WARNING: Google’s GMail security failure leaves my business sabotaged
Due to 500+ comments on this article, it may take a few seconds for the page to load. I appreciate your patience.
What would you do if a criminal stole something very personal, and very valuable from you? What if they were able to target your business and criple your income? You wouldn’t be too happy now, would you?
What if you also discovered that this was happening because of a Google security infection that can affect every GMail user on the planet?
That’s what has just happened to me, and here I’m going to tell you my story. I will detail everything I know about the web pirates who are threatening my livelihood, and tell you what you need to know in order to avoid the same thing happening to you.
On November 20th 2007 I left the UK to spend a month’s holiday in India. I’d been planning this break for over a year, and was looking forward to taking my girlfriend away on our first foreign trip together. Prior to leaving, I published a blog post to let my readers know I’d be away for a while, and that my blog would be a quiet place in my absence.
All my clients were informed, bills paid, loose ends tied up, and off I went on a new adventure.
I arrived in Mumbai on November 21st, and on the journey from the airport to the Colaba district, was punched in the face by an Indian youth, but that’s another story.
During the month ahead, I knew I’d be irregularly checking my emails, but only to let my loved ones know everything was fine. This holiday was to be a break from work, and a break from computers.
Indeed everything was fine for a few weeks, until December 15th (five days before I was due to return from holiday). I called into an internet café in Goa, and read some worrying emails from good friends of mine. I was informed that my website had disappeared, and that my domain name (www.davidairey.com) was now redirecting to some random website - bebu.net.
I was confused, and anxious. How could this happen? I hadn’t received any notification of my domain name expiry, and I never divulge any passwords to anyone. The only possible explanation for me was that somehow, the domain name had expired without me receiving any notice, and that some domain poacher had snapped it up before I got a chance to renew.
My website had been pulling in over 2,000 unique daily visits. Not a massive amount by any stretch of the imagination, but for a one-man operation, 700,000+ annual visitors can generate a nice amount of new logo design business.
So I ran a WHOIS check on davidairey.com, hoping to find an email address for the new owner. The search yielded this email address: DAVIDAIREY.COM@domainsbyproxy.com and here’s the email I sent:
Hello,
Please can I purchase my old domain name from you. It seems it expired without my knowledge.
www.davidairey.com
Kind regards,
David
I found it hard to believe that I’d let my domain name expire, but thought it a good idea to send an email nonetheless.
On the very same day, I received a reply. It came from one supposed Peyam Irvani, telling me the following:
Hello,
Please send me your high offer !
Regards
By this stage, I’d already had some back and forth email discussions with close friends, wondering what exactly could have happened. I also contacted my web host company, ICDSoft, asking them to help. They were the ones who sold me the domain name after all. Shouldn’t they have informed me?
This is when I found a disturbing support ticket, posted in my web host support panel. It was supposedly from me, addressed to ICDSoft’s support team, and was created on November 20th, the exact date of my departure from the UK. It read the following:
Subject: Davidairey.com Transfer
Hello,
I want to transfer davidairey.com to another registrar please unlock it and send me the EPP transfer code.
Kind regards,
David
Within just one minute (ICDSoft’s support team are very fast) the following response had been supplied:
Hello,
We unlocked your domain name as requested. Here is its EPP code:
Domain name: davidairey.com
Auth/EPP key: 6835892AE0087D66Best Regards,
Support
I immediately typed a reply to this ticket, asking for help, and wanting to know what I could do to resolve the situation. Here’s what I was told by the support team:
Unfortunately, the domain name has been transferred successfully, and it cannot be reverted. The current registrar may be able to give you more information.
The original ticket message was sent from this IP address: 207.36.162.100
The person who posted it must have had access to your email, too, because transfers have to be approved by the administrative contact in order to be successful.
What? Not only did the hacker gain access to my web host control panel, but they also squirmed their way into my email account? This is when I began to get very worried. I kept a lot of personal emails behind my username and password, and this was a real invasion of privacy. For a few minutes I sat in the net café, my girlfriend beside me, and I didn’t know what to think.
I sent an email to GoDaddy, where my domain had been illegally transferred to, and asked them to prevent any further transfers. I wanted the domain in one place whilst I investigated. Here’s what GoDaddy said:
Unfortunately if a transfer request is made and completed we will not be able to prevent this unless we receive the notice from a court or arbitration forum… I apologize for any inconvenience this may cause.
Okay, so GoDaddy can’t help until the matter is taken to court.
This whole process ran over a few days of my holiday, as GoDaddy took over 48 hours to respond. At this point, and on December 19th (four days after my first email to the web pirate, ‘Peyam’), I thought I’d send a reply, and here’s what I said:
Hello Peyam,
Well, congrats on your hack. I’d love to know how you did it.
Before this moves through the courts, in order to settle the dispute, I don’t suppose you’d be so kind to give me my domain back? It’d really save me a lot of hassle, but if that’s what it takes, so be it.
I saw no point in being aggressive, wishing to keep them ‘on-side’ as much as possible.
Again, that same day, I received a response:
:))
Im sorry to say but its not possible to have it or it take about 1 month if you try hard to have it again :)) and you lose your visitor ….hahaha
You can purchase it for 650 $ And we will use escrow sevices ;) that will done in less than 2 days !
Now my domain name was being held to ransom, and the hacker was taunting me. What I had spent more than a year building into a sound marketing plan had been severed at the knees.
I’m not the type of person who will hand any money over to a criminal, so I didn’t reply, instead focusing on stopping this hacker from stealing any more of my property.
How was I being hacked?
After a little research, I found this exposé into Google’s GMail defficiences: Google GMail E-mail Hijack Technique
It details the exact GMail hijack that I have just found applied to my account (right whilst writing this blog post).
Here’s an excerpt:
The victim visits a page while being logged into GMail. Upon execution, the page performs a multipart/form-data POST to one of the GMail interfaces and injects a filter into the victim’s filter list. In the example above, the attacker writes a filter, which simply looks for emails with attachments and forwards them to an email of their choice. This filter will automatically transfer all emails matching the rule. Keep in mind that future emails will be forwarded as well. The attack will remain present for as long as the victim has the filter within their filter list, even if the initial vulnerability, which was the cause of the injection, is fixed by Google.
And here’s a three step illustration of just how this threat works (click each image for a larger version):
Images courtesy of GNUCITIZEN
I took a look at the ‘Filter’ option in my own GMail settings, and it turns out that you can easily set incoming emails containing specific words to be forwarded automatically. For example, if you want any emails containing the word password to be sent to another address, no problem. It also appears that the Filter can delete the email from your GMail inbox as soon as it has been forwarded, so you’d be none the wiser if a hacker was playing havoc with your incoming mail.
IMPORTANT: If you use GMail, it’s absolutely vital that you check your account settings now.
Here’s what to do:
When logged into GMail, click on the ’settings’ tab in the upper right of the screen. Then check both the ‘Filters’ and the ‘Forwarding and POP’ sections. This is what I only just found in my ‘Filters’ tab:
The following filters are applied to all incoming mail:
Matches: transfer-approval.com
Do this: Forward to ba_marame_pooli@yahoo.com, Skip Inbox, Delete itMatches: from:(transfer-approval.com)
Do this: Forward to ba_marame_pooli@yahoo.com, Skip Inbox, Delete it
I have absolutely no idea who’s email address that is, but it seems to me that some of my personal emails were bypassing my inbox entirely, instead being forwarded to the yahoo.com address.
