my domain has also been stolen April 28, 2002 11:35 AM   Subscribe

In the vein of and, my domain has also been stolen. I have no idea what to do about this. I'm stuck in rural Ontario on a brutally slow dialup connection, and it's tough to do anything internet-related out here. Is there anything I can do? [more inside]
posted by Succa to General Weblog-Related at 11:35 AM (59 comments total)

The domain was set to expire on June 1st, so it seems illogical that it could be taken right out from under my eyes. Don't they have to wait until it expires? I'm a little undereducated on the whole domain thing. How did this happen? I registered the domain with, a couple of years ago, so I'd recommend moving your domain as far away as possible from them.
posted by Succa at 11:35 AM on April 28, 2002

If you can verify that the domain wasn't set for renewal anytime soon, you should approach namesecure and ask them what went wrong.

It does appear to be a theft, and not a lapse, the domain claims to have been created yesterday, when we all know you probably had it for 2-3 years previous.
posted by mathowie (staff) at 12:13 PM on April 28, 2002

A traceroute on the URL confirmed what I suspected when I read your post, Succa. The culprits are Ultimate Search, a Hong Kong based company known for this kind of thing. It happened in March to the British Poetry Society. They finally got their old domain name back from Ultimate Search free of charge, mostly because of massive publicity and an angry general public (stealing from a poetry site? how low is that?).

I don't have any great suggestions but best of luck. Maybe you can email the British Poetry Society and ask them for pointers.
posted by gutenberg at 1:09 PM on April 28, 2002

The email address of Ultimate Search is
posted by iconomy at 1:19 PM on April 28, 2002

why do they do this? does that directory need to be replicated all over the internet for some profit reason, or are they just jerks for fun?
posted by rhyax at 2:03 PM on April 28, 2002

Succa - I'll pitch in and post this to my blog as a way of spreading the word. Unfortunately my traffic ain't all that and I can't say it will help much. Hopefully you can get some high traffic blogs (maybe textism and boingboing, who I know posted about to mention it, and even more hopefully, some "legit" journo will pick up the domain theft story. (I'm looking at you here, Wired News.) Unless someone has a battery of high-powered attorneys standing by, the only thing we can do is try to generate some publicity.

Needless to say, we should all chip in as, well, *points finger at camera ominously* It Could Happen to You.
posted by D at 2:34 PM on April 28, 2002

do you think the links should point/say the same thing, D? if so what/where?
posted by rhyax at 3:01 PM on April 28, 2002

do you think the links should point/say the same thing, D? if so what/where?
yes! a big fat googlebomb for ultimate search!
posted by quonsar at 3:31 PM on April 28, 2002

Okay, I've emailed namesecure. No reply yet. Thanks for your help everyone. Here's the thing: how does something like this happen? I assume there is some kind of forgery of my account information going on, since it never lapsed. Do they just call up namesecure and say "Hello I am Nick Taylor, transfer domain name here please"?? If that's all you gotta do, then what's preventing me from stealing, say, from under Bill's eyes?

As for a Google bombing, I'm all for it. Perhaps something in the MeFi tradition? Shit Weasels? [this is bad]?
posted by Succa at 3:39 PM on April 28, 2002

in all honesty, i've been getting antsy about having my own domain. i think that when the renewal period comes up i may leave for a hosting solution that would not require a domain registration. (along those lines, does anyone have any information on hosts such as those?)
posted by moz at 3:48 PM on April 28, 2002

For what it's worth, Domain Monger lets you lock your domains so that short of logging onto their management servers as you, and changing the settings, no one can send email, spoofed or valid, to make changes to your domain registration -- not even you.
posted by crunchland at 3:57 PM on April 28, 2002

moz, I hope you don't mind if I email you with regards to your question.
posted by iconomy at 4:42 PM on April 28, 2002

Googlebombing: I used shitbag, my new favourite word, but that may not be the best approach. I think what you want is for people searching for ultimate search or namesecure to get an anti-namesecure page high up in the google listing. So we'd need to use the company name in the link and make the link point to an anti-namesecure / ultimate search site or post. This is what Matt did with critical IP, anyway. With what I did, all it means is that people searching for "shitbag" get ultimate search, and, well... do we care what people searching for "shitbag" think?

