Use A GMail Account? Watch Your Domain
Nov 26, 2008
After reading numerous accounts (27 and counting) of people's domains being stolen I decided to investigate the situation more closely. What follows is my personal investigation.
Without jumping to any conclusions as to how all of these domains were hijacked, I gathered the facts and sat back to see where the common denominators were.
All of the domains had GMail accounts listed in whois.
Many of the domains were hosted with GoDaddy
Many of them had Alexa rankings of less than 10,000
While the GoDaddy connection was interesting, the fact that all of the hijacked domains had GMail accounts stood out as the real common thread.
It's still not clear how the hijacker was able to obtain access to the GMail accounts it is clear that using a GMail account for your domain registrations may not be a wise decision. We have seen infectious code on websites designed to either steal cookies or check to see if the visitor also has GMail opened in another window.
A few cases involved visiting a webpage while GMail was opened and the webpage doing a POST to a GMail interface and injecting an email filter into the visitor's GMail settings.
Typically the injection would include filters that would automatically skip the inbox and forward emails from register.com, godaddy.com and dreamhost.com to another GMail email account.
Then with forwarding set and knowledge of the registered email address, the hijacker would have use GoDaddy's website to obtain the customer number, which requires a verification email. Armed with that information, the hijacker would go back to GoDaddy and have an Authorization Code for password reset, sent to the registered email address.
The password would be sent to the email address, which would be forwarded to the hijacker and then they could move the domain to another registrar, change the website and benefit from the traffic to that website.
Or in some of these recent cases, the hijacker asked for $2,000 in order to "give" the domain back.
How did this happen?
Creating a filter in your GMail account sends a request to the GMail server farm. The request is an obfuscated URL with each section identifying the filter, the account, etc.
Many of the parameters passed in the URL can be generated accurately but one parameter needs the cookie from the account holder's computer. They can obtain this quite easily with any general cookie stealing technique (there are many).
What can you do?
For starters, this isn't the first exploit of GMail accounts. I would switch all of my domains to be registered to a different email address.
Secondly, I would pay the extra money to have your domain information listed as Private. This way your contact information will not show up on whois searches. GoDaddy offers Protected Registration if you're already listed with them.
Third, if you do use GMail, check your filters often. And check your deleted items as well. You never know what you might find in there.
Anyone here have any stories to share about domains hijacked?
View 10 Replies
ADVERTISEMENT
Feb 7, 2007
I'm running a dedicated server with Plesk 8.1
For all newly created domains, they will automatically adopt a DNS template which I've set up in Plesk. But for my own domains (not clients) I've changed my MX entries in my DNS Settings section to point to the server of that of Gmail (Google). The primary server with the highest priority is "aspx.l.google.com"
To get to the point...
I receive emails on the Gmail interface, which is stored on the Gmail server, though I have a slight problem when it comes to local emails. In other words...when my server sends out an email to myself (either from a contact form, daily log files, etc...) I don't receive the emails through the Gmail interface, but rather through my POP server, which is logical, since my server is most probably configured to use "mail.yourdomain.com" and not "aspx.l.google.com".
Question :
How can I have both incoming emails (from other domains/servers) and local emails (from my own server) go through the Gmail server? I'm guessing that I'll have to edit Sendmail or PHP or something, though I'm not sure, that's why I'm posting this.
Sorry if the post is a bit confusing. I tried my best to explain the situation, though if you have any questions, please respond with them.
View 2 Replies
View Related
Apr 17, 2009
I have a domain when we send mail through any email id of this domain to Gmail it goes to spam folder but in yahoo and hotmail it goes into inbox folder.So how i whitelist my domain in gmail so my mails go into inbox.
I have also submitted this require or issue in gmail support but no answer.
View 10 Replies
View Related
Jul 2, 2007
It seems like my e-mails to my clients are being redirected by GMAIL's spam filter into their SPAM folder.
View 5 Replies
View Related
Jul 14, 2007
I have started facing this problem on my cpanel server recently... I cannot send any mail from the server.. through webmail/outlook/php-scrpts etc..
every time mail returns with the message...
unrouteable mail domain "gmail.com"
I have checked solutions given in some other threads.. but those doesnt seem to work in my case..
I have checked dig gmail.com and dig mx gmail.com from shell.. its resolving properly..
What could be the error?
View 9 Replies
View Related
Mar 29, 2007
my log watch and see things like this each day and some days more, does this mean someones is trying to gain access to the server by hunting for the passwords?
Log Watch so I am just asking for some advice out there.
--------------------- SSHD Begin ------------------------
Failed logins from these:
apache/password from ::ffff:200.206.107.12: 2 Time(s)
ftp/password from ::ffff:200.206.107.12: 2 Time(s)
mysql/password from ::ffff:200.206.107.12: 2 Time(s)
root/password from ::ffff:200.206.107.12: 2 Time(s)
root/password from ::ffff:61.186.188.168: 260 Time(s)
Received disconnect:
11: Bye Bye
::ffff:200.206.107.12 : 33 Time(s)
::ffff:61.186.188.168 : 127 Time(s)
View 6 Replies
View Related
Sep 16, 2008
I have had a vps for a while now and am no vps expert by any stretch. But I have learned that I cannot rely on support to monitor my box.
what are the important log files to watch and where they are?