It appears that the GMail security issue is fixed, but that won’t remove any previously installed Filters from your GMail account.
What do I know about the hacker stealing my property?
I have a GMail address, pay.irv@gmail.com, and what’s possibly some fictitious name, Peyam Irvani.
There’s also the Yahoo email address, ba_marame_pooli@yahoo.com, where my emails were being forwarded to through the malicious Filter.
ICDSoft provided me with the IP address from where the fraudulent support ticket originated (207.36.162.100), and it’s possible to search for it’s physical location using a free online IP address locator. I’d never used one before, but gave it a shot…
According to IP Global Positioning, the IP is in the United States. Fort Lauderdale, Florida, to be more precise, and the Internet Service Provider is known as Cybergate INC (based in Mississippi, USA).
I’m not entirely sure just how much this information can help me, if at all, but I thought it might be useful.
A little unexpectedly, I received a third email from ‘Peyam’ on December 21st, saying:
Helli David,
We can use escrow and you can have your domain name again :)
Only for 250 $ !
Do you want it ?!
Its special christmas offer ! haha
I like to see you have that domain name again :)
I don’t care if it costs $0.02. I won’t give my money to a criminal.
You might be wondering what I did to ressurect my website from oblivion. You’re reading this post after all. Before the theft, I had both davidairey.com and davidairey.co.uk, with the .co.uk permanently redirecting to the .com (I felt it would make more business sense to use the .com as my main address due to its ease of memorability.
I’m now using www.davidairey.co.uk domain as my main address. What does this mean? It means that all my organic search results are reset to zero. Whereas once I was on the first page of search results for logo designer, I’m now nowhere to be found.
It also means that my business cards are now incorrect, and my email addresses too. Quite an expense, but I’d rather fight in the courts than give one penny to the person who did this.
During the site move, I found to my detriment that I was linking to my blog images entirely the wrong way. I had been uploading my picture files to a subdomain (blog.davidairey.com/images) then placing them inside my blog posts from there. This meant that whenever the domain name changed to davidairey.co.uk, so did that subdomain. It now became blog.davidairey.co.uk/images. Therefore, my site was missing every single image I’d ever added.
In order to fix this, I moved all the picture files to a new folder, in the root directory at davidairey.co.uk/images. Now, when I insert an image into a blog post, I don’t use the full URI, but cut the address to it’s bare minimum, like so: img src=”/images/example_filename.jpg”
This means that should I ever re-change my domain name, back to the .com for instance, the images will automatically pull whatever domain name I’m using, without the need for a change.
I’m now also using this technique for internal hyperlinks. Rather than linking to my contact page like so: “http://www.davidairey.co.uk/contact”, I’ll simply use “/contact”.
Much better, and uses less code too.
Where can I get help with domain name disputes?
This is the stage I’m at now, weighing up my options before it comes to paying legal fees. This is also where I’m calling on your valued help. I know that many of you are much more clued up on this than I am, and if you can spare some advice in the comments here I’d be very appreciative.
In my email communications with GoDaddy (the company where my .com domain name is now registered), a representative had this to say:
Should we receive notice of a pending dispute from a court or arbitration forum, we will lock the domain name so it cannot be transferred or have the registrant information modified. Likewise, when we receive a decision from the legal body, we will update the domain name accordingly.
They then directed me to the WIPO (World Intellectual Property Organization, domain.disputes@wipo.int).
So I looked into this organisation’s website, and in particular, the section on domain name dispute resolution resources.
There’s a FAQ section which provides information on a number of items, including the following:
To cut a long story short, it seems I have to pay a minimum of $1500 for the pleasure of initiating a court case. All fees are listed here.
As for how long the process lasts, this information isn’t very obvious on the WIPO website, so at present I’m unsure.
What should I do?
From what I understand, the only option is to proceed with legal action (again, I’m not paying the thief one penny).
- Do you know any different?
- Do I have a good case to proceed with?
- Is there any other information available online about the pirate who is blackmailing me?
If you can provide any of these answers, it would mean a lot.
UPDATE:
My domain name has been returned, and you can read exactly how in this blog article.
Thank you
Thank you so much to those of you who kindly emailed me at the start of this situation: Vivien, Ben, Tammy, Armen, Dawud, Ed and Jamie. I know that more of you tried, but that I didn’t receive your emails because my accounts no longer existed.
Thank you also, to everyone who is lending their support in the comments of my previous blog post, David Airey.com hacked. Many of you have also published my news on your own blogs, and this really lifts my spirits, showing just how great the people in the blog world are:
Here’s a sampling of your kind help:
- David Airey Hacked
- Links Important Enough To Write About On A Saturday
- Your Help Needed: David Airey.com hacked
- If you link to David Airey please read this
- What Happened To David Airey?
- Where-oh-wherey is David Airey?
- David Airey - Designer, Blogger, Information Sharer
- davidairey.com hacked and hijacked!
- Fellow Blogger David Airey Gets Hacked
- Hackers
- David Airey’s Domain Hacked!
- David Airey is Back (but has a new domain)
- David Airey’s Graphic Design Site Has Been Hacked
- Great graphic design stuff and theiving bastards
- Warning: Your Blog Could Be Hacked
- David Airey Hacked?
- davidairey.co.uk
- Don’t tell someone about vacation
- Pedere un dominio troppo facile
It truly is fantastic that you’d go to this effort, and if there’s anything I can do in return, do let me know.
Morals aside, its business sense. why dont you buy the domain name at 600 USD or 250 usd or any other bargain you could strike. Atleast you been back on the search page logo designer UK will be mean much more than 600 usd or 250 USD ?
You may then take an expert opinion on how to initiate legal proceedings since this might take time.
Matt Cutts helped you earlier. How about asking him
Wow. This is amazing on so many levels. How can somebody steal your domain from under your nose? Scary.
I would pay the guy and get my domain back, you will lose far more in terms of SEO value. If you don’t buy the domain somebody else will.
Is it really business sense to pay the hacker? To allow yourself to be blackmailed is inviting other thieves to do the same.
“If he did it, why don’t I give it a try?”
Don’t you think so?
Hope it works out for you :(
Seems like this guy chose the wrong blogger to pick on. You deserve a lot of credit for sticking to your principles here, and I hope everything works out for you.
One other thing is that FeedBurner really saved your bacon here. Because your feed URL is on their domain, you won’t lose a single reader. It’s a shame about the search engines, but at least you know that the community you have built up isn’t going anywhere! :)
Michael,
I appreciate you saying that. This could make a great promotional story for FeedBurner, as you’re right - if I didn’t use their service, it would take some time to inform the excellent community of bloggers as subscribers.
I think if I were in your shoes I would start by finding a lawyer that will simply write a letter to Cybergate detailing your story and the evidence you have and see if you can get any real evidence on him. Maybe you can incriminate him into giving up ;)
a truly chilling tale, i hate to say it but there are a lot of people who are learning from your misfortune. your efforts aren’t in vain.
keep your chin up!