Anyway I'll go along with whatever plan & change my post accordingly. Wheee!
posted by D at 4:44 PM on April 28, 2002

my new favourite word

"Searching For Shitbag""
"Shitbag In Seattle"
"Deperately Seeking Shitbag"
"Crouching Tiger, Hidden Shitbag"
it has a certain ring...
posted by quonsar at 6:07 PM on April 28, 2002

Shitty Shitty Bag Bag.

Now that has a ring to it.
posted by Kafkaesque at 7:02 PM on April 28, 2002

Damn, here is a news article that is almost two years old, and yet the story is the same. Domain names are just inherently insecure and not worth locking down by verisign, icann, and/or opensrs I suppose. Doesn't give me much hope for the future.
posted by mathowie (staff) at 8:07 PM on April 28, 2002

is this legal? i can't imagine that it can be.
posted by Hackworth at 8:37 PM on April 28, 2002

If someone would draft a standard letter people could send to UltimateSearch about - preferably polite, to ensure a positive response("by some oversight", etc) - I'd be glad to send it on. As would others, I'd bet. Anyone with good PR skills and a lawyer friend would be ideal.
posted by MiguelCardoso at 10:16 PM on April 28, 2002

I'm all for taking the polite route if it means I'll get the domain back. If that doesn't work, well, I'm not above utter carnage.

What's the motivation for UltimateSearch to own my measly domain? It seems bizarre that they'd pay money to do this (providing they did pay money, of course).
posted by Succa at 10:32 PM on April 28, 2002

Ultimate Search seems to have done something like this at least once before (recently), to the site of an organization called The Poetry Society -- but with a happy resolution, according to them.

(This situation is different, though, at least in that the domain in question was stolen before it expired.)
posted by mattpfeff at 10:34 PM on April 28, 2002

Re: Miguel's idea. I'd definitely love to send some e-mails if it would do any good, and I'm sure I could convince a measly 10-15 others to do so. Someone get this going, eh? (I also would add some g-bombing to my blog if it came to that, so post details for that too, if that's the chosen road.)
posted by Ufez Jones at 10:40 PM on April 28, 2002

Tom Field, an intellectual property professor of mine, has written an extensive article about flaws in the domain naming system and the way the current system just breeds this type of thing. It's a long article, but well worth it for those interested in this.
posted by anathema at 10:55 PM on April 28, 2002

I am in agreement with and would support in whatever small way possible (i.e. signing/sending a form letter, covering it in my blog etc.) to ensure that succaland goes back to its owner.

I dont have any firsthand knowledge of what is going on here. But from what I read here and elsewhere, it appears to me that Domain name hijacks have been happening all over the place and with increasing frequency.

I think so long as we have a system that is so susceptible to abuse, these things are going to continue to happen. What is more, many people who lose their domains may not know about or may not have access to the kind of resources that has.

I think what is really needed are:
-Identifying the key players who are abusing the system and documenting those abuses
-Identifying and documenting the ways in which NetSol and/or organizations like it that are exploiting users
-Identifying and documenting the loopholes in the system

-Working towards consistent coverage in mainstream media
-Identifying an organization (I am sure there is some org or other which would like to fight towards sorting out this mess) which is ready to take reforming domain name management system as a key item in its agenda. Failing that, we should try to set up a loosely organized volunteer org. that can work with different communities that can be used as a filter for identifying abuses. This organization should both highlight abuses and figure out what kind of structural changes are needed to ensure that such abuses dont happen. Sooner or later, public awareness will get raised high enough for a mainstream organization to want to have a part of the action.

-Identifying a good PR firm and a law firm that are ready to do probono work now (hopefully towards building equity amongst reasonably tech savvy people that may pay off for them down the line)

I hope there would be at least some people here who have a certain degree of internet brand equity and a background in advocacy who may want to kickstart this. I am willing to spend some hours every week to help out. I am sure if someone asks in mefi, slashdot, plastic and a couple of other forums you would get hundreds of volunteers (including people who are capable of running with it until it starts getting somewhere).

I hope this is not too naive. What do you guys say?

posted by justlooking at 11:05 PM on April 28, 2002

Succa: yes, start polite and then escalate. All that's important is getting back what is rightfully yours, right? Leave carnage and revenge as an open option. Although I'm an ignoramus, I feel this particular act of theft was carried out along with many others, in some bundled raid. If the culprits get enough emails(even 10 would be effective, as long as everyone changed the wording and stated they were bona fide users of'll probably cave in, as long as there's some lawyerly talk, about expiration dates and copyright.

