LinkMoney.org

Posts Tagged ‘godaddy’

The recent spate of domain thefts that has occurred and some of which was reported here on LinkMoney (dot org,) has caused me to revisit my Gmail account and analyze whether or not I want to make any changes in my email security settings or in the use of Gmail for secure information.

When you are thinking about setting up a web based email account and you start thinking about things like “google mail com” you will obviously come to the “Gmail Register” page.  I have to admit, I Love Gmail. I was an early adopter and really loved the convenience of using Gmail accounts for all of my various and sundry Internet forays.  It is very easy to set up.  Once you obtain a Gmail address it is used throughout all of the Google domains, such as Adsense, Analytics, Calendar, Search, and on and on…

In other words, you open your complete identification and every single move to the Google bots.  No problem as long as you don’t care about what information a giant all encompassing humongous network of computers, all controlled by one company, collects data on you, like forever…

I live a pretty clean legal lifestyle and don’t really have anything to hide.  But, do I really want all of this stuff out there in the cloud completely columnarized and searchable by any one that has access to the data?  I think not, but alas it is already too late for me.

That said, there are SOME things that I think might be better deleted from my Google history.  I decided to start with the situation that made me delve into this train of thought to begin with.  That is my association with GoDaddy.

In each of the recent cases of domain theft that was storied a plenty, like HERE:  I Can Steal Your Website and HERE:  Stolen Website Returned and dozens of other places, it was reported that in all cases that  the  GoDaddy account holders that had been compromised also had been using Gmail addresses.

Hmmm.  Could it be a Gmail problem?  Matt Cutts from Google said that their security division was looking into it, and a few days ago on one of the mail lists that I subscribe to there was an announcement purported to be from Google that there was no security flaw in Gmail.

Well I am going to tell you about one very scary flaw that I discovered this morning on my own machine, but first I want to continue with my first train of thought.  So I decided that just in case, maybe it would be better to tighten things up a bit.

First, I changed my Gmail password, which hadn’t been changed in over a dozen or so years, maybe longer, ever since I had an account.   Now that doesn’t sound too difficult but it is a pain in the butt for every time you login from a new source or an offsite computer, or check your account setting, or sign into Adsense or sign into Analytics, etc., you have to go through the whole procedure over and over.  No problem, small price to pay if it makes you more secure right?

Second I went to GoDaddy and changed the password of my account there. Good, felt better.  Don’t get too complacent yet.

Then I got to thinking, why not go through all of my old Gmail messages and filter all of the GoDaddy messages, then archive them somewhere, and then delete them all from my Gmail account?

Guess what?  You can’t do that.  There is no method that I have been able to find that allows you to bulk forward, or save to your hard disk, any archived messages.  I checked in my control panel, online Google help, Gmail forums and anywhere else I could think of.  As a matter of fact in one of the Gmail FAQs they specifically say that you can not do that.  Bummer.  That is not exactly a great feature Google.  Duh.

So here is what I did for the past three hours.  I created a Gmail filter for all mail that came from GoDaddy and created a command that will forward ALL FUTURE messages from GD to my https secure email address that came with my ISP hosting account.  The operative word here is “future.”   There is no way to bulk forward all of the previous messages.

Not wanting to be beat by this, I went through each and every previous message from GD and manually forwarded them to my ISP email account, and after I heard the reassuring little blunk sound from Outlook Express that a new email had been received I then manually deleted that Gmail version.

Now there were three pages of messages from GD so this took a while.  I did not bother with the customer satisfaction surveys and the junk mail that GoDaddy constantly sends out, but all of the registration information, account names, passwords, etc., all went to my secure account.  Then I deleted them from Gmail.

Now here is the flaw that I discovered when I started digging into this in the wee hours of this morning. I have many Gmail accounts.  I have a couple of main ones that I use depending upon which hat I am wearing, but then there are many that were set up when I started a new website and wanted to have differing addresses for.  Owning or administering over a hundred websites, this can become a quagmire.

Lo and behold as I was going down through the list of names of my Gmail accounts that I had set up, I saw one that I did not remember setting up, though it had a slight twinge of memory associated with it.  Here is what I discovered.  Someone that called them self Tamara Underwood with a Sierratel.com email address WAS IN MY LIST OF PERSONAL GMAIL ACCOUNTS! What the Hell!

How could that be? I started digging in to finding out more about this name and the email account shown and found out that she/he had been in my Gmail account list SINCE 2001 !  Then the vague memory that I mentioned above kicked in and I do sort of remember this name and that at the time I also had all kinds of computer grief.

