Collective effort restores David

New York Times logo

Three days ago, I reported on a Gmail security flaw resulting in the theft of my domain name.

Today, I am delighted, humbled, and relieved to say that is back in my possession. I’ve been overwhelmed with the response, and can’t thank you all enough for your help.

Soon after publishing my story, I found I was receiving floods of visitors from NYTimes, Digg, StumbleUpon, Reddit, Lifehacker and many other online sources.

50,000 daily visitors crashed my web server, but only for a short time as ICDSoft (my web host) was very helpful. The ICDSoft team worked outside the normal remit of their services to change my previous article from a dynamic PHP web page to a static HTML web page, setting a rewrite rule to redirect all visitors to the latter. This greatly reduced the server load, allowing my shared server hosting plan to cope with the influx. (Here’s a 25% discount on hosting with ICDSoft.)

How did I get my domain back?

After reading my story, some of you contacted me, saying that you know the CEO of, Bob Parsons, and that you would get in touch with him, asking if he could help.

Bob Parsons

Soon after, I was contacted by Karen, one of Bob’s very friendly and helpful colleagues, asking me to complete an Undo of Change request form. This involved me supplying an image of my drivers license for photographic ID, and hand signing the form, then emailing a scan. The completed document would allow GoDaddy to negate the transfer process that took my domain name from ICDSoft to their systems. The form said to allow three business days for an intitial response, but some email ping-pong during the last few hours resolved the process much faster. For this I am very grateful. Thank you Karen.

I was requested to open a free account with GoDaddy, and supply them with my customer account number. This I did, and soon after I was again the rightful owner of

Update: April 1st 2011
I ended-up storing 10-15 domains in my GoDaddy account, but I’ve since moved away from the company, mainly for this reason.

I accept my share of the responsibility

I’ve read on other websites that I deserved what I got, and that using Google’s free Gmail service for business is naive. Perhaps. I hate shifting blame onto another person or organisation, but here’s the crux: I’m almost sure my story wouldn’t have received the attention it did if the headline read something like:

“My naivety allows hacker to steal domain”

Isn’t this (below) more newsworthy?

Google’s Gmail security failure leaves my business sabotaged

I’ve been picking-up copywriting tips over the past year, and although I have a lot to learn, I reckon I put them to good use (thanks Brian).

I chose to use my blog against a criminal, and if that made it sound like I was pointing the finger of blame, so be it.

What about the cracker?

No, not a Christmas pun. I’ve been informed that cracker is the correct term for the criminal who stole my domain name:

“Just to let you know, the filthy person who did this to you is referred to as a “cracker” not a “hacker”. A hacker is someone who tweaks things to their purposes. A cracker is a low-life who attacks other people with malicious intent. There is a big difference.”

Many of you have been digging around the net, searching for clues and pointers as to who/where this thief is. You’ve used the cracker’s email address I supplied, posing as potential buyers of my domain name to glean more personal info.

It seems the thief has been selling stolen domain names for some time, advertising his loot on various web forums. The consensus sets the physical location as Iran, which ties-in with the Persian language used for certain email addresses. There has been so much information flooding in that it’s fair to say I’m not the only one attacked by this miscreant.

During the next week or two I’ll be sifting through it all, and will decide on further action.

What’s of more immediate concern is this… If you have any SEO advice on how to prevent further damage to my search rankings, I’d be extremely grateful.

How do I halt the damage to my search rankings?

With control over both and, the question now is which one should I use as my primary address?

Perhaps it doesn’t even matter which one I use, providing a permanent 301 redirect is set from one to the other. I’ve found that a UK-based Google search for David Airey lists me higher now (with the than it did with the .com. Given that my local market is in the UK, the right move could be to remain with the, rather than revert. Not sure.

I’m guessing the next step is to set my .com address to a 301 redirect to the

My htaccess file (which I’m not too clued-up about) is available for you to look at, and in the short-term, at least those previously referred .com visitors are arriving once more.

Any help at all would be superb, although I feel as if you’ve already done more than enough.

Thank you very much

When something like this happens, you don’t expect so many people to offer their help.

It’s testament to the good-will of the blog community that this situation is well on the way to recovery. In fact, the criminal has opened my website up to a whole new audience, who I otherwise wouldn’t have reached. If you believe there’s anything I can do to help you in return, don’t hesitate to contact me, and I’ll respond as soon as possible.

← Older post

Newer post →


  1. Happy to see it’s back again… and that you could get new visitors through the media coverage…

  2. That’s great news David – and so cool that you managed to get on the NYTimes with the story.
    I would probably agree with the domain as being your base – as it’s true that your primary logo design customers are from the UK, and it would make more sense if you ranked higher in

  3. Thanks Sam.


    I was surprised, to say the least, when I saw visitors arriving from the New York Times website. I hope you’re keeping well.

