There’s nothing more concerning than receiving an email from someone — completely out of the blue — to let you know that they think your domain name may have been stolen. Particularly when a quick Whois search changes the initial feeling of complete denial to extreme concern…
Last Thursday, I found out that someone had taken it upon themselves to “hijack” our primary domain name — designshack.net — and transfer it away from our registrar. We’re working hard to reverse the process, and I’ll be documenting the current situation here.
The Story So Far
After finding out that designshack.net had indeed been transferred away from our control, I did three things:
- I telephoned GoDaddy (our registrar) to let them know, and seek their advice on the protocol to follow. I was advised to go through their “Unauthorised Transfer Away” process, filling out a report with the relevant identification to prove my ownership.
- I contacted PlanetDomain, the registrar being used by the thief, to tell them that the domain name had been stolen.
- I did a little digging around, and discovered that several other domain names seemed to have been victim to the same theft.
Each of these processes is still ongoing, though we’ve been fortunate in that our name servers haven’t been changed (and, when they were at one point, we were able to request a reversal). Design Shack is still alive and well at our primary domain name for now.
The Other Sites Involved
The domain names affected by this scam are:
It’s difficult to find a connecting thread between each site, as we all use a number of different registrars and hosting companies. Needless to say, we’re working together to get each domain back in the hands of the real owners.
Timeline of Events
Everything was a little more subtle in our case. There was no evidence of our Gmail accounts being compromised, and no malicious links added to our site. Just the sickening theft of a domain name.
The current situation is that we’re waiting for GoDaddy and PlanetDomain to finish discussing the details of the case, and return the domain. Both parties have been in touch with ourselves, and each other, so I remain optimistic that we’ll have the domain name back in our hands within the next couple of days.
How Can You Help?
Thank you to everyone who has petitioned GoDaddy on Twitter to help our cause. They’ve been professional and helpful so far, as have PlanetDomain when speaking on the phone. We really appreciate your support.
Unfortunately we’re somewhat hindered by the fact that neither company’s domain name team works on weekends, with GoDaddy based in the USA and PlanetDomain in Australia. Considerably different time zones lead to a frustrating delay in communication.
If you’d like to continue to help, please feel free to tweet a link to this post, and politely urge GoDaddy to continue to give our case priority. We’ll keep you posted with how things go, and will continue to publish our articles and inspiration as normal!
It’s also worth bookmarking designshack.co.uk, as we’ll be reverting to that address as a last resort.
We publish this post with an overview of how the situation has developed from the 1st December onwards.
5th December, 1am
We receive our first communication from PlanetDomain:
Good Morning David,
Thank you for your email.
We are currently in communication with GoDaddy regarding this issue. We
will advise you via email of the decision.
5th December, 8am
I discover that our name servers have been deleted, and proceed to call PlanetDomain. They re-instate the correct name servers, and Design Shack comes back online.
PlanetDomain confirm that the hijacker’s account has been disabled, so the domain name should be safe from here out. They’re working with GoDaddy to get it transferred back.
Ou domain name has now been returned to GoDaddy, according to WHOIS. We’re now just waiting to it to be assigned back to our account. We’ll then be upping security to a slightly paranoid level…
7th December, 2pm
Everything is resolved. The domain name is back in our account. Thanks to GoDaddy and PlanetDomain for their excellent support in getting this sorted. We’re thrilled to have it back!
- Chris Coyier’s excellent updates on the situation
- The related Hacker News conversation
- The related Slashdot conversation