At about that time my main computer and my laptop both got infected with multiple viruses that eventually caused me to give up, reformat and reload Windows, because all of the tools at hand were not able to remove the problems.  I never tied the name Tamara to this problem, but it must have been so.

Through searching on Google I found where the same person had posted crappy nonsense comments on dozens of Blogs and message boards during 2001-2002.  In each case the comment would tell the reader to contact them at that email address.  So probably I did so, even though I know better now and never answer anything like that, I might have back then, and that is no doubt how the viruses got on my machines.

But it still does not answer how the heck that person could have gotten their email address in my Gmail forward to mail list?  Do you think that they have been receiving copies of all of my emails for these many years?  That does not seem likely or my life would be in a much bigger mess than it is.  It seems more likely that they somehow might have access to my computer and use that account to send out spam messages.  But still it is scary.  How could it happen?

I would say that this is a security flaw Google. Someone else with a California ISP address being in my Gmail list should NOT be allowed.  I’m sure you could put the blame on me after so many years.  I just vaguely remember the situation, but I am ABSOLUTELY POSITIVE that I NEVER knowingly inserted that email address into my own account.

So what about you readers?  Do you think this is an email security problem? Did you go to the Gmail Register page?  Check your accounts.  A little housekeeping might be in order.  Our readers would love to hear from any of you that have had similar problems with email security, or if you have any questions or comments on this specific article.  Leave a Comment.

Now I have to go through and do all of the above for each of my other five domain registrars and website hosting companies.

See you in the spring.
Rich

Thanks to everyone that read this story and weighed in with your thoughts and suggestions.

The massive outpouring of support for MakeUseOf dot com was phenomenal.  The rightful owner of the blog just made a post that GoDaddy did return it after 24 hours and he said that it would not have happened without the help of all the bloggers and tweeters that kept GoGaddys feet to the flames.

We are very happy that it worked out, and again, thanks for all your support.

Rich Hill

ps:  What do you all think, should MakeUseOf initiate legal action?

This has nothing to do with ICANN the Internet Corporation for Assigned Names and Numbers, but they certainly ought to be involved in a major policy change.

The domain of the very popular website MakeUseOf.com has been STOLEN! This was reported by Daniel Scocco during the night on his Blog DailyBlogTips.com.

The report says that MakeUseOf was being hosted on GoDaddy and that GD allowed the domain to be transfered away from the owner to somewhere in Dubai. GoDaddy no doubt will cover their ass by saying all security terms were met, but I say Bull Shit! Get better security terms!

How can this happen? MakeUseOf has over 20,000 subscribers, I being one, and we all enjoy the tips and free information given out contiuously be MakeUseOf.

This is a Nightmare, a Horror Story fitting for the Halloween season for sure, but sadly true and how will it be resolved?

What would you do if your baby was stolen and taken to a foreign country?

This industry needs better security methods similar to what the online banking industry uses such as, multiple security codes, a primary image associated with the account, two security questions, a mouse pointer select keyboard, and anything else that someone could come up with.

I did notice that one method being offered by some registrars is to limit activity to a specific IP address. That way transfers could only come from one specific computer. That seem like a good idea to me, what do you think?

For now you should make sure that you use DIFFERENT passwords for all of your domains, your administration panels, your hosting company accounts, and so on. Use multiple email addresses for different accounts.

What do you think? Can anyone come up with ideas on how to make this more secure. Lets talk about it. This HAS to be fixed.

Come on GoDaddy, fix this and return MakeUseOf to the rightful owner.

Rich Hill

UPDATE – UPDATE – UPDATE:

MakeUseOf has a temporary home on blogger until this gets fixed.  go there and give them your support.

http://makeuseof-temporary.blogspot.com/2008/11/make-use-ofs-temporary-home.html

As was postulated on the previous posting of this dot ME subject, GoDaddy Giveth and GoDaddy Taketh Away.

So after receiving a receipt and then a confirmation email that I was the proud new owner of three bouncing baby websites with a dot me extension, I was elated. Cigars all around.

Well that birth was aborted. GD sent an email about an hour later that said they were real sorry but those domains had been previously sold. Remember that term “Previously Sold !” they also said I would get a full refund for the money that I gave them in one business day. Remember that term, “One Business Day !”

