute form. I’m optimistic that talking to the person who reached out to me will get that sorted out soon.
[SIZE=5]December 6th[/SIZE]
My optimism proved correct. The person I spoke with this morning at Network Solutions rocked. He will be getting in touch with Planet Domain to get the transfer process started.
[SIZE=5]December 14th[/SIZE]
…and the domain is back! Thanks to everyone for the support and encouragement. More specifically, Jeffrey from Network Solutions, Christine from PlanetDomain, Chris Coyier from css-tricks who provided great up-to-date summaries, and Ali from [URL=“http://www.shiachat.com/”]shiachat.com who notified all of us.
Cheers,
Kirupa