The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

hijacked onlinenic domain name need to change server main domain & name

Discussion in 'Security' started by rockscarfone, Dec 27, 2013.

  1. rockscarfone

    rockscarfone Member

    Joined:
    Aug 30, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    ok, i have been at this since 1992. cpanel 2000. but without this forum i would have been lost.

    how can i change our main server name/domain


    onlinenic hacked twice in 6 weeks . whike waiting for new pass main domain was hijacked.

    was corporatehosting for 12 years

    i want to change to goldsmithworks

    so as not to cause a melt down, does anyone have a "how to".


    the corporate name is still the main

    the goldsmithworks is on server with 2 gigs data

    would appreciate any assistance asap. been at it with nic for 4 days before i regained access

    i have already set up name servers for gsw

    thank you in advance
    ......................

    rock
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,448
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  3. rockscarfone

    rockscarfone Member

    Joined:
    Aug 30, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    servers softlayer & onlinenic [twice] hacked over 8 week period advice

    what a crazy 3 months

    SOME OF WHAT I AM POSTING IS WITHIN A POST WHERE I REQUESTED ASSISTANCE WITH HOSTNAME/DOMAIN CHANGE. BUT I THOUGHT IT IMPORTANT ENOUGH TO PLACE A THOROUGH LOG OF EVENTS HERE.

    I MUST STATE THAT NO PASSWORDS WERE STORED ON COMPUTERS, NONE WHERE EMAILED OR GIVEN OUT. I MAKE UP PASSWORDS ON A OFF LINE MACHINE THEN PLACE ON A THUMB DRIVE ON MY NECK.

    THE ONLINENIC EVENTS ARE THE MOST IMPORTANT, I AM IN NEED OF RECOMMENDATIONS OF RESELLER PROGRAM FOR DOMAIN NAMES ... I USED BULKREGISTER IN 1990'S AND SINCE 2002 ONLINENIC.

    I HAVE 18 YEARS OF HOSTING AND SERVER ADMIN UNDER MY BELT. [THANKS TO THIS FORUM]

    ONLY 4 TIMES WERE WE EVER HACKED in 18years . THOSE WERE IN THE LATE 90'S AND 2003 AND WERE SINGULAR WHILE WE OPERATED 3 TO 5 MACHINES..

    I USE ALL OF THE SECURITY PROGRAMS AVAILABLE FOR CPANEL / LINUX. I USE KEYS FOR ROOT/SHELL, ALL OTHERS ARE LOCKED OUT.

    PASSWORDS ARE INTENTIONALLY DIFFICULT LIKE:

    un^WN<[b>L4c3t(Hsem=FzC$7+hwV>

    WE NEED TO MOVE OUR APP 70 DOMAINS OFF ONLINENIC ANY INFO CONCERNING "A LIKE EXPERIENCE" WOULD BE APPRECIATED.

    any questions or answers as to the freak of 3 separate hacks would be appreciated. we have clear wireless internet at the studio. and hard link at the house.

    even though we have not offered opportunity as to passwords,

    we use Clear Wire at studio. it is not encrypted.the iother night i was alone at studio working on a rolex. i lleft at 11pm. there was a person with a lap top in the parking lot/ no one else. when i looked t him he left..

    we have a wireless network, but machines are hardwired into router.

    events

    1- Oct 15 2013 two servers WERE hit. deletion of all accounts FROM WEBHOSTMGR
    these were surely full secured with everything but a pit bull,

    2- restored from scratch installed security, cxs, csf, modsec, every thing that can be accomplished. off site backups installed took 3 weeks to get back to normal,,,

    3- theY then hit softlayer, DEC , gained access to our account and placed a request for profile up date !!! with request to change passwords on our servers to":iloveyou#er"

    Imagine, from hardcore 20 digit passwords to I LOVE YOU. softlayer went and changed the profile and server passwords. lucky they could not gain ROOT access due to keys for root AND THE FACT I CAUGHT IT LIKE MIDWAY FAST.

    I was upset when i read the ticket these hackers placed, because we have 800 # and I requested no profile changes without call, on the ticket softlayer said they were going to call .. they did not

    4- they then hit online nic. it took almost a week before --after providing every email from onlinenic since 2002 and license and a ton of "stuff" -- they sent new pass.

    i logged in, all was fine except they bought three domains with my balance money. I changed passwords in SSL. I
    then placed pass on my thumb drive around my neck. no emails, no writing down, no giving them out!f

    5 full server checks, file checks, sweeps on all directories and accounts.. breathing fresh air.

    though it took 1 1/2 weeks to check and monitor -

    we had now lost close to 6 weeks of income. i could not restore vintage watches while working on servers and re formatting over 90 gigs of data representing 15 yeas online

    6- December 24th, I am happy, taking a week off. arrive home from studio, login to domain.com.. no site just.. redirection! try domain2.com redirection, try domain3.com redirection. [actual name of ns was ms.domain4.com] logged into main server name domain5.org, redirected. domain6.com redirected.

    so, I use IP to gain access to webhostmgr. IP also pulls pages and sites. use key for root shell, nothing altered

    I then whois and find domain7.org has been re-registered that day,

    I begin contacting onlinenic. I opened ticket, reminding them of break in several weeks prior. Dec 24th Dec 25th Dec 26th Dec 27th over 40 tickets chats tickets chats. I say- can you at least restore the names servers that had been altered?

    finally, on the 27th through chat they asked what ns. I say domain7.org ns and ns2, they say you do not own the domain.

    I then send all the emails for 12 years. I send the last update on Sept 9 2013 for the domain renewal through our account. i was having heart attacks because we are losing money, with 35000 pics of my works off line, ebay no pics and my time trying to get into onlinenic account..

    finally, they sent a pass but the domain was hijacked so pass was going to hackers


    so they reset and placed it in chat window

    I gained access pulled the records for payment in olinenic. I then sent a ticket with proof once more and with the question how did anyone hack the account when the pass was never sent given exposed and was a 20 character difficult pass? I questioned whether it was internal.

    an hour later the domain domain7.org was back

    this is after I set up secure.domain5.com, set up and registered name servers , and hand updated 62 domains as well as SSL and everything you have to do to change the server domain and name.

    for any of you out there. we used bulkregister back when, online nic since 2002.

    with two "break ins " in 6 weeks or so. -- I am telling you the passwords were set in ssl on onlinenic.and were not recorded but on an off line computer directly to a thumb drive that I wear even in the VA hospital!

    we need to find a good domain name reseller program we can transfer our 70 domain names to.

    please advise if you have an answer. I am freaking out. two "break ins" ? this last time 4 days we sat freaking out losing money and worrying ,, without access, we could not pin it down. changes made did not show right away. so it was checking servers and pleading for access




    thanks in advance



    rock
     
    #3 rockscarfone, Dec 28, 2013
    Last edited by a moderator: Dec 29, 2013
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,448
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Re: servers softlayer & onlinenic [twice] hacked over 8 week period advice

    You might want to hire a security professional from the cPanel AppCat to check out your system(s):
    cPanel App Catalog
     
Loading...
Similar Threads - hijacked onlinenic domain
  1. noimad1
    Replies:
    6
    Views:
    426

Share This Page