Heya David,
So sorry for all that you’ve had to experience. One thing I am sure of is that things have a way of coming back around. This hacker will get what he deserves. Well, my blog is new, but I’ve added you to my blogroll. I know it’s not much, but maybe the reciprecal link can help. Despite everything, I wish you’re able to enjoy the Holidays. Be safe.
~N
Thanks for the suggestion about approaching Cybergate. It’s certainly a possibility.
Jamie,
I was hoping this would help others cover their backs. I’d hate to see the same thing happen to anyone else, and your support is much appreciated.
Natasha,
That’s very kind of you to add me to your blogroll. Thank you! No matter how new your blog is, it says a lot that you want to give your readers a recommendation about me. Best of luck with your blogging efforts.
David,
First of all thanks for all the thought-provoking info on your situation.
Second, have you thought about just abandoning the .com address? I know you’ve worked so hard to build it up with respect to SEO etc, but a .co.uk address is not such a bad thing is it? I know in Canada that there are plenty of very large sites that use the .ca address and not .com. The .com address doesn’t have the cachet it may have once had. Would new customers necessarily assume it was YourName.com? All of your present and former clients could easily be informed of the mishap and advised accordingly anyway. The only problem is that the .com spam site remains. If only there were some way to get rid of that.
Another option might be to buy a different domain name entirely (not YourName.com .co.uk .biz.. etc.) and start anew. Build a new brand. Sometimes starting with a clean slate and more experience can pay off in other ways.
Tough call to make any smart decision here. I do agree with your stance on not paying the crook. It’s not like he’s going to have a lot of other takers on that offer anyway. It is tough just to know its out there though. Would be nice if there was a way to shut him down that wasn’t a costly legal avenue.
I’m thinking of Mel Gibson’s press conference where he basically tells the hostage takers to take a flying leap. Send this guy an email and colourfully let him know he’s off your radar. hehe.
Good luck David.
An absolute disgrace.
I’ll drop you a few links to this site until it is resolved. Added you to my blogroll for the mo.
Abandoning the .com address is one option. Like you point out, there’s always the fact that it’s still out there, but it’s reasonable to assume I could get it terminated?
At present, my domain could be a lot worse, and I’m relatively happy with davidairey.co.uk.
Also, I had time to think things through when on holiday, and set about my plan of action for a new logo design-specific website. I’ve mentioned it before on this blog, but didn’t take many steps to put it into action. Now I have a sketched plan of the site components, with plenty of ideas for content, so it’s just a matter of sitting down and starting afresh.
You know, I think Mel Gibson crossed my mind at one point too! Thanks for your take on the matter.
Shaun,
That’s great of you to add me to your distinguished blogroll. Thanks very much for your generosity.
Good luck with your hunt - you are definitely taking the right approach by not ‘buying’ your domain back off this guy. There is the chance this technique has already worked for him, by some sucker falling for it, and now he’s trying it again, and may be again and again . . .
Stay with it.
If the word spreads, perhaps no one will buy the domain if it comes on the market and he will have a (to him) useless domain on his hands . . . .
Possibly try and find out when the .com is to expire and see if the guy has forgotten about it, and try to re-register it then?
I’ve changed my link and written you a little note on my blog. Much sympathies, and my two cents on the matter - if you can find the actual live human who hacked, sue. I may not be entirely American, but I’ve picked up on the litigiousness of the culture… certainly if you can afford the legal fees, go for it. At the very least, go for a consultation. I think in order to get anything, you have to show that you’ve incurred quantifiable damages - reprinting cards, time, and especially loss of present and/or future clients.
Hi David,
Thanks for sharing your experience and warning people around.
Here’s what I thought, what if you try and hire some hackers to hack your site back? %-/
Like, fight fire with fire?
But again, there’s a good lesson to learn: community is the power; even when you disappear from search results, it is your social ties that won’t let you get lost on the web…
I’m really sorry about your mishap, and wish you to still enjoy your holidays!
Cheers,
Tina
Hey David,
I’m sorry to know that you’re going through these troubles. Just a few weeks(?) ago, BittBox got defaced. This is insane.
I just hope that you’re able to track the cracker. The IP and email addresses are hardly going to help ’cause most of the time, these evil types use IP encapsulation and such other methods to confuse webmasters. Did you contact the Gmail support? Maybe they can collect more details about the person who did this? I read the article posted by pdp back in September and have been alert since then.
Good luck!
David,
I really feel for you…
If you decide to ditch the .com site and just stick with .co.uk, you might be able to get some sites to change their links to point to your .co.uk site (so you get to keep a little of the link love).
I had a look around and found a WordPress plugin called Search and Replace Wordpress Plugin, which offers search and replace across all posts on a site, including content, comments, comment author. I haven’t tested it, but in theory it could search for davidairey.com and replace it with davidairey.co.uk.
The negatives: a) it was last updated in Jan 2006, so we’d need to check if it works on WordPress 2.3; b) it’s only for WordPress (but you have a lot of fans out there using WordPress, who may be willing to run this for you); c) people would be changing the DB directly with no way to undo it, so it’s a little risky (backup needed first!).
Anyway, I hope it doesn’t come to that and you can get the .com domain back. Best of luck!
What an absolute little weasel this guy is! Ugh! It’s terrible! Thank you so much, David - for sharing all of this with us, so that we can warn others! I’m so sorry this happened to you!
Glad you agree with my stance on the purchase. People like this need to realise that we won’t be help to ransom.
Scott,
I think the domain was due to expire in 2009, so I’ve a while yet, but it’s a good suggestion all the same.
Renata,
Thanks very much for posting about my situation, and for your suggestions on what to do next. I appreciate the time you’ve taken.
Hi Tina,
You’re very welcome. I felt it appropriate to warn my readers of this, as it could easily happen to one of them. Fighting fire with fire is a thought, but I don’t know any hackers. Probably a good thing too, as if they’re all like this one I don’t value their morals.
Where would we be without friends? A colleague of mine said that earlier, and it’s so fitting.
Have a great holiday too!
Avinash,
I’d missed the Bittbox defacing what with being abroad. Was it something similar? I get your point about the IP and email address. I didn’t think they’d help but wanted to document everything I know in one post. Perhaps this post will be of use in any future legal proceedings.
I haven’t contacted GMail support, but will do so now. Cheers buddy.
Stephen,
Thanks for your thoughts, and for the ’search and replace’ suggestion. Sounds like it’s a risky one, and I’d not expect anyone to test it on my behalf. Still, it’s a nice thought, and I appreciate your well-wishes.
Lisa,
Glad to write something of use for you, and I notice you commented on Wendy’s blog too. She’s a great person eh?
The site is parked on sedo, so they should know who collect the money generated by the web site, i think contacting sedo will help to track the hacker. Also the domain registrar will be able to tell how register the domain. I think ICAAN have some rules that need all domain owners should have proper address in their WHOIS database.
David, how about sending another email to the hacker and tell him where you stand at, that you won’t pay him a penny, because you don’t pay criminals, that he, however, has a choice:
either return you the domain on his own good will, and you’ll forgive him and close the case,
or you’ll proceed with the court and will get your domain back anyway.