  4. Mads Kjaer

    I’m glad you got your domain name back.

    Use the domain name for now. Most of your customers are from the UK, so it’ll be a lot easier for them to find you in UK search engines. Of course, if you want more international work, you should probably go with your .com name.

  5. I’m not so sure, I would keep the .com, you can still get good rankings on

  6. Good for you. I guess no more free emails for your portfolio huh?

    err.. why not just set one of the two servers (.com and as a mirror? That way you’ll be able to withstand digg-rape. Costly but with your site’s new found popularity, less downtime.

  7. Hey David! Excellent – I posted some SEO advice about transferring your link Juice – about maybe 10 – 15 mins before you put this post out!!! I think its waiting moderation – so ignore it and here are the two most useful links.

    Start the FULL SEO process to get the juiced up for your SEO positions:

    If You still unsure, give me a shout and we can work through it. I am sure hundreds of others will want to help…

  8. Fantastic news that the .com has been returned to it’s rightful owner. The whole experience has left an unpleasant taste in the mouth and serves as a reminder to everyone to lock everything down. Sorry it happened to you.

    Personally I would run with the address for business and branding purposes. Redirect the .com address so you don’t lose visitors. Folks coming to visit you to read the site because they’ve read previous stuff will find you and bookmark new address (or subscribe to feed) and new UK visitors looking to use your services will find you easy enough.

  9. Congrats, very happy that you got back your domain.

    I prefer “.com” – easier for existing and new readers to remember.

  10. I’m glad you got everything back to normal, it is awesome that GoDaddy was able to go as far as they did to help you out with everything.

  11. Outstanding David – I’m so glad to hear it is all cleared up. Great to know that so many came to your aid!

  12. Hi,
    Just another thought – if you are going to stick to .com, you need to try and get all the older links (quite a number) to changed on external sites. Use this to locate these and start emailing people.

    Also, I would suggest putting up a new post, something along the lines:
    “Do you link to me? Please update the URL!”, and submit it to Digg, Sphinn etc, that way, those who recognise you and your URL will be alerted to the change. I am sure because your situation has been noticed by thousands of people, the post will get picked up and recirculated, helping you regain your link power.

  13. Oops – please note the ;ine “if you are going to stick to .com” should read:
    “if you are going to stick to”

  14. Mads,

    I’ve been seeing more and more of my old .com articles appear in Google with the address, only not as high in the search rankings. There’s some updating obviously occuring, but how much I’m unsure.


    Again, it’s great of you to submit my story around the net. Very kind to spend the time doing that.


    I’m not familiar with mirroring, but anything that helps lessen the burden on my web host’s servers sounds good to me. Can you give me any more info?


    Thanks for those links to SEOmoz. I know that’s a great place to start looking into things. Good of you to post the comment on two different articles too, so I definitely read it, and I’ll take your suggestions on board.


    I appreciate your advice. I’m swaying towards the, what with the updates I’m seeing in Google.

    I can always set up a .com email address so my business cards are still valid, and tell people to visit If it directs to my website then that’s all good.


    Thanks for your preference. As I mentioned to Mike, people could always still say .com when referring to me, as long as it directs to the Don’t you think?


    It is superb what GoDaddy did to help out. I’m considering transferring all my domains to them, as Karen has been filling me in on their security procedures, and it sounds great.


    Thanks for your support, and absolutely, it’s amazing that so many people offered to help! A certain Tom wanted to pay the ransom for me, so I could track the thief through his bank details. Amazing.

  15. Good news! Glad everything is resolved. :)

  16. F. Ferraz

    Just letting you know that being a godaddy customer, I emailed them with my concerns right upon reading your story. I was happy to have received an email from them this morning, letting me know that your account was back on its feet. I’d like to think I made a difference :)

    Anyways, I’m sure the last few days been a hell of a ride for you, and you have no regrets, after all, talk about exposure!


  17. Thank you Beth Ellen.

    F. Ferraz,

    That’s very kind of you to email GoDaddy on my behalf. Every little helps, and you’re right – some welcomed exposure for me!

  18. What a great story. It ended up happily.

  19. Have you filed a criminal complaint, yet, for fraud, theft,and extortion with Interpol? How about a criminal complaint with ICANN?

  20. Wonderful news! I’m so happy to see this end well!

  21. Good news, and good work :-)

  22. So I guess I wasn’t seeing things last night.

    It’s great to see that GoDaddy cares!

