Use A GMail Account? Watch Your Domain

Nov 26, 2008

After reading numerous accounts (27 and counting) of people's domains being stolen I decided to investigate the situation more closely. What follows is my personal investigation.

Without jumping to any conclusions as to how all of these domains were hijacked, I gathered the facts and sat back to see where the common denominators were.
All of the domains had GMail accounts listed in whois.

Many of the domains were hosted with GoDaddy

Many of them had Alexa rankings of less than 10,000

While the GoDaddy connection was interesting, the fact that all of the hijacked domains had GMail accounts stood out as the real common thread.

It's still not clear how the hijacker was able to obtain access to the GMail accounts it is clear that using a GMail account for your domain registrations may not be a wise decision. We have seen infectious code on websites designed to either steal cookies or check to see if the visitor also has GMail opened in another window.

A few cases involved visiting a webpage while GMail was opened and the webpage doing a POST to a GMail interface and injecting an email filter into the visitor's GMail settings.

Typically the injection would include filters that would automatically skip the inbox and forward emails from register.com, godaddy.com and dreamhost.com to another GMail email account.

Then with forwarding set and knowledge of the registered email address, the hijacker would have use GoDaddy's website to obtain the customer number, which requires a verification email. Armed with that information, the hijacker would go back to GoDaddy and have an Authorization Code for password reset, sent to the registered email address.

The password would be sent to the email address, which would be forwarded to the hijacker and then they could move the domain to another registrar, change the website and benefit from the traffic to that website.

Or in some of these recent cases, the hijacker asked for $2,000 in order to "give" the domain back.

How did this happen?

Creating a filter in your GMail account sends a request to the GMail server farm. The request is an obfuscated URL with each section identifying the filter, the account, etc.

Many of the parameters passed in the URL can be generated accurately but one parameter needs the cookie from the account holder's computer. They can obtain this quite easily with any general cookie stealing technique (there are many).

What can you do?
For starters, this isn't the first exploit of GMail accounts. I would switch all of my domains to be registered to a different email address.

Secondly, I would pay the extra money to have your domain information listed as Private. This way your contact information will not show up on whois searches. GoDaddy offers Protected Registration if you're already listed with them.

Third, if you do use GMail, check your filters often. And check your deleted items as well. You never know what you might find in there.

Anyone here have any stories to share about domains hijacked?

View 10 Replies


ADVERTISEMENT

DNS (MX) Entries - Gmail For Your Domain

Feb 7, 2007

I'm running a dedicated server with Plesk 8.1

For all newly created domains, they will automatically adopt a DNS template which I've set up in Plesk. But for my own domains (not clients) I've changed my MX entries in my DNS Settings section to point to the server of that of Gmail (Google). The primary server with the highest priority is "aspx.l.google.com"

To get to the point...
I receive emails on the Gmail interface, which is stored on the Gmail server, though I have a slight problem when it comes to local emails. In other words...when my server sends out an email to myself (either from a contact form, daily log files, etc...) I don't receive the emails through the Gmail interface, but rather through my POP server, which is logical, since my server is most probably configured to use "mail.yourdomain.com" and not "aspx.l.google.com".

Question :
How can I have both incoming emails (from other domains/servers) and local emails (from my own server) go through the Gmail server? I'm guessing that I'll have to edit Sendmail or PHP or something, though I'm not sure, that's why I'm posting this.

Sorry if the post is a bit confusing. I tried my best to explain the situation, though if you have any questions, please respond with them.

View 2 Replies View Related

My Domain Treated As Spam In Gmail

Apr 17, 2009

I have a domain when we send mail through any email id of this domain to Gmail it goes to spam folder but in yahoo and hotmail it goes into inbox folder.So how i whitelist my domain in gmail so my mails go into inbox.

I have also submitted this require or issue in gmail support but no answer.

View 10 Replies View Related

Gmail Putting My Domain On SPAM

Jul 2, 2007

It seems like my e-mails to my clients are being redirected by GMAIL's spam filter into their SPAM folder.