Let him realize that he won’t get a better deal out of it - nobody will buy your domain (if you don’t pay this guy, why should you pay other criminals), so what is going to do with that domain? it will just sit there, until you’ll get it back via court.
GOOD LUCK!!!!! Thanks for keeping us up to date, for all the useful info - keep us posted.
I’ll get in touch with sedo now. Perhaps they’ll help find the perpetrator, and I appreciate your suggestion.
As for the registrar, GoDaddy, they won’t help until the court case has been opened.
Vivien,
I’ll do that too (send another email to the hacker). That’s a good idea, and won’t do any harm to try one last time.
Isn’t there evidence of a prima facia case of blackmail here?
Why shouldn’t the police investigate it as a crime, rather than you having to instigate civil proceedings at your own expense?
[Trust me - I'm not a lawyer]
First, I have to say hackers suck.
Now that that’s out of my blood, the second thing I want to say is that I am not surprised one bit you tracked back through a city in Florida. I don’t know what it is about that state, but every time I investigate a spammer it leads to or through that state.
Of course the main reason this guy did this is financial. Aside from the ransom he’s trying to extort from you, there’s sufficient traffic to make some money on a parking page. If Sedo won’t help you shut the guy down, kill his account by setting up a simple macro to spam click the ads. His account will be banned and lose all money.
One last thing, I updated the links on my site I had pointing to the dot com domain.
Oh, did I mention I really hate hackers? I mean, really, really hate them?
Keep us updated, I am very keen on hearing how this issue is resolved. You might consider a donation fund to pay for legal expenses, I’m sure the blogging community would pitch in a dollar to fight the good fight.
Cheers!
Skunky
Good luck with the hunt david. Really sorry to hear about it.
David,
No, BittBox was compromised ’cause of a WordPress plugin. I myself checked his blog feed after two months ’cause of staying busy doing other works. And just a few hours later, I read your message @ my MyBlogLog profile.
Back in October, even my blog faced a serious attack. Fortunately I was able to control the situation. Anyway, I wish you get your domain back soon ’cause I’ve seen you working hard to promote your blog.
Take care, sir!
– Avi
Damn right don’t pay the tool a penny - who’s to say that after you send the cash, he won’t ask for more money?
Although it rankles, for now letting the .com go may be the best option, and pick it back up again when he abandons it (as he will).
It wasn’t until this that I’ve realised I wasn’t subscribed to your feedburner feed, I was still on ..com/feed. Changed it now ;-)
David, kudos to you for standing by your principles. Fact of the matter is, the domain name is worth zilch without YOU behind it. So, in a way, you are correct, it is not worth the while to pay money to get it back. At the same time, paying opens a whole new can of worms. You should see some of the really weird domain names in China. Nevertheless, they garner huge followings and have a lot of revenues.
Guess what I am trying to say is - David Airey is still David Airey whether it is a .com, a .co.uk or a dot-whatever. We all know where to find you. :)
Just a thought…
Have you contacted the poice department in Ft. Lauderdale? Maybe they would be interested in pursuing this as a criminal as opposed to civil crime and that way it would not cost you anything. You may at least get the satisfaction of rattling his cage. I would think that since he broke into your account to get the domain that it is a little more criminal than domain squatting.
good luck!
I wouldn’t pay the scum bag a penny!
Have you contacted Sedo who are selling the domain, or did I miss something?
I’ll have my boss take read over your post to see what he thinks.
Jamie
I always felt a little old school-ish for not using Gmail as much, no regrets now. One thing to note though, when you use less than a complete URI, your RSS/Atom feeds might not be able to provide a click through to the correct URI since the mail URL will be missing (I might be wrong, but do check).
I hope you get this damn thing figured out and kick the hackers a*$^. Happy Holidays David!
-Sunny
I agree with not paying the hacker. If more people took this stance this type of action wouldn’t be so profitable and enticing.
This is an excellent post on the problems you had and what you are doing. Getting this type of information out to the community will only help keep the community informed.
Hope this is all revolved quickly and with minimal problems.
David - thanks for keeping us all informed with what happened so we can all learn from it.
I’m gutted for you, and the guy that did it - who may well be reading this - is a class A w@nker!
I think you should settle on the fact that he’s done you - but take comfort in that davidairey.com is worth nothing to anyone other than you. In my opinion it’s not worth the legal fees and this con artist isn’t going to hold on to what is to him a worthless domain.
What has made your blog so successful is the quality of your writing and your attitude, and no one can take that from you - so keep at it and even if you’re now stuck with .co.uk - it won’t matter to any of us.
Have a good Christmas mate!
Aaron
I love how this crook sent you a second email with a lower price. He knows that if you don’t buy it, no one will.
I wouldn’t tell him anything. Let’s see how many times he lowers the price!
Oh and by the way, Sunny is right. The images for this post don’t show up on Bloglines.
That really sucks. I hope you get your site back.
Just buy some garbage traffic for cheap from china or whatever and get his sedo account banned.
http://www.google.com/search?hl=en&q=banned+from+sedo
http://www.sedo.com/about/policy.php?page=terms_e&tracked=&partnerid=&language=e
Ow, David. I feel for you. First, the Google penalty (but at least you got your SERP back) and now this.
Even *if* you lose your .com, at least you got this out in the community, creating a buzz to rebuild and we will follow *you*. Without the man behind the blog, the .com site is a shell. Your .com site is “too hot” to unload now.
I have a good feeling that this will come out right for you again.
Good luck.
Man….I’m a big web entrepreneur and the thought of having my website stolen scares the living daylights out of me!
I really appreciate this post.
Regards,
K
There are two kinds of hackers–criminals like the person who stole your domain, and “Ethical Hackers”, who don’t break the law. The suggestion that you hire a hacker to take your domain name back by force is very bad advice–if you did that you would become a criminal too. And since the hacker you hired would be doing illegal things, it would not be wise to trust that person.
I applaud your decisions to take the moral high road, refusing to pay ransom money, and also refusing to strike back by illegal means. It is often frustrating to be ethical and use the slow, imperfect legal system, but illegal shortcuts just make more trouble in the long run.
I haven’t read all the comments but it seems to me you should buy your name back and pursue the creep. Do both.
Don’t pay them a dime !
Hope You get it back !
Some how !!!!!!!!
Good Luck
Um07
Merry Xmas
Heya,
I just stumbled upon this story and am intrigued by your plight. On the one hand, I think it’s admirable that you are sticking to your principles, but on the other, it’s foolish business sense for someone who earns a living through your website.
Some of the suggestions that I have seen such as building the profile of the .co.uk domain are possible. But they can be time-consuming and expensive. I’m not quite sure what your target market is, but if you’re trying to appeal to global audience then having a .com domain is crucial (in fact, there’s little harm in snapping up other TLD’s too).
Over the holiday period, it will be difficult to have this matter resolved in a prompt and satisfactory manner through legal channels. I think the best action for you is to email the hacker with a new offer of something around $100 with the threat of legal action if they don’t comply. I’m assuming the hacker will want a quick resolution without legal action. Hopefully the $100 will be sufficient enough to entice them to transfer it back to you.