If not - well, watch out! :)
posted by MiguelCardoso at 11:05 PM on April 28, 2002

It's crucial we all act well before June 1st. In my ignorance, but judging from fellow members' comments, the expiration date seems to be our main trump.
posted by MiguelCardoso at 11:11 PM on April 28, 2002

Great detective work Miguel!
posted by crasspastor at 11:51 PM on April 28, 2002

Last week I did something of an inventory of the various domain names I've accumulated over the years, with the plan of moving them all to the same low-cost registrar, perhaps Go Daddy or Gandi. In the meantime I thought I'd transfer my last Network Solutions domain. Everyone have a horror story about them, right? I started the transfer to Domain Direct and almost immediatly got a phone call from them telling me that they wouldn't do the transfer because the contact information for my account and for the domain I wanted to transfer were completely different, which was true. I thought that was pretty impressive.
posted by tranquileye at 7:50 AM on April 29, 2002

Succa, where are you located? I'm in Ottawa.
posted by tranquileye at 7:58 AM on April 29, 2002

I wrote Ultimate Search a polite email this morning and just received the following reply:
Yes, he could email us asking for it back, and provide his contact information so we know how to transfer the domain.

Also, we've received several emails from people accusing us of stealing the domain, while all we did was register a domain that appeared abandoned at the time. We'd appreciate it if he could put some kind of disclaimer on his site making it clear that we did not steal the domain and we gave the domain back free of charge.

Ultimate Search, Inc.
Sounds like if you contact them they will tranfer the domain back.
posted by tranquileye at 9:46 AM on April 29, 2002

"appeared abandoned"? Not bloody likely. But the emails worked. Good show. Wouldn't you just love to know what they were planning on doing with a domain called succaland?
posted by iconomy at 10:03 AM on April 29, 2002

> while all we did was register a domain that appeared abandoned at the time

I'm curious how they would think that the domain was abandoned. I hadn't looked at succaland in a while, but last time I was there it was chock full o' Nick goodness. Far from abandoned. It seems that a quick trip to the domain would prove that it was not abandoned.

> We'd appreciate it if he could put some kind of disclaimer on his site

How is he supposed to put a disclaimer up when he doesn't have his site?

posted by LeiaS at 10:05 AM on April 29, 2002

There were some DNS-related issues with my site for a few days prior to it becoming Your One Stop Viagra Portal. The DNS entry just seemed to disappear, and the site was up and down for about a week. Maybe that's what consitutes "abandoned". But since it hadn't expired, isn't it still theft?

I've emailed them now, and I'll let everyone here know how it goes. Thanks again for your help, MeFiosos.

oh tranquileye: I'm in Ashton right now, west of Stittsville, almost an hour from downtown Ottawa. Population of Ashton: 50ish.
posted by Succa at 11:13 AM on April 29, 2002

I emailed Ultimate Search yesterday (politely) and namesecure (admittedly a little less politely). I haven't heard from the latter yet but I got a reply this morning from Ultimate Search and got a similar "site appeared to be abandoned" business.

My gut feeling is that namesecure is responsible for the whole mess. I think Ultimate Search just grabs up whatever they can get from various DNSs. It's the responsiblity of the DNS to make sure they're not selling off sites they shouldn't. Whether or not namesecure fesses up is another story.

Has anyone heard back from the ill-named namesecure yet?
posted by gutenberg at 11:34 AM on April 29, 2002

It sounds like Ultimate Search is one of just a number of companies that are using autoamted scripts to query the known domain database (whois) and any time their results show that a domain is free for registration it automatically goes through the registration process. Another company notorious for this is called Mailbank, which owns thousands and thousands of domains.

However, since was not set to expire until June 1, something obviously went wrong and Ultimate Search was able to register the domain thorugh their automated process.

Outright domain stealing has been known to happen. Look up the history of and you'll find an interesting story involving deceit, lawsuits, etc.

I think the best course of action for those of us who still control our domains is to transfer them from registrars who have proven their security/process is lax (i.e., NetSol) and park them with registrars who have a better process for handling domain registrations and changes. You can also go ahead and pay for multiple year's worth of domain registration fees. This will give you more ammunition should you find your domain name stolen or misappropraited in the future. Keep your receipts and emails. Also keep some kind of record that you were operating a web site at that domain. FTP logs, for example, which you can get from your ISP should you end up in court.
posted by camworld at 12:02 PM on April 29, 2002

Neither Ultimate Search nor Namesecure has replied to me yet.