View 5 Replies View Related

Unrouteable Mail Domain "gmail.com"

Jul 14, 2007

I have started facing this problem on my cpanel server recently... I cannot send any mail from the server.. through webmail/outlook/php-scrpts etc..

every time mail returns with the message...

unrouteable mail domain "gmail.com"

I have checked solutions given in some other threads.. but those doesnt seem to work in my case..

I have checked dig gmail.com and dig mx gmail.com from shell.. its resolving properly..

What could be the error?

View 9 Replies View Related

Log Watch

Mar 29, 2007

my log watch and see things like this each day and some days more, does this mean someones is trying to gain access to the server by hunting for the passwords?

Log Watch so I am just asking for some advice out there.

--------------------- SSHD Begin ------------------------

Failed logins from these:
apache/password from ::ffff:200.206.107.12: 2 Time(s)
ftp/password from ::ffff:200.206.107.12: 2 Time(s)
mysql/password from ::ffff:200.206.107.12: 2 Time(s)
root/password from ::ffff:200.206.107.12: 2 Time(s)
root/password from ::ffff:61.186.188.168: 260 Time(s)

Received disconnect:
11: Bye Bye
::ffff:200.206.107.12 : 33 Time(s)
::ffff:61.186.188.168 : 127 Time(s)

View 6 Replies View Related

What Log Files Do I Need To Watch

Sep 16, 2008

I have had a vps for a while now and am no vps expert by any stretch. But I have learned that I cannot rely on support to monitor my box.

what are the important log files to watch and where they are?

View 2 Replies View Related

How To Watch/trace A Process?

Jul 19, 2008

I can't remember the name of the utility that lets you watch what a process is doing. You call it on a PID and you can see all the memory allocations, file IO, library loading, etc. that the process is doing as it happens. Anyone know what I'm thinking of?

View 2 Replies View Related

Server CPU Upgrade, Anything To Watch For

Aug 17, 2009

I'm about to upgrade my co-locationed server from twin 2214 Opertons (dual core 2.2GHz) to

twin 2378 Opertons (quad core 2.4GHz). [Got to love the upgrade path on Opertons, single core to 6 core on the same socket.] I know I'll need to do a Bios upgrade but is there
anything else I should worry about. I want to minimize downtime as much as possible.

View 3 Replies View Related

How To Let Customers Watch Their Own CPU Load

Mar 25, 2009

I am running CentOS 5.2 with cPanel on my server,

And i am wondering how can i let customers on virtual hosting watch their own CPU load for their account?

View 2 Replies View Related

Watch Out The Bait, Layeredtech - LT

May 31, 2008

I had two server from LT for few years. I was happy with the server until 6 month ago. I got an email from LT and was told the price will be increased. I have not choice but paid what they asked. I got another email few days later, again LT increased price. I think it's fine if they increase the price. The problem I got is: LT increases the price but at same time LT still offer same package I had back to few years to their new customers. I called LT, they told me they can do nothing. Today I looked the offer carefully. Here's detail.
-------------------------------------
Dual-Processor Opteron 248$59/Month
RAM:2GB
Hard Drive(s):2 x 160GB SATA
Free upgrade to 2 x 250GB
Bandwidth:3300GB
IP Addresses:8 (5 Usable)
Notes:No Reseller Discount
Setup Fee:$999 setup
---------------------------------------
Ha, $59 not bad deal at all. But watch out, $999 setup fee. Think this, LT will increase your price two years later. Then monthly cost will be $59+$999/24=$100 OR if LT increase you price one year later, your cost will be $59+$999/12=$142. Just think twice before you order from LT.

View 4 Replies View Related

Watch Out For Moxie Hosting

Apr 19, 2007

I have recently removed my Servers from Moxie Hosting, and I think that if you are reading this you should know what this Commpany is all about..