  23. David, happy days indeed.

    .com is easier to say and remember…

    but let us know whatever you end up going with so we can get our links pointing the right way :-)


  24. Hey David, I’m glad (and slightly amazed) that you managed to get the .com back. Congrats.

  25. David, what wonderful news! This has been such a whirlwind for you in the past few weeks and it’s good to see the nice fellow finish first.

    And yay for GoDaddy…they did a good thing and deserve the good press in return.

  26. “I’ve been seeing more and more of my old .com articles appear in Google with the address, only not as high in the search rankings. There’s some updating obviously occuring, but how much I’m unsure.”

    Thats where the 301’s will help move it faster – make a list of all the .com urls still in the SERP’s and 301 them to the corresponding ones.

  27. Hi David,

    I was little late in reading your latest article about getting your .com domain back and meanwhile added a support message on my website. It will remain there till the time you want and for the keyword you want. It’s just a small initiative from my side for your whole episode of domain hack.

    While writing this, I got an idea, give me a cool “include the code” kind of thumbnail or message and I will replace it with existing one to link to you and will ask for help from other bloggers to link back to you to gain your top ranking for “logo designer” for domain.

    Let me know if I can do anything else for you. I offered paypal money in previous comment for your legal battle, but looks like you don’t need it after getting the domain back. Still if you need it by any chance, please drop me a message, and I would help out in maximum possible way from my side.

  28. You were right to lay blame at the foot of gmail. It’s a copout to say that gmail is still in beta. Google is a big company, they are big boys who are playing big games, and they have to take responsibility (like they take lots of money). Probably the people saying “gmail is still in beta” work for google. I depend on gmail and google apps for your domain for everything, and I have been with them for years now, and have put the absolute trust of my business and personal life in them. I even teach my children to ignore their teachers who try to get them to use other search engines. Security experts like Steve Gibson and Leo Laporte have been talking about how gmail security is the linchpin for all of our other security, since google services are so far above the quality of other services that they have become essential–any compromise in gmail security compromises our entire online life–i know it would for me. Because they had talked about this in one of their recent security now episodes I think the online community had been sensititized to the issue before you were cracked by this guy, and that probably contributed to the support you received (also apparently there was some big karma which got directed to you).

    Thank you for having the courage to stand up and refuse to pay, and I am very happy that you got back control over your original domain name, and God bless you.

    Google–don’t use the copout excuse that gmail is in beta. By the way, I think google is starting to get so big that bureaucratic inertia is taking over. That’s the impression I get from meeting with a group of their staffers recently. They seemed, even, slightly evil. Maybe they won’t be behemoths forever, although they’re still way ahead of Microsoft and Yahoo.

  29. Awesome, congrats. I’d use the uk address though.

  30. Oh David! I am so happy and relieved for you!! And some good did end up coming out of this like you’ve said: the publicity. Wow! And I’m so glad you didn’t have to pay for anything, legal costs or otherwise.

    I don’t think the title of your last post was anything short of sensational. You got the attention you were looking for and it helped you get your domain back. What a wonderful feeling it must be to be supported by so many people (though quite unfortunate you had to find out this way!). The online community really rallied to your cause in disgust of someone who would steal a domain.

    I have heard that distinction between hacker and cracker (I always think of a “safe cracker” as in someone who breaks into bank vaults).

    So would you name the return of your domain as your best Christmas present to date? ;) Again, SO happy that you got your domain back and good for you for sticking to your morals and values and not giving this cracker one penny of your hard-earned money.

  31. Now, I am so happy this turned out well for you.. The only part I am stuck on is the part about godaddy just giving your domain back with a driver license. Can you image someone saying their domain was stolen and sending a copy of a drivers license? I know you were in the right, but would it be this easy for someone in the wrong? I have been following this story for days, I think your steps have been absolutely great. You are the kind of person I could learn from..

  32. Glad to hear everything’s fine now :)

  33. Hi David

    Nice to see you’re just about sorted.

    In terms of using .com or remember that within webmaster central google now allows you specify your geo target for domains ending .com

    I don’t think yahoo and msn currently offer such targetting – though I could be wrong.

    If your work is based online, presumably you can design logos for anyone around the world and therefore .com makes sense?

    Maybe there is less competition in the UK search results for your chosen keyword phrases – so less could equal more (work)?

  34. David, Congratulations!!! I’m really glad this story of yours had such a happy end! Plus it brought your RSS feed count to 3000 – whoa! :-) I think you’ve already helped us a lot by sharing your story and all your steps towards getting back your domain, it will tremendeously help others in your situation (of course, I wish no one goes through this domain cracking nightmare). If you redirect .com to how about all your old article URLs? Would you need to redirect them separately?