Cam's post makes me think that we should start assembling info on various registrars, maybe set up a website where these thefts can be fully documented for the public. And perhaps a "Domain Security" FAQ or something, to let people know the tricks used by domain poachers and how to safeguard against them. I treat these people on a lower level than I would spammers: they've outright stolen from me, and public awareness is necessary if it's ever going to stop happening.
posted by Succa at 12:27 PM on April 29, 2002

word's getting around. you've made daypop's top 40 (scroll down to #23)
posted by Ufez Jones at 3:10 PM on April 29, 2002

So I suppose we don't drop the bomb until we've given namesecure time to respond?

Drat! *closes bomb bay doors*

Overall awareness raising about domain theft would seem to be a good idea. I'd love to know which registrars are reliable, and which aren't, and I'd love to see some of the things justlooking is talking about put into place - although I don't have any of the skills required, of course..

But jeez. At the very least NetSol should have to drop the "power of trust" catchphrase and should become

Whoops, on preview, the bomb may already have gone off.
posted by D at 3:13 PM on April 29, 2002

Well, I realize it's something of a cliché to say "awareness is our only hope" or whatnot, but I don't see how these thefts can be prevented unless someone's reputation is at stake. Namesecure just sat back and let this happen, and I'm sure if it affected their bottom line (via bad publicity), the outcome would be different next time. If these registrars aren't held accountable at some point, it's never going to stop happening.

(Still no reply from either company, btw)
posted by Succa at 3:26 PM on April 29, 2002

Succa, I'm not a practicing attorney, but I have a number of friends who are. Taking Miguel's suggestion above seriously, I sent a friend an email this morning after reading this link. He and I write a blog on legal issues in Delaware together. I included the link to this thread, and asked him if he would consider drafting something for you pro bono, to send to Ultimate Search, Inc., and to the domain's registrar. I also asked if he would consider posting a copy of the letter on the legal blog, since your site isn't available. His answer follows:

Hi Bill,

Yes, I am interested.

I would like to proceed slowly and carefully. I am concerned about unauthorized practice issues, and I would like a letter or e-mail from the client setting out all details so as to be able to make a due diligence research.

I think it is doable....I would just like to proceed in a deliberate manner.

Also, we would need to get the authorization from the client to post the letter.


It looks like Ultimate Search, Inc., might be willing to resolve this problem from tranquileye's post, but if you feel that an attorney writing a letter to the companies involved might make a difference, please let him know. His email address is listed on the blog linked to as my Homepage URL, in my profile.
posted by bragadocchio at 3:35 PM on April 29, 2002

"Thanks for your help everyone. Here's the thing: how does something like this happen? I assume there is some kind of forgery of my account information going on, since it never lapsed. Do they just call up namesecure and say "Hello I am Nick Taylor, transfer domain name here please"??"

Nick, NameSecure requires a notarized, signed letter to be sent to them (via snail mail) to change any type of registrar information. You can change technical and billing contacts online, but not the main registrar. I would contact them to fax/mail you a copy of the letter sent verifying the registrant changes.
posted by 120degrees at 5:04 PM on April 29, 2002

I got an email from Ultimate Search (after emailing them about this) and they said that NameSecure uses month-day-year, not day-month-year date formatting. So they say that your domain expired on January 6, not June 1. I don't know if this is true, but it would take the blame off of UltimateSearch (although I still think buying up private domains is still questionable) and place it squarely on NameSecure's shoulders if they didn't send you notice.
posted by untuckedshirts at 5:19 PM on April 29, 2002

Do you feel the love, Succa? Do you feel it?

Kudos to the members of MeFi, as usual, for pulling through for their compatriots. Hope I'm not speaking too soon, but it looks like this one might just have a happy ending.
posted by stavrosthewonderchicken at 6:05 PM on April 29, 2002

If the domain expired on January 6th, could it still point to my site even in late April? Is that possible?

