Collective effort restores David Airey.com
David Airey | 7:22 am | December 27, 2007 | Domain hijack
Three days ago, I reported on a GMail security flaw resulting in the theft of my domain name.
Today, I am delighted, humbled and relieved, to announce that davidairey.com is now back in my possession.
To say I’ve been overwhelmed with the response is an understatement, and I can’t thank you all enough for your help.
News spreads like wildfire
Soon after publishing my story, I found I was receiving floods of visitors from NYTimes, Digg, StumbleUpon, Reddit, Lifehacker and many other online sources.
50,000 daily visitors crashed my web server, but only for a short time as ICDSoft.com (my web hosts) where very helpful. They worked outside the normal remit of their services to change my previous article from a dynamic PHP web page to a static HTML web page, setting a rewrite rule to redirect all visitors to the latter. This greatly reduced the server load, allowing my shared server hosting plan to cope with the influx.
In the process, I learnt how to do this myself, which should stand me in good stead for any future rushes of web traffic.
How did I get my domain back?
After reading my story, some of you contacted me, saying that you know the CEO of GoDaddy.com, Bob Parsons, and that you would get in touch with him, asking if he could help.
Soon after, I was contacted by Karen, one of Bob’s very friendly and helpful colleagues, asking me to complete an Undo of Change request form. This involved me supplying an image of my drivers licence for photographic ID, and hand signing the form, then emailing a scan. The completed document would allow GoDaddy to negate the transfer process that took my domain name from ICDSoft to their systems. The form said to allow three business days for an intitial response, but some email ping-pong during the last few hours resolved the process much faster. For this I am very grateful. Thank you Karen.
I was requested to open a free account with GoDaddy, and supply them with my customer account number. This I did, and soon after I was again the rightful owner of davidairey.com.
I accept my share of the responsibility
I’ve read in the comments on other websites that I deserved what I got, and that to use Google’s free GMail service for anything business-related is naive. This is a valid point. I detest shifting blame onto another person or organisation for any matter, but here’s the crux: I’m almost sure my story wouldn’t have received the attention it did if the headline read something like:
My naivety allows hacker to steal domain
Don’t you agree that this (below) sounds more newsworthy?
Google’s GMail security failure leaves my business sabotaged
I’ve been steadily picking up some copywriting tips over the past year, and whilst I still have a lot to learn, in this case I reckon I put them to good use (thanks Brian).
I made the choice to use my blog as a weapon against a criminal, and if that made it sound like I was pointing the finger of blame, that’s something I’m prepared to accept.
What about the cracker?
No, it’s not a Christmas pun. I’ve been informed that cracker is the correct term for the criminal who stole my domain name:
Just to let you know, the filthy person who did this to you is referred to as a “cracker” not a “hacker”. A hacker is someone who tweaks things to their purposes. A cracker is a low-life who attacks other people with malicious intent. There is a big difference.
Many of you have been digging around the net, searching for clues and pointers as to who / where this thief is. You’ve been using the cracker’s email address I supplied, posing as potential buyers of my domain name to extract more and more personal information.
It would appear that the thief has been selling stolen domain names for some time, and advertising his loot on various web forums. The current consensus sets the physical location as Iran, which ties in with the Persian language used for certain email addresses. There has been so much information flooding in that it’s fair to say I’m not the only one who has been attacked by this miscreant.
During the next week or two I’ll be sifting through what has been uncovered, then deciding on possible further action. In the meantime, if you want to continue your kind help, by all means get in touch.
What’s of more immediate concern is this… If you have any SEO advice on how to prevent further damage to my search rankings, I’d be extremely grateful.
How do I halt the damage to my search rankings?
With control over both davidairey.com and davidairey.co.uk, the question now is which one should I use as my primary address?
Indeed, perhaps it doesn’t even matter which one I use, providing a permanent 301 redirect is set from one to the other. I’ve found that a UK-based Google search for David Airey lists me higher now (with the .co.uk) than it did with the .com. Given that my local market is in the UK, the right move could be to remain with the .co.uk, rather than revert. What are your thoughts?
I’m guessing the next step is to set my .com address to a 301 redirect to the .co.uk.
Any help at all would be superb, although I feel as if you’ve already done more than enough.
Thank you very much
When something like this happens, you don’t expect so many people to offer their help.
It’s testament to the good-will of the blog community that this situation is well on the way to recovery. In fact, the criminal has opened my website up to a whole new audience, who I otherwise wouldn’t have reached. As some of you have already commented, ‘any publicity is good publicity’.
If you believe that there’s anything I can do to help you in return, don’t hesitate to contact me, and I’ll respond as soon as possible.
My other blogs
I author two more weblogs, both graphic design related, and you can view them by clicking on the banners below.
My other weblogs
36 Comments »
Comment by Tim F | December 28, 2007 | 8:18 am
David, congrats on the restoration of your domain. Best of luck in the future!
PS - your htaccess link is tossing a 404 error :-)
Comment by David Airey | December 28, 2007 | 8:20 am
I’ve just moved my co.uk domain to it’s own hosting account, separating if from the .com as Matt Cutts suggested. We’ll see what happens in the next month or so with my rankings.
