Results 1 to 9 of 9

Thread: NameCheap domain registration has been compromised

  1. #1
    Mike-XS's Avatar
    Mike-XS is offline XeroAgent
    Join Date
    Sep 2009
    Location
    OZ
    Posts
    209
    Thanks
    30
    Thanked 109 Times in 71 Posts

    NameCheap domain registration has been compromised

    Hey guys.. Simple question:

    What's the best way to search for new unregistered domains without your domain searches being taken by someone else or having those new names registered before you can do it. ?

    I usually use Namecheap to find new unregistered domains, but not anymore after this week.

    You've probably heard this before:
    I had some unregistered names I was planning to use taken the other day and registered by someone else.
    Now it's my turn. Happened this week to me too.

    Certainly the practice is nothing new:
    Who Is Monitoring Your Domain Searches?

    I already knew it happens to people at places like Network Solutions and Godaddy, I just never expected it to happen with Namecheap. At least now I know better.

    I know network solutions has a permanent bad reputation for all the domain theft and scams they tried to get away with over the years, eg: Network Solutions steals domain ideas; Confirmed! , wasn't expecting it from Namecheap.

    ---

    I found this PHP script you can use to check a domain directly.

    To use it, set the form action to use the same name as whatever you save the file as eg domain-whois.php.

    Code:
    <form method="POST" action="domain-whois.php">
    or use $_SERVER['PHP_SELF'] for the action, to post to itself.

    Code:
    <form method="POST" action="<?php $_SERVER['PHP_SELF'] ?>">
    Code:
    <?php
    /*
    simple whois/domain availability check using cURL:
    http://www.php.net/manual/en/book.curl.php#95000
    */
    
    function domain_check($domain) {
    
    $data = 'http://'.$domain;
    
    // Create a curl handle to a non-existing location
    $ch = curl_init($data);
    
    // Execute
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_exec($ch);
    
    // Check if any error occured
    if(curl_errno($ch))
    {
        return '<span style="color:#22c922">The domain is available!</span>';
    } else {
        return '<span style="color:#c92222">The domain is not available</span>';
    }
    
    // Close handle
    curl_close($ch);
    }
    
    // Usage:
    if(isset($_POST['domain'])) {
     echo domain_check($_POST['domain'].$_POST['tld']);
    }
    
    ?>
    
    <form method="POST" action="domain-whois.php">
    http:// <input type="text" name="domain">
    <select name="tld">
    <option value=".com">.com</option>
    <option value=".org">.org</option>
    <option value=".net">.net</option>
    </option>
    <input type="submit" value="Check">
    </form>
    Basically my questions are :

    Does anyone know of any domain registrar site to use that won't result in what I search for being stolen before I can register it ?

    And is there a more secure method or service we can use to search for unregistered domains that doesn't end up with someone stealing your ideas ?

    Or maybe just don't search for anything unless you are prepared to register it on the spot ?

    Has this happened to anyone else recently ?

  2. #2
    Andy101's Avatar
    Andy101 is offline Code Otaku
    Join Date
    Aug 2009
    Location
    Kanazawa
    Posts
    1,177
    Thanks
    163
    Thanked 297 Times in 224 Posts
    http://domaintools.com claim to never let this happen last time I checked.

  3. #3
    TopDogger's Avatar
    TopDogger is offline Über Hund
    Join Date
    Jan 2009
    Location
    Hellfire, AZ
    Posts
    2,946
    Thanks
    341
    Thanked 883 Times in 671 Posts
    Network Solutions was the first to start doing this several years ago. They claimed iot was to protect the domains on behalf of their customers. Ri-i-i-i-i-ght!

    I had the same problem with GoDaddy a couple of years ago. When I searched and found a good name, if I didn't register it on the spot, it was either in Godaddy's auctions the next day or it got registered by another major registrar, such as Melbourne IT.

    I agree with Andy and I use Domain Tools' bulk search exclusively when searching for domains. I have never had a problem with it other than one time when I found a premium domain that they said was available, but had actually been registered 2 days earlier.

    BTW, check your link to the article, Mike. It currently leads to a spam page.
    "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote." -- Benjamin Franklin


  4. #4
    UncleP's Avatar
    UncleP is online now The perfect face for radio
    Join Date
    Nov 2009
    Location
    Blighty
    Posts
    214
    Thanks
    20
    Thanked 90 Times in 60 Posts
    Wow, I'm REALLY surprised at namecheap (allegedly) doing underhand stuff, tbh they're one of the one's I trusted. I personally haven't had any such problems with them but I'll be a bit more cautious now. I have heard of GoDaddy being untrustworthy and some others I won't mention but it seems no-one can be trusted now :sigh:

    I have had a bad experience with eurodns though, they 'stole' a domain name. I looked up and then registered a .it (Italian) domain name, a good one too, and after I'd paid with credit card I got a message to say the payment had problems and was refused so it didn't go through. When I then tried to re-register it with a different card it had been taken and I couldn't get it anymore, this was only minutes later. However I was able to register two other .it domains using that first card without issues, wtf? B*stards!

    I chose eurodns because they were the cheapest at the time for those tld's but I had one hell of a job trying to set up those other domains with nameservers for hosting, their control panel is a real nightmare to use and communicating with their support is like trying to nail jelly to a tree, so definately one to avoid imho. (Yes, I can prove the above if any lawyers ask but only on production of a subpoena (covering my 'six')) This was over a year ago now but I won't ever trust them again.

    I did try the script posted btw and it showed domains in redemption as available, which they're not, and I have been using something similar myself for many months, usually just to check nameserver info and expiry dates mostly but it does show up owner details too on some tld's.