If you think that the process of getting them to transfer the domain to you through legal/diplomatic means will cost more than the £60 it might cost you to pay him off, then you are making a poor business decision.
As I first said, your principals are admirable, but principles are meaningless to someone who’s losing money by the hour!
I wish you the best of luck in getting your domain back and I hope it goes smoothly. I’ll help your cause by stumbling and checking back regularly.
Thanks,
Adam
Dave,
I was shocked to hear this when I got an email from you while this was happening, and I’m sorry you have to go through all of this.
I do hope you get your domain back, and I agree with you on not paying this bastard a dime!
As a hosting/domain company, I think domains should offer more protection than just an EEP authorization key, something like a personal question should be asked, similar to how banks ask you like three questions:
-What is your mother’s maiden name?
-What city were you born in?
-What was your first car?
Even custom questions that you make up. Those questions should be asked before a domain could be moved out (along with the EPP key), and maybe it could be an extra fee one pays per year with their domain, because I would surely use it and no doubt others would too.
I can’t blame ICDSoft though, they got a support ticket and sent out the email. But as a host, I’m seriously considering adding some sort of feature that would let us ask a variety of “personal” questions to safeguard a domain in case someone did gain access to your email, because you would have to know that person pretty well to answer questions like that.
The compromise level rests on the host now, as only they would have the questions/answers on their end (it wouldn’t be something you would store in an email, just as you wouldn’t store the answer to something you know very well, like your birthday or mom’s maiden name). Keep it internal, off the public network, encrypted, etc., just as credit card information is treated.
Again, sorry to hear about all this, I couldn’t offer much help when we were emailing back and forth because that is, unfortunately, the nature of domains.
Best of luck to you with this issue, I know you’ll get your domain back eventually :)
Have a Happy Holidays and a very safe New Years!
-Kyle
Find out how the RIAA takes people to court for stealing music. They seem to know how to sue people, starting with only an IP address. And once you win your case and find out who he really is, then file a civil suit to get compensation for your legal expenses, emotional distress, and of course, your financial losses due to the site being down. This jerk’s arrogance makes me sick. I hope you pursue this to the end and catch him. I guess it could be a her =) I’m sure if you setup a paypal link for donations, you’d get plenty of help for your legal fees.
John said, “There are two kinds of hackers”
Actually, there is only one type of hacker; a hacker is a person who digs into something out of curiosity and to learn about it.
There are, however, two types of CRACKERS, ethical crackers (aka, white-hat crackers) and criminal crackers (aka, black-hat crackers). Minor distinction, but it makes a lot of difference (though in the eyes of the media and most people, hacking /is/ cracking… *le sigh*)
Anyway, I set up a little macro to clicking every link 100 times every 5 seconds (just about the most my connection could bear). I think the macro got through about 3-4 minutes before the davidairey.com site stopped responding. I probably just got blocked, but if it does come back up, I’ll start the macro up again to try and FUBAR the person’s chance at making any money off the site.
I hate crackers just as much as the next person; they give hackers (real hackers, people who just want to tinker and learn) a very, very bad name.
I hope you get your .com site back, and I hope the thief in question gets reamed for it.
People like that are scum and give all hackers a bad name, but try contacting CYBERGATE his isp. They may be able to give you information. Take him to court he has to pay all expenses as restitution and since u got those email from him for blackmail and a confession linked to his ip address he has no case. Good Luck hope it works out for ya!!
Hello my friend. Cristmas tomorrow and i give you only 24 hours, we use escrow and all i want is 200 even tho i no it is worth more. get in touch my friend :)
You don’t have to go to WIPO, you can go to the police. This isn’t a civil case of domain dispute, but a criminal case of identity theft, electronic fraud, invasion of privacy, circumvention of encryption…
Once you’ve brought the criminal case, you can bring a civil case against this guy, recoup your losses, and send a message to other Creationists who might try the same thing in the future.
18 U.S.C. § 1028 - Fraud and related activity in connection with identification documents, authentication features, and information.
18 U.S.C. § 1029. Fraud and related activity in connection with access devices.
18 U.S.C. § 2701 - STORED WIRE AND ELECTRONIC COMMUNICATIONS AND TRANSACTIONAL RECORDS ACCESS
FLORIDA STATUTES TITLE XLVI CHAPTER 815. COMPUTER-RELATED CRIMES
Oh yeah: don’t forget extortion! Bring the case and this kid will probably spend a few years in prison!
That sucks, hope you get it back as soon as possible.
I would try to file a complaint with Sedo’s domain parking as well. They seem to be the one’s now providing the content for the website. Also, you’re domain name or website wasn’t trademarked in any way was it? If so, you most likely have a stronger case. What the new holder is doing has a tech name, it’s called cybersquatting. Searching for info on that may get you a little further. There is a federal law passed in 1999 to combat this problem. This article may help, as it provides some background to the problem.
Hope this helps!
I just read what happened to you. I am clueless on how to do 1/2 of what you are talking about, but I feel for you. I hate theives, hackers, and lyers. Good luck !!
That really sucks… I will be writing a blog post to help build you back on the search engines and to spread your story. Have a great Christmas!
I usually skim blogs as I read them. I actually went through and read everything. I cant believe this happened to you. What a bastard! It would be nice if you could hack into Peyams email and phish it back ;)
I have a similar situation that happened to me and I am still trying to to figure out what to do. I hope that someday we can figure out how to secure up some of the most important things that we use everyday and stop letting these idiots mess with our hard work.
Hey, David, just heard about this thanks to StumbleUpon.
You don’t know me.
I took the liberty of submitting the information you found, both email addresses and the IP, to /b/ of 4chan. We can expect that, with any luck, thousands of /b/tards will be gleefully raping said hacker within minutes.
Posting in epic thread,
anonymous
That’s horrible! Thanks for telling us in great detail what happened. It made me stop to think about how secure my domains are and starting to research how I can be sure they’re protected.
I hope some attorney volunteers his or her time to go after the thief. Maybe a threatening letter from a lawyer would be enough to make him transfer it back.
I posted it on my blog - too much of a noob to figure out the “trackback” stuff.
Good luck!
Sorry to hear about his horrible experience. I’ve blogged it for you too, not that I’ll send much traffic.
Pay the money, in the process of paying the money, you’ll have an account (and possibly name) that can be directly linked to him. Once you’ve got the domain back you can file charges for extortion, theft, blackmail, and/or any number of other charges. Plus (since I’m sure you’ll keep the receipt) proof of what was paid so you’re likely to get everything you’ve paid plus legal fees and travel (if it has to be filed in the US ) so you could actually come out with little to no loss.
Can’t you charge it to a credit card, then dispute the charge?
Wow.
Morals are interesting for they create barriers of belief that limit action and limit vision. Action: get your domain back. Vision: where and who is your real enemy?
The courts charging such high fees makes them the real criminal, not the hacker. Yeah, the hacker kicked your behind, but the courts are about to crush your skull. Take your beating and click home (pay the hacker).
Besides, the hacker, ultimately, is on your side–he’s a computer guy too. The courts are not. He’s a little boy playing computer; the courts, fat fascists. He’s (or she’s) smart too; courts are bullies. Some kind of bravery it takes to do what he did; it takes no bravery nor inner strength to charge $1500 to pretend to help.