This means that all the previously posted comments can be found on my other domain: www.davidairey.com (need to think how to get around the duplicate content issue, but I’m working on that now.
All the best, and I’ve fixed my htaccess link.
Comment by mike | December 28, 2007 | 8:21 am
Glad to hear you got your domain back. I’m actually surprised that GoDaddy went out of their way to help someone to be honest. I have all my domain names, and a hosting account through GoDaddy and whenever I need support and send out a technical support email inquiry, I get an email from a tech saying “Sorry can’t help you with this, but if there is anything else you need please don’t hesitate to email us again” no matter what the question may be in regards to..but never the less, congrats!
Comment by Jared Schwager | December 28, 2007 | 8:29 am
Wow! That’s great news! Glad to hear everything’s back to normal.
Comment by Michael | December 28, 2007 | 8:34 am
I think it’s fine to use GMail for business purposes. Many people do. There’s a few things you can do to make it safer (these apply to any mail service out there, really):
* Always use https when accessing the webmail. By default, GMail uses http. Just go to (and bookmark) https://mail.google.com/
* Set up a regular email client, like Thunderbird, Apple Mail, etc, to access GMail via IMAP. This will pretty much make your mail access immune to cross-site scripting attacks.
Comment by Matt | December 28, 2007 | 8:47 am
Great stuff. So glad to hear that you are back online.
I agree with the comment from Michael about using Thunderbird to access gmail emails - Thunderbird 2.0+ has options that allow gmail accounts to be added very swiftly.
Best of luck.
Comment by Poul Escobar | December 28, 2007 | 8:48 am
Great to see that you’ve got your domain, and it seems like you had alot of backup from various people, hope the best for you and your domain in the future, and hopefully you will get a new business email :D
Anyways, great readings as well.
Digg the nation!
Comment by Brad | December 28, 2007 | 9:23 am
Glad to hear it David. When I first heard this I thought you might be in for a long battle in the courts which may have taken years.
Glad to see this got resolved, nice work Mr. Parsons.
Comment by Corey | December 28, 2007 | 9:35 am
@Michael - Gmail only uses regular http after you’ve logged in. They DO use https when sending your login/password. There is a Firefox extension that keeps all Google domains locked to https. It’s called CustomizeGoogle.
http://www.customizegoogle.com/
Comment by Matt G | December 28, 2007 | 9:47 am
Your story inspired me to step-up my security. If I were to lose any of my domains it would be tragic. Thanks for sharing and congratulations!
Comment by Markus Diersbock | December 28, 2007 | 9:57 am
Good you got your domain back.
Bob is a cool guy, NetSol wouldn’t have been as helpful.
Comment by Michael | December 28, 2007 | 9:59 am
Corey, the issue is that your session cookie is available in the clear when using HTTP. Any web application can be hijacked by taking its session cookie, not just GMail. For example, you’re using public WiFi in a Starbucks. The guy next to you is running AirSnort/Wireshark/tcpdump/etc. and grabs your cookies out of the air. He can then send requests to the web application as you. Using https prevents this.
Comment by rob | December 28, 2007 | 10:12 am
“Given that my local market is in the UK, the right move could be to remain with the .co.uk, rather than revert. What are your thoughts?” I think you’re right in redirecting the .com, Dave. I believe there is a penalty for sites with replica data on two separate sites, but I could be wrong on that.
Wordpress has an awesome redirect tool. Looks like you’ve already got that figured out. Glad you got your site back, dude.
Comment by Jordon | December 28, 2007 | 10:16 am
I am glad to see you got your domain back, but I would encourage you to continue your quest to at least hinder, if not stop the cracker. If he manages to walk away from this free and clear, nothing will change and he will take advantage of another unsuspecting domain owner.
As far as which domain to proceed with (for SEO); I would try and decide which domain has gained the most traction and then do 301 redirects from the other until the traffic dies down. A 301 redirect will take a link at your .co.uk and switch it over to the .com equivalent (or vise versa). And furthermore it would tell places like Google that this ‘move’ is permanent and that it should update its index accordingly. So slowly all of the internet bots will learn that your content has moved.
I would be more than happy to explain more and help you set this up in your .htaccess file. Just let me know.
Comment by Rob | December 28, 2007 | 10:20 am
Congrats, David!
I like GoDaddy - they’ve been pretty helpful for me in the past, much better than Network Solutions, who doesn’t seem to care about anything ..
Comment by Sami | December 28, 2007 | 10:27 am
Excellent you got the domain back. New technology brings out new pests.
This security hole has been found at least on 24th of September by Bedford.org, and has been since fixed by GMail. However, if you do have that extra filter in your system, it remains there after the fix.
Read more:
http://frogthroat.blogspot.com/2007/09/gmail-vulnerability.html
Glad you got the domain back, though.
Remember the only way to stay safe: FireFox + NoScript
NoScript is one of the three addons I use for FireFox.
