Why me? I’ve had a lot of downtime on the site in the past few days. If it isn’t incompetent host management, it’s evil people taking over my domains.
The Great Domain Hijack
This is supposed to be a photography blog, but I’ve spent most of the past week fixing problems. As you can tell from my last post on the Big Blackout, my site was down due to technical reasons with my hosting provider. Once that issue got fixed, my site was knocked down again for most of the weekend. If that wasn’t bad enough, I discovered on Monday that every domain I own was hijacked and redirected to another site.
Seriously, who has time to hijack someone else’s domains? I barely have enough time in the day to finish my own work, much less screw around with someone else.
As much anger as I feel for the person who stole my domains (I’d like to wring his odious neck), I’m actually more upset with GoDaddy for its inept security practices. This is the second time that someone called their support line, claimed to be me, and was given complete control of my account. They only changed one domain last time in June, but this time they did a wholesale change of the name servers on all of my domains.
In layman’s terms, that’s a royal pain in the ass to fix. It’s an inconvenience to my readers. It also hits me in the wallet, because some of my sites are designed to sell.
Here’s the problem. You need relatively little information to authenticate access to an account if you call GoDaddy. Yes, they have two-factor authentication available to protect you from web attacks on your account. That’s nice, but GoDaddy tech support is happy to help anyone who calls up and claims they forgot their password…oh, and my e-mail address also changed. No problem! The tech supports will happily comply with hijacking your account as long as you know the following information.
- Account Number
- Last Six Digits of Credit Card
All you need is one piece of information from either column and you have the keys to the kingdom. I doubt anyone knows my PIN. My own mother doesn’t know my PIN. My credit card number is a different story. You see news reports all the time about hackers who compromise databases with thousands of account numbers. It’s hard to say just how many people actually have your credit card number, or access to it.
I have no idea. Maybe it’s personal. Maybe it’s just luck of the draw. I’m not going to worry about it, since worry won’t change what happened. Instead, I’ve learned from it. I’ve also changed every single piece of information about my account, including the name and account number, the credit card, PIN, password and the original color of my mother’s hair. That’s the best I can do for now, since I certainly can’t depend upon GoDaddy to tighten up its lousy security policy.
If someone wants to try again, maybe I can distract them with this photo.
Embed This Image On Your Site (copy code below):