And man, did you learn a lot?!
Pay the kid, at least make a little offer. Furthermore, maybe you can find a way, through domain location, to kick his buttocks (metaphorically?). Don’t let some fools do it for you.
Peace & Love,
SS
Have you tried just redirecting your domain name back? A lot of people who register their domains with GoDaddy don’t venture into the settings, and domains aren’t locked by default, therefore if he hasn’t locked it down, it should be possible (legitimately) to just take the domain name back.
I can’t remember the details of how to go about it, but I’m sure there’s a howto somewhere on the interpipes.
Me, I check all my settings on most of my apps and services regularly (including GMail), but that’s because I’m a tinkerer, and most people aren’t.
I would go ahead with the legal battle (provided you have a fairly good chance of winning) and set up a donation link. I’m sure with the amount of visitors you have you’d be able to generate a fair amount, even if every person only donated a dollar.
Then, as thanks for the donations, you can keep us updated on how the legal battle goes and hopefully, announce your success and name the perpetrator, who should be shamed by the whole internet!
Wow… I’m so glad that you posted this and added it to Stumble, as I’m assuming that it was you from the screenshots. I, as well as several of my friends use Gmail, and some of them run their own websites. I’m so gonna pass this site on to them.
David~ If you can see my email, please let me know as this updates. I really wanna hear if you come out on top.
Oh, and have a great Christmas if you celebrate it ^_^
~Steph
You have our complete support. If there is anything our News Room can do for you , just ask !
We will move this story to our Headline’s , please keep us informed on developments.
We also have some major news source’s we can ask for assistance if need. Please forward any follow-up stories directly to me.
OS9USER
Dave is right… if your domain expired and someone grabbed it, WIPO might be the way to go. Crime is another matter.
Hi Dave,
I don’t normally respond to blog posts, but this is a real eye opener, i immediately checked my gmail account for filters / forwarding etc, and found i was safe. One thing to note though, there’s absolutely no guarantee that even if you pay this scumbag for your domain back that he’ll even give it to you, so taking the moral high ground is also the safest way to go.
As people have said, this isn’t a civil dispute, it’s a criminal case, your domain name has been stolen, after all, you bought and paid for it until 2009. A domain dispute generally applies to someone purchasing a domain registered to a company or trademark to take advantage of traffic. Your domain, which could also be defined as your online ‘identity’ has been stolen, there’s nothing to stop him putting something derogatory on that domain now, and discredit your name throwing off potential new customers, and potential loss of revenue as people visiting via a Word of Mouth approach will no longer hit your website.
Just some food for thought.
I know how it must feel, but if that domain actually brings you money, I think you should pay up. Of course, bargain to 100$ which is just fine for him and that’ll be it. Everything else is bound to cost you much much more, but more importantly, if you really care about it you’ll just get very stressed and it may act out on rest of your life.
Of course, you can just forget about the domain :(
And third option, which I really, really doubt will work, start a petition on some online petitioning site. Since StumbleUpon now links to this blog entry you are bound to have many many signatures :) But then again, petition sites are no authority and GoDaddy will ignore that.
And of course, I doubt that anyone can hack him. It would be best to find him and beat the crap out of him, but from his english which is not very good (just like mine) I see he’s not american. He’s just using a proxy…
Although I admire you sticking to your convictions so sternly, I think its acceptable to admit when you’ve been beaten and pay the ‘hacker’ (I use this term VERY loosely). As long as you can find some way to be sure paying him will get your domain back. Not to mention, I don’t know anything about the type of money transfer the ‘hacker’ is suggesting, But it would seem if you send him money you would have a way to track him? I would want to find this guy just to punch him in the face.
David, I am truly sorry for your loss of that domain.
Domain Hijacking is very tough to do but see this is why I would use my own email server or a friends.
I dabble here and there some would say I do more but if there is anything you do need and/or anything I can do for you feel free to email me.
I know its a random person on the internet with a alias but honestly I will help you all I can.
Thoughts may be running through your head like ‘Can I trust this person?’ ‘Maybe I could give it a shot’ etc etc.
As well as my knowledge I have ‘friends’ who would gladly help out just for the fun and experience of this.
If you are going to take it to the courts eh I wouldn’t do it until all attempts to regain the domain were exhausted.
Your lucky the person who took the domain never put a whois protection from GoDaddy.com maybe it was just to extort you anyways.
I’m glad you won’t pay for the domain to be back in your possession.
Anyways like I said any help come and email me (I’m fairly sure you can see my email being as it is your blogpost.)
I found this through stumbleupon and definitely considering reading more into this and you.
This peaked an interest thanks for the read.
Kindest Regards,
-James
Oh I would also like to point a few things out on some posts.
Y’arr you are incorrect. If you would like to know the correct terminology you can email me. (Is it safe for me to post it?) Liquid369@gmail.com
OO Your taunts fail he hasn’t fallen to any yet so what makes you think he will David looks to have plenty of pride it won’t work.
@Everyone.. Bringing the case to court many cyber crimes are hard to convict someone try to look out for that although cyber law is becoming more and more intricate and severe.
It would not be in David’s best interests to invest that much money into the court system even if he has a strong case (Keep those emails David they are useful but I am sure you know this)
Anyways lost my train of thought someone interrupted me during my time writing this :x
Sincerely,
-James
Unbelievable.
That sucks.
Well, I dropped a few links into a post in my sideblog, and I’ll put another in my Speedlink post on Saturday. Good luck with your legal battle.
David, sorry to hear about the bad luck with gmail and the domain. I would suggest getting ahold of ICANN and informing them that you did not iniciate the domain transfer, also contact the company you originially registered the domain through and ask them to check the email headers of the email asking to transfer the domain as your address was probably spoofed since the hacker didn’t have direct access to your email account. I also second the people saying you should go to the police with extortion charges, there are several federal offences wrapped up in this if the person is indeed a US citizen.
I see that no one has suggested filing a complaint with http://www.econsumer.gov This is a website suggested by the FTC Federal Trade Commision for cross border e-commerce complaints.
You can also file complaints with the FTC and FBI here in the US since your site was hijacked by an American. Just remember if he has done this to you then he has done this to many more people that are less than vocal about it.
I’d pay the guy and get your domain back first. Business is business after all.
Going through the domain retieval bit will cost you a bomb and take so long your domain will have lost it’s value. It’s all very well to have principals, but not if they cost you so much they put you out of business.
There is also the possibility of sueing afterwards, but that would cost a bomb as well. I would contact the US police and see if you can get the guy incarcerated.
Somebody must have a link to the US equivalent of the Fraud Squad…
If I paid £150 and the perp got 2 years hard labour I know who I would feel had won!
David,
I do agree with the other commentators who mentioned that it’s better business-wise to just repurchase your domain, but I’m really amazed that you would stand to your principal that you won’t give this kid anything. That is a very strong lesson for us all, and I’m really grateful for what you did.
I am pretty damn sure there will be a lot of people who will help you in this matter. And I have a strong feeling that in the end you will emerge victorious and your business will fluorish even more than before this thing happened!