Comment by TzuVelli | December 29, 2007 | 11:40 am
David,
Good to hear you got control of your .com back. It is scary to think that someone can take control of a domain so easily. But, the silver lining to this is whole sordid affair is that so many people came together to help you with this issue. It really says a lot about you as well as the blogosphere.
Beau Hooks
Comment by Michael Czajka | December 29, 2007 | 8:36 pm
Hi,
Glad it didn’t cost you much in the end.
Other than a bit of time.
:-)
Comment by Dwayne Charrington | December 30, 2007 | 2:33 am
Scenarios like this are sadly a growing problem on the internet today. People have too much time on their hands and sadly an XSS attack can be done easily by some 14 year old and Google.
I’m glad to hear you got your site back, you’ve made me step up my websites security myself.
Good luck with your cyber-chase.
- Dwayne Charrington.
Comment by Alex Bogak | December 30, 2007 | 6:06 am
Hey David
I dugg for you and I’m happy that diggers and other media helped you out!!!
Its amazing what people can do together :-)
Comment by Jermayn Parker | January 1, 2008 | 7:42 pm
Good to see it all back!
I personally would not keep .co.uk and .com seperate
Comment by Merci | January 2, 2008 | 3:12 am
Congratulations and a Happy New Year ! I’m glad you succeeded in overcoming that cracker’s dastardly deed. Cheers and best wishes.
Comment by David Airey | January 3, 2008 | 8:08 am
Please bear with me whilst I catch up with the massive back log of emails I’ve amassed, and accept my apologies for not being able to reply more personally.
Every Digg, Stumble, email and comment helped enormously, and I hope you have a fantastic 2008!
Comment by ceaGallery | January 3, 2008 | 2:21 pm
hello, i am very happy to hear that you got control of your .com domain. i think you should keep the .com as the main address. it is more international and can be easily remembered. happy new year
Comment by DeeJay | January 9, 2008 | 6:13 pm
I’m glad to hear good news.
Happy New Year!
Comment by Zaigham | January 21, 2008 | 5:56 am
I am glad you got your domain back.
All the best! :)
regards.
Comment by Rich | January 23, 2008 | 12:24 am
Great story and recovery. May I suggest you have your logo at the top of your blogs link to your homepage? This will allow people like me to easily see your homepage, without manually editing the URL. (I am aware there is a home button, but a logo link is standard.)
Comment by Genesis | January 26, 2008 | 10:35 pm
I just lost all my domain names to someone who hacked directly into my GoDaddy account. Still have no idea how to proceed. :(
Comment by Klanjabrik | January 28, 2008 | 2:41 am
nice publicity for GoDaddy,
anyway, glad to hear that you get your .com back…
Greettzz…
Comment by Tim | February 15, 2008 | 9:24 am
Thank you for this true story. It remainds once again that we should always think about security.
Tim.
Comment by Matthew Dudek | March 19, 2008 | 11:32 pm
Actually I have a handful of sites:
www.medimicro.com
www.ScanNerdz.com
www.HisBridge.com - A little out-of-date, Sorry. College is kicking my backside.
I just read your saga thanks to an iGoogle plugin from Wired.com. Thanks so much for sharing this. I’m happy things did finally work out- what a nightmare!
Good luck to you!
Matthew
Comment by BMT | March 28, 2008 | 11:32 am
I wanted to let you and everyone reading your blog that what you experienced with GoDaddy is not out of the norm. I do not know anyone that works there, nor do I know the CEO, but the level of service I have received since becoming a customer of theirs has been exceptional. They are quick to respond to problems and always friendly and patient. The fact that they were on the other end of this situation probably save you a lot of time and headache. From past personal experience, some of the other registrars would not have been so willing to help. Network Solutionsevil
Comment by John C | March 28, 2008 | 11:21 pm
Godaddy gave your domain back ONLY because of publicity you were gettting..
Here is a link … Godaddy is actually AGGRESSIVELY stealing domain names from its own customers …
An exclusive detailed Insider’s /whistleblowers Tip here !!!!
You be the judge !!!
http://baddaddy.angelfire.com/index.html
&
http://www.nodaddy.com
or dup
http://www.angelfire.com/baddaddy/
Buyer be aware!!!
Please inform others asap !~!!!!
Comment by Franca Richard | April 14, 2008 | 7:01 am
Congratulations good result!
Comment by DJ Krimson | April 24, 2008 | 4:26 am
Happy that you got your domain back dude…
good luck to you
djk
Comment by Kathy Bennett | May 9, 2008 | 4:43 am
If your target customer base is in the UK then you should always promote the *.uk based domain name as the primary domain name for your search engine rankings.
Domain names with a country specific extension such as .co.uk are classed as second level domains and those with .com, .net etc. are classed as top level domains. (.com is was originally country specific for the USA but that’s another story and for the purposes of this explanation just clouds the issue).
When you use a search engine such as Google, there is some initial filtering based on the domain extension which is country specific. Therefore if you are promoting a .com domain name in the UK you just have to work a bit harder in your optimization.
If your target market is global then the reverse is true i.e. you should promote your .com domain name.
Comments RSS.
Leave a comment