Web design sites hit by domain theft

By Craig Grannell on | 10 comments

CSS-Tricks and others affected by extortion scam

Web design sites hit by domain theft
CSS-Tricks and others affected by extortion scam

As outlined by Chris Coyier in a post on CSS-Tricks, a number of sites in the web design community have had their accounts hacked and domains stolen. The perpetrator has attempted to extort thousands of dollars from the domain owners, demanding money for the return of the domains. The registrars and hosts involved are varied and have also differed in their responses, ranging from quick and helpful acts of cooperation to miring owners in bureaucratic wrangling. In the case of kirupa.com, Coyier remarks that "NetworkSolutions currently doesn't believe Kirupa Chinnathambi that he was the original owner of the domain, which is batshit crazy."

We spoke to three of the site owners affected by the scam to see what was going on. Designer and entrepreneur David Appleyard told us while it was hard to be certain that design blogs were specifically targeted, "based on the fact that the hacker was ultimately trying to extort people, I expect he was going after domains and sites that were large enough to have a decent income".

As for how the domains were stolen, developer David Walsh said that "the possibility of a specific domain registrar being hacked was dispelled by the wide range of registrars affected", and he thought it was his email that was compromised: "Email filters were created to hide the transfer request and account change emails from me, and the domain was moved right from under my nose." Appleyard and Daniel Adams, Chief Editor of InstantShift both suggested password issues were to blame. Appleyard admitted to using the same password for his domain host and elsewhere, although said, "it was complex enough that guesswork alone was unlikely". Similarly, Adams was, at the time, using the same password across his domain host and Gmail account.

Domain rescue

In order to guard against this happening to you, those involved suggested ramping up the complexity of passwords, not using the same one for any two services, and utilising two-factor authentication where possible. Appleyard added that this kind of situation is easier to resolve when caught early, and suggested "regularly checking the WHOIS entry for your domain, or using a monitoring tool to receive an immediate report if anything changes".

Should your domain be stolen, contact the registrar you use as soon as possible, since only they can initiate a reversal request. Adams adds that keeping in sync with multiple communication services might assist regarding proof of identification. Walsh said that if your registrar is slow to reach, it's also "important to contact them quickly and often to increase their urgency – email daily, tweet many times a day, write on their Facebook wall. Make it perfectly clear that you aren't going anywhere until they return your domain."

At the time of writing, the fortunes of those hit by the scam were mixed. Appleyard considered himself fortunate, because the fraudster didn't change his site's name servers: "This meant our site remained online for all but a brief period, and we haven't suffered from any extensive downtime." But Adams told us "the last five days have been stressful, especially when the hijacker removed our name-servers". He added that downtime and bad web performance costs money, is taken into account by search engines, and can even be interpreted by people as a sign of incompetency. "Also, there's no mail support related to domain, so we're cut-off from our readers."

Walsh's situation is somewhere in-between, with registrars responding well, but with little urgency. "My blog was only down for a day, so my sponsors haven't missed too much," he told us. "But from a personal standpoint, this incident took a large toll on me. My blog has helped me get jobs, travel to Europe to speak at events, and meet lots of great developers. The thought of losing the domain I've worked so hard to promote is terrifying. I've spent dozens and dozens of hours contacting the various parties involved to get the domain back, still without result. It's shocking my accounts could be so easily compromised – it's been a scary, scary wake-up call."

10 comments

Comment: 1

wstn
I'm not saying its flawless, but I don;t understand why anyone wouldn't use something like 1Password, different and extremely complex 24 char passwords for every account I have, makes sense to me!

Comment: 2

Nothing surprises me these days! Although this is the first I've heard of this kind of thing happening.

Comment: 3

jaddays
Including a forum on your site can bring people of a common industry or interest together to discuss upcoming events, current problems, and other interesting ideas and thoughts. These forums can grow very large very quickly. And, in the meantime google tech talks, your website traffic increases. Stick an ad on the forum and bring in more sales from people that you already know have expressed interest in your industry web promotion tools.

Comment: 4

In a magazine article or advertisement, often the graphic designer or art director will commission photographers or illustrators to create original pieces just to be incorporated into the design layout. Or the designer may utilize stock imagery. Thanks a lot.
Regards,
web design company

Comment: 5

Magazines can be distributed through the mail; through sales by newsstands, bookstores or other vendors or through free distribution at selected pick-up locations. Sales models for distribution fall into three main categories. Thanks.
Regards,
Chandler Real Estate

Comment: 6

Branding has increasingly become important in the range of services offered by many graphic designers, alongside corporate identity. Whilst the terms are often used interchangeably, branding is more strictly related to the identifying mark or trade name for a product or service, whereas corporate identity can have a broader meaning relating to the structure and ethos of a company, as well as to the company's external image. Thanks.
Regards,
car insurance Texas

Comment: 7

Web design is the process of planning and creating a website. Text, images, digital media and interactive elements are used by web designers to produce the page seen on the web browser. Web designers utilize markup language, most notably HTML for structure and CSS for presentation as well as JavaScript to add interactivity to develop pages that can be read by web browsers. Thanks.
Regards,
how to make your penis bigger

Comment: 8

Design philosophies are usually for determining design goals. A design goal may range from solving the least significant individual problem of the smallest element, to the most holistic influential utopian goals. Design goals are usually for guiding design. However, conflicts over immediate and minor goals may lead to questioning the purpose of design, perhaps to set better long term or ultimate goals. Thanks.how to make your penis bigger

Comment: 9

Designers should be able to solve visual communication problems or challenges. In doing so, the designer must identify the communications issue, gather and analyze information related to the issue, and generate potential approaches aimed at solving the problem. Iterative prototyping and user testing can be used to determine the success or failure of a visual solution. Thanks.
Regards,
Joinery Contractors

Comment: 10

Some website building platforms called Content Management System's allow novice user's to update and change their existing content and to a lesser extent the site designs, without having to know complex code. User's can perform visual edits rather then the usual coded edits which gives the users free range to edit the sites themselves. Thanks.
Regards,
find email
June issue on sale now!

The Week in Web Design

Sign up to our 'Week in Web Design' newsletter!

Hosting Directory
.net digital edition
Treat yourself to our geeky merchandise!

site stat collection