  35. Congrats David!

    So not only did the ‘cracker’ not get away with this particular scam but you got some great (free) publicity. It seems this bad turn of events could actually turn out to be good for your company! Talk about backfiring for the guy big time; seems he’s the one who got screwed and good.

    As far as the domain name? I’d do a forward of the .com to your, that way your business cards are still correct and people can reach you no matter what they type in. I’d also suggest that you buy .net as well to keep this criminal from cashing in on your new-found publicity.

  36. Congrats David!! I feel so happy for you.
    This has been something that really took me by shock, and now that it’s over, I’m glad, that it did. I’ve been a regular feed reader for you blog, and have been following the story close, throughout.

    Now, I’m a bit apprehensive about using gmail. Or, browsing other sites while my mailbox is open.

    And, to say, you’re among the people I consider my rolemodels, in blogging.
    Congrats David again, for keeping at it and finally winning.

  37. Great news David! I use Gmail too for pretty much everything….I’m starting to second guess myself on this move after your situation.

    What will you use now for email if not Gmail?

  38. Congrats on getting it back… I was cheerin for ya.

  39. Glad to hear everything is back to normal. I have been following your ordeal for the past couple of days and it seemed like quite a process. Keep up the great work David.


  40. Fantastic news, David. I’m thrilled. Wish you every success in 2008!

  41. Hey David,

    I’ve been following this and Glen Alsopp (above) submitted it to Sphinn. Myself and others have sphunn it so you should get more attention from the search marketing community soon, as it’s near making the front page.

    As to whether you’re better off with .com or, Aaron Wall had a good item showing that local versions of google rank sites with ccTLDs (and local hosting, I think?) higher than generic TLDs. See here.

    And for future reference, I posted something about using Google Trends to help you pick out the right ccTLD domain for SEO purposes:


  42. David, glad that you got your domain back – it’s really great that the whole blogging community came together and helped you get it back. And I think any comments trying to shift the blame onto you, is really irresponsible and unwarranted. As far as the .com vs as you mentioned the should give you a little more love in the uk google results, and anyone coming to the .com if you went with the 301 redirect should arrive safely at the but then there is the question of the link juice from the .com and whether the 301 will pass that love; I think in my personal opinion i would go with the setup as you have. Hope 2008 brings you great rankings and lots of new customers and all your domains secure and in your possession :)

  43. Hey David – I’m very glad that you’ve got your domain name back. I’d say keep the dot com as that’s what most people think of when you mention a domain name. All the best in 2008!

    — Dev Basu

  44. That’s great to hear David. It’s always fulfilling to see the good guy win.

  45. I think this is going to become one of those textbook answers to the question of why building a community around your blog is endlessly worthwhile.

    You’ve always bent over backwards to get to know your readers, and show them that you appreciate them. More so than any other blogger I know.

    It’s nice to see that the community was able to do something for you this time. :D

    As for the domain issue, all I can say is that a would put off off-shore clients. A .com isn’t going to put off UK clients though. Perhaps the .com is better for that reason?

  46. Glad to see order has been restored.


  47. If you could add a little more about how others might be able to follow your procedure that might help the many others who’ve had domains taken via GoDaddy. This post will be quite findable via Google, and it would be great if it contained some additional information for those trying to deal with GoDaddy in situations like this. For example:

    “To recover our stolen domain that was stolen as a result of Godaddys failure to provide even the most basic common sense checks and balances protocols to intercept fraudulent cancellations and transfers we will have to go to the WIPO! We will have to hire a legal firm that specializes in WIPO/ICANN law and pay $1,500.00 to ICANN to impanel a few impartial arbitrators to render an opinion!”

  48. Very happy to hear you got it back, David, and I would concur that keeping the domain as the main domain, and 301’ing the .com to it is probably the best way to go.

  49. David, congrats on getting the domain back!

    You’ve gotten a look at how the UK domain ranks for your name for the countries that you care the most about. It sounds like the might eventually rank even better for you (I guess every cloud has a silver lining).

    But you also want to move a little slowly to make sure that you get everything back to normal first. My advice: go back to the .com like you were using it before. Leave the domain alive but keep separate content on it (e.g. why not leave up the story of getting cracked on the site?). Then give everything a month or so to settle, let Googlebot recrawl your site, etc.

    Then after everything has settled in a month or two, that’s when I’d consider switching to the Remember the first rule of debugging (and it often applies to SEO too): if you can get away with only making one change at a time, that makes it much easier to see the impact of your change.

  50. David,

    I came across your story yesterday on how you got hacked and I had put myself in your shoes because if this would have happened to me, it would kill my income.

    It’s awesome to see a great company like godaddy work with you like this and it’s great that you got your domain name back. Good luck with your future projects!


Leave a Reply