When I signed up Last year for a year Contract, Sean Corbin, Stated to me that
they have own suite at an other location that the cage my equipment was in was tempuary, and that they would be opening a new suite, when I moved to 8th floor and was told that the that suite was their, which it was not,
Watch out for thier 100% up time, they have been having problems with power,
sence the moved and and till a week ago, they keep blaming the building, and that I would not get any recourse, because Sean Corbin has stated to me that it wasn't his fault and that not his problem,

They also stated that they have a tec on site 24/7, not true, they have an on line
tec that can remotely look at issues, but when I need to get access to my server when I need to fix a issue I had to wait for a tec to show up, and if is after hours its a longer wait because Sean Corbin has no tec on site, I have asked to worked on my server during days, he also staited that he dosn't go to suite during days, and he only works nights.

View 2 Replies View Related

Watch Guard Core 550e

Aug 12, 2007

I seemed to have acquired a taste for getting volunteered for things here lately and I'm stuck on a firebox x550e firewall,

This application needs to be used to protect 2 servers that are going to be used to server 1 website and hold all of its financial records,

My main problem in the initial configuration of it.

69.65.22.144/28

69.65.22.144 Network IP
69.65.22.145 Gateway
69.65.22.159 Broadcast

Is the /28 Vlan

Picture 1
Picture 2
Picture 3
Picture 4

View 5 Replies View Related

VPS :: Hear Music Or Watch A Trailer Or Youtube?

Dec 26, 2008

what VPS server will I be able to hear music or watch a trailer or youtube?cause my does not have a soundcard on it.

View 14 Replies View Related

FFServer :: Streaming Of A File To Watch That Movie In Windows Media Player

Apr 28, 2009

Im working at time with ffserver ... i test ffmpeg with flash streaming and it works perfectly but i want to do anoter step.

Im trying to do a streaming of a file to watch that movie in Windows Media Player. The problem is that i have a lot of errors of "buffer underflow" when i stream the video.

I Post My Config:

Port 8090
BindAddress 0.0.0.0
MaxClients 1000
MaxBandwidth 10000
NoDaemon

<Feed feed1.ffm>
File /tmp/feed1.ffm
FileMaxSize 5M
</Feed>

<Stream test.flv>
Feed feed1.ffm
Format flv
VideoCodec flv
VideoFrameRate 15
VideoBufferSize 80000
VideoBitRate 200
VideoQMin 1
VideoQMax 5
VideoSize 352x288
PreRoll 10
</Stream>

<Stream test.asf>
Feed feed1.ffm
Format asf
VideoFrameRate 2
VideoSize 848x480
VideoBitRate 256
VideoBufferSize 40
VideoGopSize 30
AudioBitRate 96
StartSendOnKey
</Stream>

As you can see i listen in all the ip source so i can acess to the file but ... dont work ...

Many of messages of the error:

[flv @ 0xb7df29a8]rc buffer underflow
[flv @ 0xb7df29a8]rc buffer underflow
[flv @ 0xb7df29a8]rc buffer underflow
[flv @ 0xb7df29a8]rc buffer underflow
[flv @ 0xb7df29a8]rc buffer underflow
[flv @ 0xb7df29a8]rc buffer underflow
[flv @ 0xb7df29a8]rc buffer underflow

Line that i use:

ffmpeg -i /descargas/anime/Soul_Eater/RnF_Soul_Eater_42.avi http://127.0.0.1:8090/feed1.ffm

....

My OS is debian eth.

View 0 Replies View Related

FTP Account Name With Domain Suffix

Jun 4, 2008

We have several Cpanel account(web sites) with different IP in one box. Then we cut down to one single IP. While as the Cpanel is not availble, I re-configured apache to bind account to domain name , instead of IP as previously configured.

So before when I use a user name like "james" to ftp, it was working, but not now. Now, I have to use james@domain.com to to ftp.

Someone changed pure-ftp setttings somewhere which I don't know how he did it and I actually don't know if he helped or not on this problem.

At least , ftp is working. But I really do want to know the relevancies between these matters.

