Three days ago, I reported on a Gmail security flaw resulting in the theft of my domain name. I’m humbled and relieved that today I’ve got davidairey.com back. The response was overwhelming and can’t thank you enough.
50,000 daily visitors crashed the server of my web host, but only for a short time as the folk at ICDSoft were extremely helpful. They worked outside the normal remit of their services to change my previous post from a dynamic PHP web page to static HTML, setting a rule to redirect all visitors to the latter. This greatly reduced the server load, allowing my shared server hosting plan to cope.
How did I get my domain back?
After the domain loss came to light, some of you told me you knew the CEO of GoDaddy.com, Bob Parsons, and that you would ask if he could help.
Soon after, I was contacted by Karen, one of Bob's very friendly and helpful colleagues, asking me to complete an Undo of Change request form. This involved me supplying an image of my drivers license for photographic ID, and hand signing the form, then emailing a scan. The completed document would allow GoDaddy to negate the transfer process that took my domain name from ICDSoft to their systems. The form said to allow three business days for an intitial response, but some email back and forth during the last few hours resolved the process much quicker. Thank you Karen.
I was asked to open a free account with GoDaddy then supply them with my customer account number. Shortly after and davidairey.com was back with me.
Update: April 1st 2011
I ended-up storing 10-15 domains in my GoDaddy account, but I’ve since moved away from the company, mainly for this reason.
I accept my share of the responsibility
I've read elsewhere that I deserved what I got, and that using the free Gmail service for business is naive. Maybe. I hate blaming others, but the crux is that I’m almost sure my story wouldn’t have received the attention it did if the post headline read something like:
"Naivety allows hacker to steal my domain"
I thought this would be more newsworthy:
I used my blog against a criminal, and if that made it sound like I was pointing the finger, so be it.
What about the thief?
"Just to let you know, the filthy person who did this to you is referred to as a "cracker" not a "hacker". A hacker is someone who tweaks things to their purposes. A cracker is a low-life who attacks other people with malicious intent. There is a big difference."
Many of you have been digging around the net, searching for clues and pointers as to who/where this thief is. You've used the email address I supplied, posing as potential buyers of my domain name to glean more personal info.
It seems the thief has been selling stolen domain names for some time, advertising his loot on various web forums. The consensus sets the physical location as Iran, which ties-in with the Persian language used for certain email addresses. It's fair to say I'm not the only one attacked by this miscreant.
I don’t know what action, if any, I can take, but what's of more concern is this...
How do I halt the damage to my search rankings?
With control over both davidairey.com and davidairey.co.uk, the question now is which one should I use as my primary web address? Perhaps it doesn't even matter, providing a permanent 301 redirect is set from one to the other. I've found that a UK-based Google search for David Airey lists me higher now (with the .co.uk) than it did with the .com. Given that my local market is in the UK, the right move could be to remain with the .co.uk, rather than revert.
I'm guessing the next step is to set my .com address to a 301 redirect to the .co.uk.
Thank you very much
When something like this happens, you don't expect so many people to offer their help. It's testament to the goodwill of the blog community that the situation was recovered. In fact, the thief brought me an entirely new audience. If there's anything I can do to help in return, don't hesitate to contact me. I'll get back to you as soon as I can.