So yesterday I got a very nice telephone call from Jennifer at GoDaddy. She was really very sorry that they had to strip me of my happiness. (My description, not what she really said, but what she meant anyway.) I was not upset in the least, thanked her for calling, told her GoDaddy was my least favorite registrar and that I mostly did not like their “In Your Face” crappy website. They CONSTANTLY try to sell you something, buy this, buy this, buy this.

Jennifer said I would be getting a full refund within “48 Hours.” 48 Hours from when? What happened to the one business day? GoDaddy got to use many millions of dollars to draw interest on for a few days, you can just bet on that, and in my opinion they knew just EXACTLY what they were doing.

I actually was very nice to Jennifer. It is not her fault she works for a shitty company. Oh by the way, “if there was anything that I wanted to purchase today while she was on the phone, that GD would consider a slight discount.” …

So after reading many other messages about this whole mess I found out that there was a new website to auction off dot ME domains that there had been more than one buyer for. So I went to the dot ME auction website and surprise! Two of the domains that I had bought and paid for were listed on the GoDaddy auction site. Turns out that they had not been sold to someone else after all. Someone on another Blog called this Bait and Switch. Is it?

So I tried to register to bid in the auction. I was told I did not have permission. So I sent an email to GD very politely asking how might I get permission to register for the auction. I received an email this morning from GD that said they were very sorry but only people that had made purchases and then had them taken away would be able to register for the auction. Huhh? WTF?

So I very politely sent them another message back stating that I was one of those same unfortunates and gave them my receipt number. We’ll see what happens today, but I think the auction starts tomorrow. so this just might be a way to shut out every one except GD’s best butt buddies. I’ll let you know what happens.

Think BlueHost people, and I’m not even going to insert my Affiliate Link.

Tell us what you think about this whole raw deal. Are we going to soar to new heights with our favorite dot ME domain, or crash and burn into a brick wall? Leave your comments below.

Use the little Orange button at the top to subscribe to this Blog and we will keep you posted.

Rich

*** PLEASE – PLEASE – PLEASE – Do me a favor, especially if you are pissed off with GoDaddy. Please use your favorite social bookmarking tool to vote for this Blog. Mostly I would consider it a VERY special favor if you would take some time to DIGG this Blog. If we can get a high enough DIGG count then more and more people will learn of this mess and maybe something can be done about it. ***** (DIGG it!)

Shoemoney posted a blog yesterday about the new TLD .ME to become available on Thursday July 17, 200 at 8:00am Pacific time. I knew that this was going to be happening soon but had not paid much attention to it.

So after a lot of discussion in the comments section of Shoemoney Blog, I got hooked.
http://www.shoemoney.com/2008/07/16/me-landrush-starts-8am-pst-tomorrow/#comment-77594

Last night I made a hot list of about a hundred domains that I thought would be really really cool, knowing full well that I would not be buying more that two or three, but Hey I can dream can’t I?

Well naturally even with all best plans to lurk over the keyboard with my finger poised watching the second hand just like on an Ebay snipe, I totally forgot about it. LOL

So about noon Eastern time I signed on to GoDaddy and sure enough the dot ME was being sold. So I started down my list, SOLD, SOLD, SOLD, SOLD, etc, etc. You get the idea. Then lo and behold I got one! Then another, then another! What a shock. I’m not going to brag about what they are yet because some of the discussion on Shoemoney was that if domains had multiple requests, they would go in a bidding war.

I don’t know if that bidding war stuff is real or not, I can’t find anything in the fine print, and I did get a receipt and then a confirmation email. Incidentally I used the coupon (gdp0422v – Save 20% off $75 or more.) It saved me over twenty bucks.

You pay $19.99 per year with a two year minimum, so it isn’t exactly a bargain domain name.

What do you think about this new domain name .ME? It is the country domain name for Montenegero, but anyone may purchase one, as far as I know. We reported in a previous post on this Blog about ICANN opening up possibilities for any TLD name that you want. Read about the ICANN Paris announcement on a previous Link Money dot org post.

Can you think of some good .ME names? As I understand it there are no two letter names available, but I did snag a good three letter one.

Would you take a gamble on a dot ME domain name? It might tie up your money for a while and then if the scuttlebut is any where near true, you might even lose it after you have made the purchase. In that case I guess GoDaddy would likely have many millions of dollars in their interest bearing accounts before they have to issue a refund.

Let us know what your thoughts are on the .ME domains.

(Click on comments below.)

Read more on this dot ME Fiasco on another Link Money dot org post.