View 2 Replies
View Related
Jul 19, 2008
I can't remember the name of the utility that lets you watch what a process is doing. You call it on a PID and you can see all the memory allocations, file IO, library loading, etc. that the process is doing as it happens. Anyone know what I'm thinking of?
View 2 Replies
View Related
Aug 17, 2009
I'm about to upgrade my co-locationed server from twin 2214 Opertons (dual core 2.2GHz) to
twin 2378 Opertons (quad core 2.4GHz). [Got to love the upgrade path on Opertons, single core to 6 core on the same socket.] I know I'll need to do a Bios upgrade but is there
anything else I should worry about. I want to minimize downtime as much as possible.
View 3 Replies
View Related
Mar 25, 2009
I am running CentOS 5.2 with cPanel on my server,
And i am wondering how can i let customers on virtual hosting watch their own CPU load for their account?
View 2 Replies
View Related
May 31, 2008
I had two server from LT for few years. I was happy with the server until 6 month ago. I got an email from LT and was told the price will be increased. I have not choice but paid what they asked. I got another email few days later, again LT increased price. I think it's fine if they increase the price. The problem I got is: LT increases the price but at same time LT still offer same package I had back to few years to their new customers. I called LT, they told me they can do nothing. Today I looked the offer carefully. Here's detail.
-------------------------------------
Dual-Processor Opteron 248$59/Month
RAM:2GB
Hard Drive(s):2 x 160GB SATA
Free upgrade to 2 x 250GB
Bandwidth:3300GB
IP Addresses:8 (5 Usable)
Notes:No Reseller Discount
Setup Fee:$999 setup
---------------------------------------
Ha, $59 not bad deal at all. But watch out, $999 setup fee. Think this, LT will increase your price two years later. Then monthly cost will be $59+$999/24=$100 OR if LT increase you price one year later, your cost will be $59+$999/12=$142. Just think twice before you order from LT.
View 4 Replies
View Related
Apr 19, 2007
I have recently removed my Servers from Moxie Hosting, and I think that if you are reading this you should know what this Commpany is all about..
When I signed up Last year for a year Contract, Sean Corbin, Stated to me that
they have own suite at an other location that the cage my equipment was in was tempuary, and that they would be opening a new suite, when I moved to 8th floor and was told that the that suite was their, which it was not,
Watch out for thier 100% up time, they have been having problems with power,
sence the moved and and till a week ago, they keep blaming the building, and that I would not get any recourse, because Sean Corbin has stated to me that it wasn't his fault and that not his problem,
They also stated that they have a tec on site 24/7, not true, they have an on line
tec that can remotely look at issues, but when I need to get access to my server when I need to fix a issue I had to wait for a tec to show up, and if is after hours its a longer wait because Sean Corbin has no tec on site, I have asked to worked on my server during days, he also staited that he dosn't go to suite during days, and he only works nights.
View 2 Replies
View Related
Aug 12, 2007
I seemed to have acquired a taste for getting volunteered for things here lately and I'm stuck on a firebox x550e firewall,
This application needs to be used to protect 2 servers that are going to be used to server 1 website and hold all of its financial records,
My main problem in the initial configuration of it.
69.65.22.144/28
69.65.22.144 Network IP
69.65.22.145 Gateway
69.65.22.159 Broadcast
Is the /28 Vlan
Picture 1
Picture 2
Picture 3
Picture 4
View 5 Replies
View Related
Dec 26, 2008
what VPS server will I be able to hear music or watch a trailer or youtube?cause my does not have a soundcard on it.
View 14 Replies
View Related
Apr 28, 2009
Im working at time with ffserver ... i test ffmpeg with flash streaming and it works perfectly but i want to do anoter step.
Im trying to do a streaming of a file to watch that movie in Windows Media Player. The problem is that i have a lot of errors of "buffer underflow" when i stream the video.
I Post My Config:
Port 8090
BindAddress 0.0.0.0
MaxClients 1000
MaxBandwidth 10000
NoDaemon
<Feed feed1.ffm>
File /tmp/feed1.ffm
FileMaxSize 5M
</Feed>
<Stream test.flv>
Feed feed1.ffm
Format flv
VideoCodec flv
VideoFrameRate 15
VideoBufferSize 80000
VideoBitRate 200
VideoQMin 1
VideoQMax 5
VideoSize 352x288
PreRoll 10
</Stream>
<Stream test.asf>
Feed feed1.ffm
Format asf
VideoFrameRate 2
VideoSize 848x480
VideoBitRate 256
VideoBufferSize 40
VideoGopSize 30
AudioBitRate 96
StartSendOnKey
</Stream>
As you can see i listen in all the ip source so i can acess to the file but ... dont work ...
