I have a few domains, some are located on GoDaddy and some I got as part of my hosting. I prefer to have the domain on a dedicated site such as GoDaddy as this means I have full control over where it goes outside of any web hosting deal I am currently on. One of the sites on GoDaddy was mauldor.com and I had set this up to point to the correct place and then locked the domain – what this means is anybody (including me) making any changes will fire off an email to the chosen email address. Imagine my suprise when yesterday the domain pointed to lockerzpoints.
Security
The first thing I need to say before I start this story is that I try and use a different password per site, if the site is just a forum or something, then I use something easier for me to remember but if the site is important to me (such as GoDaddy etc) then the password will contain uppercase, lowercase, numbers and sometimes punctuation. GoDaddy is referenced by a number and not a name – this makes it even harder to guess.
Checking my domain
I first checked using my domain tool and what ‘they’ had done was revert the DNS to default and put a simple forwarder on there. Nothing else was changed, password still the same but one point to notice was the secret question – I do not spell COLOR as this is an American spelling – but rather COLOUR – that had been changed for sure.
Calling Support
Thankfully GoDaddy has a telephone number in the UK (but is still located in USA) for support. The first thing we did was change the email address everything comes to (for security reasons) and then got my password Reset. He noted the time it was changed, somebody in the USA at 7:21 Pacific Standard Time (PST) on 10th June 2010 had logged in on the web page and changed my site. He had all the details logged and will be launching an investigation and for legal reasons, he could not divulge the IP address and so forth.
Locking the place down tight.
I got a book out and started writing down sites, login details and using an only secure password generator went forth and switched as many sites as I can remember to something very secure indeed. I have no idea what this person gained from switching my site but lesson leaned on my side. My only gripe (and one that GoDaddy is looking into) is what is the point of locking your site when I got no emails?
