From the BlogSubscribe Now

Why Me?

Why me? I’ve had a lot of downtime on the site in the past few days. If it isn’t incompetent host management, it’s evil people taking over my domains.

The Great Domain Hijack

This is supposed to be a photography blog, but I’ve spent most of the past week fixing problems. As you can tell from my last post on the Big Blackout, my site was down due to technical reasons with my hosting provider. Once that issue got fixed, my site was knocked down again for most of the weekend. If that wasn’t bad enough, I discovered on Monday that every domain I own was hijacked and redirected to another site.

I’m too old for this shit.

Seriously, who has time to hijack someone else’s domains? I barely have enough time in the day to finish my own work, much less screw around with someone else.

As much anger as I feel for the person who stole my domains (I’d like to wring his odious neck), I’m actually more upset with GoDaddy for its inept security practices. This is the second time that someone called their support line, claimed to be me, and was given complete control of my account. They only changed one domain last time in June, but this time they did a wholesale change of the name servers on all of my domains.

In layman’s terms, that’s a royal pain in the ass to fix. It’s an inconvenience to my readers. It also hits me in the wallet, because some of my sites are designed to sell.

Here’s the problem. You need relatively little information to authenticate access to an account if you call GoDaddy. Yes, they have two-factor authentication available to protect you from web attacks on your account. That’s nice, but GoDaddy tech support is happy to help anyone who calls up and claims they forgot their password…oh, and my e-mail address also changed. No problem! The tech supports will happily comply with hijacking your account as long as you know the following information.

  • Name
  • Account Number
  • PIN
  • Last Six Digits of Credit Card

All you need is one piece of information from either column and you have the keys to the kingdom. I doubt anyone knows my PIN. My own mother doesn’t know my PIN. My credit card number is a different story. You see news reports all the time about hackers who compromise databases with thousands of account numbers. It’s hard to say just how many people actually have your credit card number, or access to it.

Why Me?

I have no idea. Maybe it’s personal. Maybe it’s just luck of the draw. I’m not going to worry about it, since worry won’t change what happened. Instead, I’ve learned from it. I’ve also changed every single piece of information about my account, including the name and account number, the credit card, PIN, password and the original color of my mother’s hair. That’s the best I can do for now, since I certainly can’t depend upon GoDaddy to tighten up its lousy security policy.

If someone wants to try again, maybe I can distract them with this photo.

Why Me?

Embed This Image On Your Site (copy code below):

About William

Author, Photographer and IT Manager. I have a fondness for chocolate. I also own Suburbia Press and Aperture vs Lightroom. Follow me on Twitter at @wbeem.

Comments

  1. Kevin Graham says:

    Ever notice this crap rarely happens to those without tech savvy? Holly Hobby Etsy Craft Store never gets hosting redirects.
    Either way, glad your back!

    • True, but I also wonder how much traffic Holly gets. I suspect the intention behind this attack was to redirect traffic from my site to make sales on his site. The problem is that I doubt anyone who comes to my site would have been interested in buying from an obvious bait & switch hack.

  2. Todd Burgess says:

    Computer issues like you have experienced lately can lead to
    what I call the Kerrigan Effect. They
    make you want to sit on the floor and keep crying “Why, Why, Why”

Speak Your Mind

*