Many of messages of the error:
[flv @ 0xb7df29a8]rc buffer underflow
[flv @ 0xb7df29a8]rc buffer underflow
[flv @ 0xb7df29a8]rc buffer underflow
[flv @ 0xb7df29a8]rc buffer underflow
[flv @ 0xb7df29a8]rc buffer underflow
[flv @ 0xb7df29a8]rc buffer underflow
[flv @ 0xb7df29a8]rc buffer underflow
Line that i use:
ffmpeg -i /descargas/anime/Soul_Eater/RnF_Soul_Eater_42.avi http://127.0.0.1:8090/feed1.ffm
....
My OS is debian eth.
View 0 Replies
View Related
Jun 4, 2008
We have several Cpanel account(web sites) with different IP in one box. Then we cut down to one single IP. While as the Cpanel is not availble, I re-configured apache to bind account to domain name , instead of IP as previously configured.
So before when I use a user name like "james" to ftp, it was working, but not now. Now, I have to use james@domain.com to to ftp.
Someone changed pure-ftp setttings somewhere which I don't know how he did it and I actually don't know if he helped or not on this problem.
At least , ftp is working. But I really do want to know the relevancies between these matters.
Cpanel is not available yet ( not licensed ); IP being cut from sereval to one which supples multiple web sites; Pure-ftpd seems needed to be configured.
View 0 Replies
View Related
Oct 8, 2008
How do I stop my add-on domain from appearing in the search engine as a sub-domain? For example, it shows up as example.com/test.com. I only want test.com.
View 9 Replies
View Related
Jul 30, 2008
still newbie question, if I use whmcs for my billing system, I see the client always start with typing in a domain, if they choose a new domain, what will I do with it? do I have to get a domain reseller account to deal with it?
View 7 Replies
View Related
Feb 29, 2008
I am having a reseller hosting with a host. This host provides private DNS. Hosting provider remains Anonymous. So when some one search for whois they will not know I am running a reseller hosting biz.
Now I am planning to change the hosting provider to another one who provides higher capacity and higher bandwidth but they will not provide DNS. I need to use their DNS.
How do I provide get a my own DNS so that host remains Anonymous?
What I need?
View 7 Replies
View Related
Feb 27, 2007
I have a hostee who as part of an out-of-court settlement, needs to change the primary domain they host on. The domain they're switching to is already a parked domain on their account. At first blush, it seems like it would be pretty easy, but now I'm concerned about their email. Both of the principals of the company use Horde extensively for webmail, and as such I have files on the server for their email accounts. What I was thinking about doing is this:
1. Stop parking the "new" domain on the account.
2. Change the account from using the "old" domain in WHM to the "new" domain by modifying the account in WHM.
3. Forwarding email sent to user@old.domain to user@new.domain, in CPanel.
4. Assorted changes on website to account for the new domain - published email addresses, new SSL cert, things like that.
My concern is in how to move the mail files, currently set up to be for user@old.domain, to be readable by Horde as user@new.domain, so it's seamless to the users. We will be keeping the old domain under our control, but not using it to point to the site any more; I just don't want to have to tell them "OK, to get your old email, you have to check this address, and to get new email, you have to check this one."
Would my plan above actually accomplish that? Is there a better way within a WHM/CPanel framework to accomplish what I need without losing email or access to it? What am I missing?
View 3 Replies
View Related
Apr 11, 2008
I have a VPS account with WHM/Cpanel console access. I have three domains that I am trying to setup. Within WHM I have setup three different accounts, one for each domain. I am able to login to the cPanel for all three accounts. This also created a new web directory for each domain in /home/domain_name/public_html/. I have placed my default index.php in all three public_html with the same permissions. But only 1 domain is working the other two are not. What am I missing? I have confirmed that all three have the correct DNS servers with godaddy and I can do an nslookup on all three. My provider told me to share the IP so that is what I am configured as..
View 2 Replies
View Related
Oct 21, 2008
How to do so for our reseller/vps clients?
And how do I install WHMCS for example for a reseller client?
How do we allocate our reseller clients their IPs?
View 14 Replies
View Related
Apr 9, 2008
I have an account on an older server. Its plesk.
But now that I pointed the domain I can no longer access the old server from the web.
So this is my shared ip:
66.235.201.136
Now there are about 10 domains on the IP.
what would my URL look like to access one of those accounts in plesk in the browser?
66.235.201.136/~rgratitu
I've tried the above and it doesn't work.
View 1 Replies
View Related
Jan 30, 2007
I have several domain names and I pay for hosting for each domain name. Each domain name gets little traffic, uses little bandwidth, and little storage space. I would like to pay for hosting once and share the bandwidth and storage space amongst the multiple sites. Do you know of a hosting company that offers this? I suppose it would involve having one hosting account and multiple IP addresses that resolve to different folders in your account?
View 12 Replies
View Related