I'd like to go the non-attorney route if possible, but I'd definitely consider that possibility if it comes down to it. Right now I think we're all still lost here...did it lapse or was it stolen? I don't want to be too hasty in drawing a conclusion. Is Namesecure obligated to contact me about renewing my domain? I haven't heard anything.
posted by Succa at 7:03 PM on April 29, 2002

I should mention that I can still receive email at nick AT, which I find a little bizarre.
posted by Succa at 7:09 PM on April 29, 2002

I tried to reach Succaland today and hit on that stupid site, and immediately feared the worst. This sucks, Nick... I hope you can get it back soon, and I'll join the pack if you decide to exact Angry Mob Justice.

Gotta wonder though, what on earth did they hope to accomplish with the domain :)
posted by Bernreuther at 7:10 PM on April 29, 2002

If the domain expired on January 6th, could it still point to my site even in late April? Is that possible?

One would assume not. Do you have any bank/credit card statements or old emails from when you registered the domain or renewed it last? That would let you know for certain.
posted by bargle at 9:54 PM on April 29, 2002

Don't forget that the domain claims to have been created last week, even though it is at least a couple years old. It looks like a domain screw up. theft, or something.
posted by mathowie (staff) at 10:51 PM on April 29, 2002

I would guess that companies that advertise with sites like Ultimate Search aren't all that concerned about where the traffic comes from, so long as it comes. I doubt any serious dent could be made in their bottom line with an approach like that.
posted by danwalker at 6:34 AM on April 30, 2002

just yesterday i'd gotten the mail that verisign has been sending to non-customers recently. blech.
posted by moz at 8:29 AM on April 30, 2002

I think I am going to register:

and point all my domains to it, that way I won't have a "desirable" domain and not have to worry about such bullshit as this.

posted by camworld at 9:32 AM on April 30, 2002

Don't forget that the domain claims to have been created last week, even though it is at least a couple years old.

But what happens if it lapses? Does the domain not need to be re-created? I'm still perfectly willing to accept the possibility that the domain lapsed and they just grabbed it.

What's so hot about

Hey, now what are you trying to say? :-)
posted by Succa at 9:37 AM on April 30, 2002

I'm looking forward to checking out this in the near future, as soon as the robbery is put right. I just hope it's as wonderful as all you guys say. ;)
posted by MiguelCardoso at 11:02 AM on April 30, 2002

It's not. It's much, much better.
posted by bradlands at 11:55 AM on April 30, 2002

But no pressure, or anything.
posted by iconomy at 11:59 AM on April 30, 2002

whenever i think of succaland, i think of that story with the college football player at the bar... hope you get it back, 'cause i want to read that again.. ;o)
posted by lotsofno at 12:05 PM on April 30, 2002

Still don't know how succaland got listed as a brand spankin' new domain. Just look it up in Google and there's pages of listings for it. You can look at the cached pages—many of the images don't show up but the text is all there. I saw dates ranging from early 2001 up until the middle of last month.
posted by gutenberg at 1:56 PM on April 30, 2002


The answer to the question of,

"Can a lapsed domain still point to my web-site months and months after it's lapsed?"

I give a resounding, "Yes!" So long as your server is still up, it's quite possible, and I think it's because many registrars are either lax about clearing up old accounts, or are gracious enough to give you time to renew. (No, I don't work for a registrar, heh heh.)

The more important question now would be... when's the last time you've paid for the account? If someone else pays it for you... when's the last time they've paid it? Sounds to me as if the domain might actually have expired (just gauging from the uncertainty on your behalf.)

The date mix-up (June 1st, January 6th) is possibly the culprit; the neglect on the behalf of your SP to send you a renewal request could also factor in.

It's highly possible that you were sent a renewal notice, and you didn't realize it. I use Eudora; new e-mails are supposed to appear at the bottom of the inbox, sometimes they end up at the top, and get missed. Other folks that I know notice that problem, something about the date on the incoming e-mail. Check your box, who knows?

posted by precocious at 4:04 PM on April 30, 2002

Namesecure is telling me it lapsed, although they're not sure when. They're not sure about much. They're also not sure about sending me a reminder, or not sure about any dates or times. I never received a reminder, and I use PINE, which clumps all new emails at the bottom so I never miss them. All in all, still not sure about what happened and still looking for a new domain name.
posted by Succa at 9:50 PM on May 2, 2002

Guess I spoke too soon about things working out all right. Sorry to hear you haven't gotten a satisfactory resolution, Nick.
posted by stavrosthewonderchicken at 7:11 PM on May 3, 2002

« Older A litterbox for pooflinging   |   Editorializing on the front page Newer »

You are not logged in, either login or create an account to post comments