    So for the benefit of anyone that want's a copy here it is, use at your own risk

    There are 3 files total, index.css, index.php & whois.php so just copy 'n paste into files and upload to their own folder (directory) on the domain of your choosing. It works on the same principle i.e. uses unix own inbuilt stuff ...

    index.css:
    Code:
    #wrapper {
     margin: 1em auto;
     padding: 1em;
     width: 900px;
     border: 1px solid #000;
    }
    h1 {
     color: #560000;
     text-align: center;
    }
    h2, form, address, p {
     text-align: center;
    }
    address {
     margin-top: 1em;
    }
    pre {
     word-wrap: break-word; /* This prevents words from spilling outside the black box */
     font-family: serif;
    }
    index.php:
    Code:
    <!DOCTYPE html>
    <html>
     <head>
      <title>Whois Page</title>
      <link rel="stylesheet" type="text/css" href="index.css" />
     </head>
     
     <body>
      <div id="wrapper">
       <h1>My Own Whois Page</h1>
       <h2>Perform a whois lookup now!</h2>
       <form method="post" action="whois.php">
        <input type="text" name="domain" onfocus="this.select()" value="domain.com" />
        <input type="submit" name="submit" value="Lookup" />
       </form>
       <address>&copy; 2010 <a title="Home" href="index.php">Home</a></address>  
      </div>
    </body>
    </html>
    &
    whois.php
    Code:
    <?php
    $domain = $_POST["domain"];
    $process = escapeshellcmd("$domain");
    $output = shell_exec("whois $process");
    ?>
    <!DOCTYPE html>
    <html>
     <head>
      <title>Whois Page - Looking up <?php echo htmlspecialchars("$domain"); ?></title>
      <link rel="stylesheet" type="text/css" href="index.css" />
     </head>
     
     <body>
      <div id="wrapper">
       <h1>My Own Whois Look-Up Page</h1>
       <?php if ( $domain !== NULL ) { ?>
       <h2>Looking up <?php echo htmlspecialchars("$domain"); ?></h2>
       <form method="post" action="whois.php">Another?
        <input type="text" name="domain" onfocus="this.select()" value="<?php echo $domain; ?>" />
        <input type="submit" name="submit" value="Lookup" />
       </form>
       <pre><?php echo htmlspecialchars("$output"); ?></pre>
       <?php } else { ?>
       <p>No domain was specified.</p>
       <?php } ?>
       <address>&copy; 2010 <a title="Home" href="index.php">Home</a></address>
      </div>
    </body>
    </html>
    This does work for me but I'm not posting a demo 'cause it'll get hammered by spammers and/or bots.
    If I can't be a good example, I'll just have to be a terrible warning...

    Check website whois and PR on TheSiteCheck.com

  5. Thanked by:

    Mike-XS (12 December, 2010)

  6. #5
    proxynetwork is offline Unknown Net Builder
    Join Date
    Nov 2010
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    why not just use name.com?

  7. #6
    Andy101's Avatar
    Andy101 is offline Code Otaku
    Join Date
    Aug 2009
    Location
    Kanazawa
    Posts
    1,177
    Thanks
    163
    Thanked 297 Times in 224 Posts
    A safe first step may be to simply resolve a domain name in your browser i.e. surf to it? Then it's not obvious that you are intending to register a domain name but maybe entered a typo.

    But domaintools.com is the best approach I think.

    Running a script on your server that accesses the whois databases should be OK too I think. But if you are searching on a domain registrar's page and log out, then it may be fair game for IT staff or whoever has access to the logs to register a domain name that you backed out of registering maybe?

  8. #7
    SonnyCooL's Avatar
    SonnyCooL is offline HeeHa
    Join Date
    Jan 2010
    Location
    Melb/Malaysia
    Posts
    920
    Thanks
    250
    Thanked 92 Times in 78 Posts
    though ICANN solve this issue by adding 10 or 20 cent to each domain register ? previously is ok to cheat , cause no fees, they can drop anytime but now with fees ?

    If this is true, then registrar must have a very clever script to filter all those junk domain inquiry everyday ...

  9. #8
    iowadawg's Avatar
    iowadawg is online now Free Cell Champion
    Join Date
    May 2010
    Location
    Not in Texas
    Posts
    2,015
    Blog Entries
    4
    Thanks
    165
    Thanked 353 Times in 302 Posts
    Some time back, namecheap did say in twitter and on their blog that they did not register any domains for their own use or to keep for resell.

    It could be just bad luck on your part that someone regged the domains.
    Does happen.

  10. #9
    Mike-XS's Avatar
    Mike-XS is offline XeroAgent
    Join Date
    Sep 2009
    Location
    OZ
    Posts
    209
    Thanks
    30
    Thanked 109 Times in 71 Posts
    Thanks for the script UncleP

    Looking back, I think it's probably more enom's fault that someone had access to the search queries, since namecheap are only a reseller for them, the domain queries may go outside of namecheap. I don't really know how their network works.

    Yeah, bad luck and stuff does happen.

    I'm pretty sure that this wasn't a coincidence, but I guess that's what everyone says when they lose an awesome domain. I just left it for too long before registering it.

Similar Threads

  1. what to do to transfer a domain to namecheap?
    By garfish in forum Domaining
    Replies: 3
    Last Post: 25 July, 2011, 09:40 AM
  2. Replies: 0
    Last Post: 6 November, 2010, 02:48 AM
  3. Replies: 6
    Last Post: 24 April, 2010, 19:05 PM
  4. [WTS] Domain Registration - $12
    By HostXpert in forum Domains
    Replies: 1
    Last Post: 9 September, 2009, 02:47 AM
  5. Error with Domain Registration at NameCheap
    By bogart in forum Domaining
    Replies: 6
    Last Post: 24 August, 2009, 21:04 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •