Check the security of your e-mail account, immediately.

You're supposed to receive a bunch of e-mails when your domains are transferred away. Did you receive them? Did you receive any other type of notification from NameCheap? Domain thieves often begin by breaking into the domain owner's e-mail account, so that they can intercept these messages. So make sure that you're in full control of your e-mail account before doing anything else. Double-check your NameCheap account and make sure that your account, as well as all your domains (including those with WhoisGuard) have the proper e-mail address attached to them. Change all the passwords. Change the passwords on your backup e-mail, too. Otherwise the thief may be able to get between you and NameCheap and confuse the hell out of both parties.

Also contact the receiving registrar (22.cn) and let them know that they just received a stolen domain. Send a stern but polite notice to their abuse department. They might or might not do anything about it, depending on how reputable they are, but it's worth a shot.

Thank you, the email accounts were compromised and filters were set up to delete any incoming emails from registrars so I never saw any notices.

Thank you very much for this tip

This is why two-factor authentication is vital for email accounts. It's just too easy to accidentally reuse your email password somewhere, and then things like this can happen. With a second factor, someone would have to physically steal your phone or OTP device to access your account, and that's a lot harder for some hackers in China to do :)

> accidentally reuse your email password somewhere

That kind of thing never happens "accidentally", especially if you're smart enough to use two-factor authentication.

By the way: http://www.codinghorror.com/blog/2012/04/make-your-email-hac...

It happens accidentally. I use different passwords for different services and remember them (rather than store them in a database). Once in a while, I'll type the wrong password into the wrong site. That's game over; the account that actually used that password is now compromised.

This is an important point: Type in the wrong password, and you've potentially given away the account that that password belongs to.

And, other things being equal, the more visible your "presence", including the account that the password belongs to, the greater the risk of compromise.

Did you type that wrong password into a dodgy site? Did you type it into a site that does not use https? While on a relatively more unsecure connection?

Even if you trust the ethics of the site, how do they log, and are those logs secure?

Paranoia: Stimulant of the chronic surfer. ;-)

Make sure to check whether the perpetrator set up a forwarding address for all your e-mails as well.

Let me google that for you "namecheap domain stolen". First hit: "Someone has stolen my name and fraudulently transferred my domain name to another registrar; can you help me to get it back?"

http://www.namecheap.com/support/knowledgebase/article.aspx/...

There are two main concerns here:

1) How the malicious party gained access to your account(s) in order to approve the transfer. This is typically caused by an email address compromise and something you will deal with directly with the email provider (be sure to request logs of recent access to your email account ASAP, this will help later). Also, change your account password on this account immediately and scan your local machine for malware.

2) The more pressing issue for you though is retrieval of your domain. Luckily ICANN has a very specific process on how to handle this, and it's mainly up to your registrar to handle for you. So contacting your registrar is in more cases all you need to do (remember, this isn't a basic support inquiry though, so you may need to wait for the fraud/abuse staff, depending on the registrar.)

You can review the specific process the registrar should be following here: http://www.icann.org/en/help/dndr/tdrp it's the official 'transfer dispute resolution policy'. I have handled these at the registrar level and 95% of the time it goes smoothly as long as the facts are laid out for all parties. Information such as the IP who accessed your email account at the time of the reg. transfer is one of the key pieces of evidence you can provide your registrar to make the transfer dispute go faster, however your registrar is likely (obligated under due diligence) to have their own records of the transferrers IP who approved the request.

I wish you the best of luck, I can't really help out specifically with your case but if you have any questions about the TDRP procedure feel free to ask.

P.S. "Step 3" would be to address any losses, if you want to seek this option out you will need to lawyer up as any damages claimed would have to be recovered in a civil dispute (this is presuming you are presiding under US law/courts)

Thanks again for the reply. So far namecheap has been quite helpful (even though messages are few and far between).

It's been tough sleeping this week and pointing me to the ICANN process makes me feel a little bit better that there is hope!

