How to get a stolen domain back?
I run a medium-traffic website that generates about $200-$500 in advertisement revenue every day. Yesterday I came back from a two week vacation to find out that the advertiser code of AdSense was changed to a different account. Then I found out that the domains were transferred away from NameCheap to a Chinese registrar "22.cn". I assume right now this is because somebody found out my NameCheap password through a trojan.
Few questions to the HN community: Is there a procedure to retrieve stolen domains? Do I have any way to claim damages or press criminal charges? Is there a law firm that specializes in these kind of litigations?
38 comments
[ 4.2 ms ] story [ 96.8 ms ] threadSorry to read what happened to you, throwawayhelp. As one who's worked with similar cases in my ex-registrar life, unfortunately I'll tell you right now these things do take time.
As mentioned earlier, give it about 24 hours. While we all want things immediately or done right away, things aren't always as simple as we want to believe.
As long as you contacted NameCheap right away and gave as much information as possible, they'll at least take action. Good luck, and keep folks here posted when you can.
I think you need to manage the expectations to the branding and cost of your provider.
Regards
http://www.namecheap.com/support/knowledgebase/article.aspx/...
You're supposed to receive a bunch of e-mails when your domains are transferred away. Did you receive them? Did you receive any other type of notification from NameCheap? Domain thieves often begin by breaking into the domain owner's e-mail account, so that they can intercept these messages. So make sure that you're in full control of your e-mail account before doing anything else. Double-check your NameCheap account and make sure that your account, as well as all your domains (including those with WhoisGuard) have the proper e-mail address attached to them. Change all the passwords. Change the passwords on your backup e-mail, too. Otherwise the thief may be able to get between you and NameCheap and confuse the hell out of both parties.
Also contact the receiving registrar (22.cn) and let them know that they just received a stolen domain. Send a stern but polite notice to their abuse department. They might or might not do anything about it, depending on how reputable they are, but it's worth a shot.
Thank you very much for this tip
That kind of thing never happens "accidentally", especially if you're smart enough to use two-factor authentication.
By the way: http://www.codinghorror.com/blog/2012/04/make-your-email-hac...
And, other things being equal, the more visible your "presence", including the account that the password belongs to, the greater the risk of compromise.
Did you type that wrong password into a dodgy site? Did you type it into a site that does not use https? While on a relatively more unsecure connection?
Even if you trust the ethics of the site, how do they log, and are those logs secure?
Paranoia: Stimulant of the chronic surfer. ;-)
http://googleblog.blogspot.com/2011/02/advanced-sign-in-secu...
1) How the malicious party gained access to your account(s) in order to approve the transfer. This is typically caused by an email address compromise and something you will deal with directly with the email provider (be sure to request logs of recent access to your email account ASAP, this will help later). Also, change your account password on this account immediately and scan your local machine for malware.
2) The more pressing issue for you though is retrieval of your domain. Luckily ICANN has a very specific process on how to handle this, and it's mainly up to your registrar to handle for you. So contacting your registrar is in more cases all you need to do (remember, this isn't a basic support inquiry though, so you may need to wait for the fraud/abuse staff, depending on the registrar.)
You can review the specific process the registrar should be following here: http://www.icann.org/en/help/dndr/tdrp it's the official 'transfer dispute resolution policy'. I have handled these at the registrar level and 95% of the time it goes smoothly as long as the facts are laid out for all parties. Information such as the IP who accessed your email account at the time of the reg. transfer is one of the key pieces of evidence you can provide your registrar to make the transfer dispute go faster, however your registrar is likely (obligated under due diligence) to have their own records of the transferrers IP who approved the request.
I wish you the best of luck, I can't really help out specifically with your case but if you have any questions about the TDRP procedure feel free to ask.
P.S. "Step 3" would be to address any losses, if you want to seek this option out you will need to lawyer up as any damages claimed would have to be recovered in a civil dispute (this is presuming you are presiding under US law/courts)
Thanks for the information. I contacted the registrars... This is a nightmare for me.
It's been tough sleeping this week and pointing me to the ICANN process makes me feel a little bit better that there is hope!
I'm not saying this is an easy fix; but it IS Cyber-crime. I'd also consider talking with a lawyer if you can pony up the money.
And (not at you) ROFL down-voted for suggesting contacting the FBI. That's ok, keep paying taxes and not getting your money's worth. Government is there to help; they make a mess of things but they are better then a-LOT of the alternatives in other countries.
Those are 3 of the best. Your options are contact NameCheap and see what they can do. Also filing a UDRP works sometimes. But see what else a lawyer who specializes in this can do.