I hope things will get better and better soon.
That SUX!!!
I am a ’super moderator’ over at webdeveloper.com and there is a post in one of the forums regarding something very similar to this one. I’m going to share this story & URL to it, with them. Your story & advice might be of some help to them.
Best wishes with what comes next.
Joel
Offer to pay the hacker, get an address to send a check, or at least a paypal account or something that you can track back to an address, then hire someone in Florida to break his hands, wait 10-11 months for the domain to expire, and then register it.
Well maybe not the break his hands part, but you should play along and try to get as much information out of him as you can, could be handy if you decide to continue the legal route.
Is there a way that we could start a petition in regards to Godaddy , ICDsoft and or Google? If enough people get in an uproar about this, someone has got to pay attention. Even if the media gets involved.
Its not even my site and Im pissed off. I will be checking back to see how this goes.
Lots of love xxx
I consulted on a case where the client was seeking whois info for someone who had a domain name registered with godaddy and was using godaddy’s whois cloaking feature and was also uncooperative when informed of illegal activities. The case was turned over to the FBI. The FBI is quite capable of determining who is paying for the domain service at godaddy.
this is really scary how easy one can lose a year worth of work an effort…
I think you are right not pay to buy back the domain from the criminals
perhaps you can display a ‘donate’ button somewhere on your site, I am sure there will be lots of fellow bloggers who would pitch in to help with your legal fees
David,
I’m new to the site. I just got here through Stumbleupon. I think it’s terrible that this happened to you. I would suggest perhaps, since this was a bug in Google’s system, that you contact someone over there and see what information/advice they could give you about this situation. I understand that they have nothing to do with this hacker, and no way to give you your domain back, but hey, it wouldn’t hurt to give it a shot. Maybe they have a log of activities that might show when that filter was added. If you haven’t cleared your history, perhaps you could re-examine it and find out what website you were at. This is just a guess on my part, I don’t know if they even keep track of that, but I haven’t seen anyone else suggest it, and it might work. I’m sorry about your pagerank, but you’ll get it back soon enough, and with your site on Stumble now, you won’t lack for new readers.
Good luck!
John
man, what a way to celebrate Christmas. :X David, I was thinking: why not write to Google, and CC your letter to Matt Cutts? I don’t mean a letter deriding them for the security hole but one that simply explains what happened to you, along with all the evidence, including the hacker’s IP address. Then tell them that you have been a dedicated user of Gmail and many of their services and would really appreciate any help they could provide on your behalf. This is an excellent opportunity for Google to demonstrate some goodwill towards bloggers especially in light of the latest pagerank fiasco, and with their resources, you never know. It couldn’t hurt to try, but I stress again that the letter should be civil and should indicate that you hold no ill-will towards Google, but that you would welcome any guidance or help on their part. Good luck!
Oh, one additional, thing, I would also write a similar letter to Affinity (Hostway) http://www.affinity.com/ and explain the situation to them, since they own the IP block that contains the particular IP address this hacker used. There’s no way to know whether he’s actually a legitimate user of their service, or whether he used one of their servers as a proxy, but they would certainly be in the best position to investigate and maybe come a little closer to finding out who this f__ *ahem* I mean… perpetrator is. :-P
I stumbled upon this article just now and I must say, I’m appalled. This is ridiculous and I am so sorry. I just checked my gmail filters and thank goodness, they’re okay. Most of my other important emails go through my mac account which I don’t give out.
Good luck with this, I hope you don’t have to go through court. Dave (commenter) is right. Call the cops. This isn’t a civil matter, this is criminal.
I definitely don’t agree with those who say you should just pay the person. Yes, it’s easier, but it lets him get away with this and he won’t stop here.
It’s a shame that this has been done to you. Good luck to you, and I KNOW everything will turn out okay. As someone else said, I think your business will do far better AFTER this huge ordeal than before.
:)
Dear David,
Your story is a lesson to me too. I would have paid, moaned and moved on with life and letting the creep carry on with his deeds, stronger and fueled by my ransom payment.
Having said that, my two cents worth is to pay him and get your domain back. The sooner the better. This should not neither weaken your legal action plans and all other efforts you will make to shut him down.
I hope you do not find my two paragraphs above contradictory. I am advocating a practical approach… paying a ransom… but then not forgetting about it and letting the slime ball carry on.
I suspect I am missing the ‘principal principle’ point here but thought I should still share my thoughts with you anyway, maybe it will be a little comfort for you to know that people all over the world are rooting for you.
Good luck with whatever course of action you choose.
BTW, what Mel Gibson movie is this?
Also sorry to hear about your problem. Obviously it is not advisable to send money as you will loose that too. Depending on where this guy sits it is very difficult to file a court case. Your chances are close to zero even with good evidence, a case like this will cost a fortune. Imagine this guy sitting in Pakistan, Nigeria or even worse Iran. Spend the money on building your new domain is probably the better idea.
You will in any case need to file the case in his country…
David, very sorry to read this. I made a warning post to my readers in my blog about this, linking to your story. If any advice comes my way I will pass it on to you.
My best wishes. Mark.
After reading this I checked my filters on GMail. Nothing there. But I set up one myself:
Matches: Forward to
Do this: Skip Inbox, Delete it
In other words, any email that comes in with the words “Forward to” will be automatically deleted. You might lose a few emails this way, but at least you will not run the risk of having this happen to you.
I didn’t read alllll the comments. You have a lot of support here! :) But I think Google wouldn’t mind taking a chunk out of this guy as well. Maybe they would perform the good deed of sending some of their high powered lawyers after the guy. Sure they need to tip toe around their perceived liability in the case, but going after this kind of hacker would earn them a lot of good will.
This is terrible and I must say that I am very impressed by your morals.
Are you sure about the Gmail security leak and that it wasn’t just an internet cafe computer in India with a keylogger?
You spend a lot of energy and money on your business (cards, website, etc.) and then base it all on a free e-mail address without any contractual obligations to you? It would seem like there is a lesson to learn in here somewhere. I’d say calculate what the domain is worth to you and get it back if there is a clear cut case it’s worth it. Otherwise just leave it. These things happend, just make sure it doesn’t again. There are worse things to worry about.
Hey David,
Thanks for the heads up about the gmail security flaw. Very helpful.
I have a few thoughts.
1. See if a lawyer will handle this case pro bono. This case will probably get a lot of publicity around the blogosphere and I think it would be worthwhile for an attorney to handle it for free.
2. If you pay him he has to reveal his identity when he receives the money, no? Then you can prosecute him from there.
The web’s most interesting stories on Tue 25th Dec 2007…
These are the web’s most talked about URLs on Tue 25th Dec 2007. The current winner is …..
I think ICDSoft lied to you.
There are certainly things they can and must do when theft is committed, which you obviously can verify, cause this Gmail hack is a common one.
Press them harder, possibly report them to the police since they failed to report a crime.
Well, I wanted just say I am with you and you have still few rss readers :) Death to all hackers !
David,
I am really sorry to hear this. Its a loss and I can understand really. I almost lost my blog to a server crash, and I had to work round the clock for 4days to get things back to normal. So I know what you are going through.