Can I press criminal charges as well?

Thanks for the information. I contacted the registrars... This is a nightmare for me.

You are probably fucked in that regard. Unless the miscreant happens to be in the same state as you, local cops aren't interested. And the FBI won't look at anything that doesn't have at least $10k in demonstrable damages. At least that's how it went when I tried to deal with a loon who was DOSing a friend's side project.

It should be easy to establish that a site that generates $200-$500 in ad revenue per day is worth more than $10K.

Under US law you would use the civil court system to recuperate losses/damage (crimes against a person), and criminal court system to place the perpetrator in jail (crimes against society). This really is a bleak abstract of the US court system, you really should talk with a lawyer if you are considering further legal remedies beyond what ICANN policies offer.

If Google handles your email as well, you should really consider 2step auth.

http://googleblog.blogspot.com/2011/02/advanced-sign-in-secu...

I just implemented 2 factor authentication for google, and so far I'm quite happy with it. It's really nice knowing what applications can access your account.

I implemented it as well, thanks

You need to contact NameCheap. There is a window where they can reverse the transfer, if you can persuade them.

I did already... it's been 2 hours and haven't heard back from the fraud center

you really need to set your expectations lower...give it at least 24 hours to hear back from them

Well not set expectations lower, but rather more realistic.

Sorry to read what happened to you, throwawayhelp. As one who's worked with similar cases in my ex-registrar life, unfortunately I'll tell you right now these things do take time.

As mentioned earlier, give it about 24 hours. While we all want things immediately or done right away, things aren't always as simple as we want to believe.

As long as you contacted NameCheap right away and gave as much information as possible, they'll at least take action. Good luck, and keep folks here posted when you can.

2 hours, from "namecheap".

I think you need to manage the expectations to the branding and cost of your provider.

I look forward to hearing how NameCheap and Google handle this. Followup please? Good luck.

why should Google get involved? seems like an overreach.

If I read it correctly, the thief is now using his own AdSense Account. Consequently, Google is paying a thief, albeit unintentionally. I suspect Google might be persuaded to respond, but I wouldn't take that route right away. It has only been two hours since the registrar was contacted and it is their responsibility first. Google "customer service" is notoriously bad. If the domain theft is resolved, I could see you ending up in a position where Google somehow closes your account, thinking you were the thief.

OP mentioned revenue was via Google AdSense. So he'll need to get that sorted out as well.

These guys help: http://domaintheft.org/

thanks, looking at it now.

I recommend contacting a lawyer who specializes in domains: Stevan Lieberman (www.aplegal.com) John Berryhill (johnberryhill.com) Ari Golderberger (esqwire.com)

Those are 3 of the best. Your options are contact NameCheap and see what they can do. Also filing a UDRP works sometimes. But see what else a lawyer who specializes in this can do.

i think the problem can be more complicated ... you should check security of your computer/email. Becase in my opinion atacker must have access at least to your email . Without it stole domain is almost impossible ...

Regards

Contract Google. They need to avoid paying cash to an account that appears to have hijacked your domAin. Surely a breach of adsense terms and conditions?

IF you haven't already, change passwords and check your accounts for filters that would send change of password emails to the hijacker.

Try contacting NameCheep.

Contact the FBI.

I want to, should I? What should I doing with this?

You mentioned being hit by a trojan. I'd recommend starting there and letting them know about that. Then mention how your business's domain-name was stolen because of the security hole. Once they realize a business is being effected; hopefully that will get you a little more than ok thanks, here's your number. We'll call you.

I'm not saying this is an easy fix; but it IS Cyber-crime. I'd also consider talking with a lawyer if you can pony up the money.

And (not at you) ROFL down-voted for suggesting contacting the FBI. That's ok, keep paying taxes and not getting your money's worth. Government is there to help; they make a mess of things but they are better then a-LOT of the alternatives in other countries.