Daniel Boulet writes "Executive summary: I am looking for someone associated with the gandi.net domain registrar who can suspend my account until they open for business tomorrow morning.
The details: Someone has managed to (mostly) steal one of my domains — retry.com. They appear to have done this by:
changing the contact address for my account at my domain registrar (gandi.net)
using the gandi.net lost password mechanism to request a new password for my account
logging into my account and initiating a domain ownership transfer
I received the notification of the contact address change and immediately logged into my gandi.net account before they changed the password. I changed the contact address back to the correct address. Shortly afterwards, I received the 'standard' e-mail asking me to approve the transfer. When I tried to reject the transfer, I discovered that the thieves had also managed to change the password to my gandi.net account (I suspect that they did this using gandi.net's lost password mechanism after they changed the contact address). The thieves seem to somehow managed to complete the transfer of my retry.com domain since whois now says that it is owned by a Copenhagen entity (it also says that it is owned by Boulet Fermat Associates which is me but I'm based in Canada). I spent the first few hours after this happened changing the contact address back and changing the DNS server configs for my domains back to what they were supposed to be — this was a cat and mouse game of sorts since the thieves were working to change them to their values and I was busy changing them back. At the present time it appears that the thieves have stopped trying to change my contact address or my DNS configurations but they could restart at any time.
The only reason that I am able to defend my other domains from being stolen is that I'm still logged into gandi.net's website. I am making sure that I do something at least every few minutes so that the session does not timeout. If I loose the session then I can't log back in again since they changed the password after I logged in. I am not able to use the gandi.net lost password mechanism to get the password back again since the site only allows the mechanism to be used once per day.
My plan is to keep monitoring the account until gandi.net — located in France — opens for business tomorrow (around midnight MST tonight in the US/Canada). This should work as long as my session to the gandi.net site does not timeout although life would be simpler if someone could put me in touch with someone at gandi.net who could simply turn off my accounts until the dust settles (there are two of my accounts involved as near as I can tell).
One interesting bit is that they changed the contact address on my gandi.net account to firstname.lastname@example.org. There's a blog article here describing a different domain theft that happened a few days ago and which used the same email@example.com e-mail address."
Sorry! There are no comments related to the filter you selected.