But what happened to you is more frightening. Loss of domain is like somebody taking away your home, and holding you at ransom to get it back.
The guy who did this, has no idea how much work you had to put in in order to reach to this level. I pray such thing does not happen to anyone else. You have written a very informative post and helped us realize that this could happen to anyone of us and we need to be more careful.
Thank you for making us more aware and Please, rest assured, the Blogging community has your back. I don’t have a very popular blog but I would help in any way possible. Please let me know If I can do anything at all.
Kind Regards,
Vikram.
It’s Christmas day, so excuse me for not replying individually, but be sure that I’m taking your advice on board, and I’ll get back to you all soon with an update on the situation.
So, is this an issue with Forwarding Mail to an IMAP or leaving a POP mail forward in place, and then having it hijacked (because this was turned ON) or is this truly a security risk? In other words, if you had forwarding turned off, and filter turned off, could this ‘hack’ have occurred? Or was it due to these options being turned ON, and if so, how is it that this person was able to get to YOUR mail specifically? I empathize with your plight, but your statement that there is a ‘flaw’ in gmail is a bit misleading if in fact the flaw was in how you established forwarding or in how this cracker got to YOUR email.
Have to be honest in that I thought this was an article on issues with Gmail, not some hijacked domain.
Look man I know you make your life on the web, and Im sorry that you were hacked, but come on. This Gmail hack has been KNOWN for quite some time. People still use Gmail because its FREE, as in you dont pay for it. The saying that you get what you pay for is very true here.
The flaw is Googles issue, it does reflect on them and there reliability, but you using Google reflects poorly on you. If you are worried about your email security why didnt you use the email address and account provided by your domain host?…Sure it may cost a bit every month but would this have happened?
Dont want to shell out cash every month…Pick up a E-Machine and set it on the floor next to your desk. Purchase an outlook email server or go open source.
The fact is you left yourself open to this by not reserching the tools that you were using. Another fact is that there will ALWAYS be security holes in anything that you use. If you feel nervious about this then you should move your email to a place that you can physicaly controle, and that way you can make sure that all the patches provided by the vender are applied.
Again I am truly sorry that this happend to you, but dont blame Gmail. Google was just offering a FREE service inteded for personal use, not business transactions. You run a business, so spend the capital to protect your investment. You may even find that its a tax write off (please see you local tax authority regarding tax write offs)
What if he has used a buggy, computer with lots of ports open, as a proxy from somewhere else?
Root cause was the vulnerability of GMail… try bugging Google about this and give a criminal complaint with the police and they may churn out some information about that GMail account and deal with GoDaddy.
Even if you are unable to get the domain, at least the system(police, ISP etc.) will be enlightened about these sort of crimes and they will be cautious in the future.
Santa will sort it out, trust me
Sucks that this had to happen, but he will get what is coming to him, i believe what goes around comes around
Cheers,
Glen
Pay the money and get your domain back. This is the cheapest it will ever be.
Look at it only through the lens of the present. Buying a domain name highly relevant to you with great organic search position is $250. No-brainer.
Plus, if you pay then you have one more lead on the criminal. The escrow service has to have a way to pay him, and the courts (ha.. sending the courts to chase a $250 crime) will have one more record to subpoena.
Well, I’d do this a little differently, but it’s a matter of getting your hands dirty - I would schedule reflective DOS attacks on your former URL and any other IPs related to this criminal’s actions. If he’s gonna steal your URL, he shouldn’t be able to use it either. Also, this may cause bandwidth costs for him. Just a thought.
Start Using NoScript Firefox Addon
Hi David,
Firstly, I am really sorry to hear about this, I know how frustrating this is! I’m impressed that you managed to keep your cool and what a wonderful article this was.
I’m not sure what your financial position is, I do agree that you don’t pay the alleged hacker a cent, but taking legal action, if possible, should be done. It would be lovely if justice could be served and that little prat could get a nice backhand for sending you a ‘christmas offer’ on your own domain, I’d like to backhand him for you!
If you need any support, please drop me an email and I can try and help where possible!
Best of luck and merry Christmas.
How terribly viscious. Once again, I’m glad you stick to your principles though I must admit it would seem awfully difficult not to succumb to a $250 ransom just to restore ones legitimacy and call it a lesson well learned…
I know it was terrifying. But I see your http://www.davidairey.co.uk is PR5 now. Did Google do it manually or the banklinks pushed it back? http://www.davidairey.com is also PR5.
I will link to you when I have relevent content.
For now, Wish you a more Merry Christmas and Happy New Year to compensate your broken holiday.
And, I just want to comment on that image addresses. You didn’t need to manually edit each photo. All you needed to do was after exporting the database, open the SQL file and do a Find and replace and replace all “blog.davidairey.com/images” to whatever new address you want, for example “images.davidairey.co.uk” or “www.davidairey.co.uk/images”.
Hey David,
Don’t give into that little criminal. Stick with your intentions of pursuing legal action because this guy deserves to get a kick in the ass rather than $250 and a boost to his ego. It’ll only make him go after other people and make you feel terrible. It sucks, but when you get through this all, you’re going to look back at it and laugh. If you give in for $250, you might be glad to have your domain back sooner, but you’ll look back and only feel worse for giving into a worthless criminal. Also, what are the chances he’ll really give your domain back?
Do what you believe, even if it costs you several thousand dollars, I know you don’t want to give into this guy - so don’t do it, and don’t listen to anyone who tells you otherwise. The publicity from this has generated much support for you, and I’m sure you’ll make up the money by the continued support of your rapidly growing fan base. Trust me, your conscious will thank you down the line.
Interesting read, and it sucks that anyone should have to go through with that. Ultimately the blame lies with your web host who shouldn’t have handed such details over without confirming, but sometimes the better gets a hold of us and in our earnestness to be nice we end up trying to make other’s lives easier and less complicated - which of course can have disastrous effects like in your case.
I have had experience with domain squatters who sit on domains, and the best way to deal with it is to play hard ball or get aggressive. The US address you found is most likely a proxy, and this guy is probably doing this as a full-time job. He probably makes a lot of money by stealing these domains, and I found they usually come from Eastern Europe where the laws are a little more relaxed or not caught up yet with electronic laws - so he can do these things with little impunity. However just because they don’t have laws yet for this, doesn’t mean they won’t co-operate in bringing down the sleazebag.
You made a few mistakes in posting this - one he’s using a Made for Adsense type site to make money off of YOUR traffic. By posting this you are going to peek curiosity in the domain and people being curious will visit it and thereby generate traffic to his page - which means the value of the page goes up and his offer goes up along with it. Also someone Dugg this which means again increased traffic - it could pan out well though if the digg community helps out *hopefully*. Also providing his contact details isn’t good because right now it’s you’re only means to communicate with him, and spammers/harassers could start spamming the guy thereby making him abandon the account and you losing your way to communicate with him.
If you do take this to court, you will Win and this guy if found will serve a very heavy penalty - and rightly so. But in all intents and purposes I think you should settle and pay the $250. But again who knows if the scumbag will even transfer the domain to you. You pick the escrow service, and maybe initiate the deal and once it’s in escrow - report him. Then if you’re lucky you