Cpanel is not available yet ( not licensed ); IP being cut from sereval to one which supples multiple web sites; Pure-ftpd seems needed to be configured.

View 0 Replies View Related

Add-On Domain & Hosting Account

Oct 8, 2008

How do I stop my add-on domain from appearing in the search engine as a sub-domain? For example, it shows up as example.com/test.com. I only want test.com.

View 9 Replies View Related

Do I Have To Get A Domain Reseller Account

Jul 30, 2008

still newbie question, if I use whmcs for my billing system, I see the client always start with typing in a domain, if they choose a new domain, what will I do with it? do I have to get a domain reseller account to deal with it?

View 7 Replies View Related

Domain Name Server (DNS) Reseller Account

Feb 29, 2008

I am having a reseller hosting with a host. This host provides private DNS. Hosting provider remains Anonymous. So when some one search for whois they will not know I am running a reseller hosting biz.

Now I am planning to change the hosting provider to another one who provides higher capacity and higher bandwidth but they will not provide DNS. I need to use their DNS.

How do I provide get a my own DNS so that host remains Anonymous?

What I need?

View 7 Replies View Related

Primary Domain Change For WHM Account

Feb 27, 2007

I have a hostee who as part of an out-of-court settlement, needs to change the primary domain they host on. The domain they're switching to is already a parked domain on their account. At first blush, it seems like it would be pretty easy, but now I'm concerned about their email. Both of the principals of the company use Horde extensively for webmail, and as such I have files on the server for their email accounts. What I was thinking about doing is this:

1. Stop parking the "new" domain on the account.
2. Change the account from using the "old" domain in WHM to the "new" domain by modifying the account in WHM.
3. Forwarding email sent to user@old.domain to user@new.domain, in CPanel.
4. Assorted changes on website to account for the new domain - published email addresses, new SSL cert, things like that.

My concern is in how to move the mail files, currently set up to be for user@old.domain, to be readable by Horde as user@new.domain, so it's seamless to the users. We will be keeping the old domain under our control, but not using it to point to the site any more; I just don't want to have to tell them "OK, to get your old email, you have to check this address, and to get new email, you have to check this one."

Would my plan above actually accomplish that? Is there a better way within a WHM/CPanel framework to accomplish what I need without losing email or access to it? What am I missing?

View 3 Replies View Related

VPS Account With Multiple Domain Setup

Apr 11, 2008

I have a VPS account with WHM/Cpanel console access. I have three domains that I am trying to setup. Within WHM I have setup three different accounts, one for each domain. I am able to login to the cPanel for all three accounts. This also created a new web directory for each domain in /home/domain_name/public_html/. I have placed my default index.php in all three public_html with the same permissions. But only 1 domain is working the other two are not. What am I missing? I have confirmed that all three have the correct DNS servers with godaddy and I can do an nslookup on all three. My provider told me to share the IP so that is what I am configured as..

View 2 Replies View Related

How Do We Get Domain/SSL Reseller Account For Our Clients

Oct 21, 2008

How to do so for our reseller/vps clients?

And how do I install WHMCS for example for a reseller client?

How do we allocate our reseller clients their IPs?

View 14 Replies View Related

Access An Account On Shared Ip Without Domain Name

Apr 9, 2008

I have an account on an older server. Its plesk.

But now that I pointed the domain I can no longer access the old server from the web.

So this is my shared ip:
66.235.201.136

Now there are about 10 domains on the IP.

what would my URL look like to access one of those accounts in plesk in the browser?

66.235.201.136/~rgratitu

I've tried the above and it doesn't work.

View 1 Replies View Related

Two Domain Names For One Hosting Account

Jan 30, 2007

I have several domain names and I pay for hosting for each domain name. Each domain name gets little traffic, uses little bandwidth, and little storage space. I would like to pay for hosting once and share the bandwidth and storage space amongst the multiple sites. Do you know of a hosting company that offers this? I suppose it would involve having one hosting account and multiple IP addresses that resolve to different folders in your account?

View 12 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved