Welcome to WebmasterWorld Guest from 54.197.75.176

Forum Moderators: buckworks & webwork

Message Too Old, No Replies

Moniker invokes system-wide pwd reset

suspicious activity

     
12:40 pm on Jun 20, 2013 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lorax is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Mar 31, 2002
posts:7575
votes: 0


In an email from Moniker this am, the company noted they discovered suspicious activity. They believe everything to be safe but to be sure have invoked a system-wide pwd reset.
1:08 pm on June 20, 2013 (gmt 0)

Administrator from US 

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 21, 1999
posts:38066
votes: 15


[news.softpedia.com...]

“Moniker’s Operations & Security team has discovered and blocked suspicious activity on the Moniker network that appears to have been a coordinated attempt to access a number of Moniker user accounts,” the company said in the notification sent to customers.

“While our password encryption measures are robust, we are taking additional steps to ensure that your personal data and domains remain secure. This means that, to be absolutely sure of the security of your account, we are requiring all users to reset their Moniker account password,” Moniker said.
1:12 pm on June 20, 2013 (gmt 0)

Moderator from US 

WebmasterWorld Administrator martinibuster is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 13, 2002
posts:14308
votes: 264

2:13 pm on June 20, 2013 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member brotherhood_of_lan is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 30, 2002
posts:4845
votes: 4


Hopefully anyone involved here has kept their contact details up to date.
2:29 pm on June 20, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member swa66 is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 7, 2003
posts:4783
votes: 0


Hopefully nobody used the same password there and at any other place ...
2:51 am on June 21, 2013 (gmt 0)

Administrator from JP 

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:Oct 12, 2000
posts:14894
votes: 112


Interesting that they're asking customers to use the e-mail a new password method rather than having people log in and then use the password reset feature that already exists in the control panel.
6:31 pm on June 22, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 25, 2005
posts:1210
votes: 122


Interesting that they're asking customers to use the e-mail a new password method rather than having people log in and then use the password reset feature that already exists in the control panel.

Yes, this is all very poorly handled. I'm locked out of my account until I hear back from support. Moving my domains elsewhere when/if I get back in.
12:04 am on June 23, 2013 (gmt 0)

Administrator from JP 

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:Oct 12, 2000
posts:14894
votes: 112


I had to call up Support for one account. The call was answered immediately and my issue was fixed very quickly.

I'd rather have them notify account holders of a breach, and initiate a password reset campaign like this though. Sure, it's probably stretching their resources at the moment, but I think they did the right thing. Perhaps this will encourage them to smooth out their account management system and to add more security options.
8:57 am on June 23, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 25, 2005
posts:1210
votes: 122


I'll admit this isn't the sole reason why I'd prefer to move things elsewhere, but the fact that support isn't responding to my e-mails does nothing but reinforce that preference. The interface hasn't changed in a while, for one, despite the fact that it's not very usable. I did get back into my account, thankfully, after they somehow (weirdly) changed the security question and I was able to answer that successfully.
9:21 pm on June 24, 2013 (gmt 0)

Moderator

WebmasterWorld Administrator ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 25, 2002
posts:8370
votes: 178


The worst part of this is that I had to log into Moniker and

1. As is frequently the case, I seem to have to do a password reset and can't actually manage it without calling support. Now I manage hundreds and hundreds of logins and there are only about 2-3 where I seem to have persistent problems.

2. Then I log in and my head hurts. How do I *do* anything on that website?

The only thing that keeps me there is inertia and memory decay (in oterh words, when I'm ready to overcome the inertia, I forget why I dislike Moniker so much).
9:24 pm on June 24, 2013 (gmt 0)

Moderator

WebmasterWorld Administrator ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 25, 2002
posts:8370
votes: 178


Hopefully nobody used the same password there and at any other place ...


Second login compromised this month and second one that was a randomized, auto-generated password. It's always reassuring to look at my old password and realize that it is not used elsewhere.
1:05 am on June 25, 2013 (gmt 0)

Full Member

10+ Year Member

joined:Sept 2, 2002
posts:262
votes: 0


A few years ago, I created an account with moniker and tried to register a domain.

The domain was available, but moniker wouldn't register it.

A few days later, I received a message from the "security division" at moniker asking me to confirm some information I had provided, or otherwise the domain wouldn't be registered.

I then asked if, should in the future I want to register a domain in a hurry, I would be subject to such delays.

The person said that he was THE "security division" at moniker; he was in holidays when I tried to register the domain, hence the delay.
In the future, should he be again in holidays, yes, I would have to wait for his return.

I asked for a refund (they kindly agreed) and never came back to moniker.
1:03 pm on June 26, 2013 (gmt 0)

Moderator This Forum

WebmasterWorld Administrator webwork is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:June 2, 2003
posts:7884
votes: 34


Alrighty . . Just went to login x4 and each time I get . . . "!Problem loading page! The connection has timed out."

Maybe their hacker friends aren't yet done having fun?

Or maybe their security expert has decided that making the site inaccessible will be the best solution for now?
10:24 pm on July 14, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:June 6, 2006
posts:1177
votes: 37


So having decided that the email I got from them last month was a phishing attempt (it was sent through some other company's system, NOT moniker.com)I finally discovered today that I couldn't logon. I tried the 'forgot password' link but I was asked security questions I have no recollection whatsoever of. I emailed support but got a standard automatic reply asking me to submit a ticket. I filled in all the details, clicked the submit button and was asked to logon before it could be sent. I couldn't logon because ............

What a shambles.

On another note; if and when I finally do get another password it will be alphanumeric only, special characters are not accepted. No wonder they got hacked.
11:15 am on July 16, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:June 6, 2006
posts:1177
votes: 37


So I finally got through to Moniker via my Snapnames account (!) only to get a boilerplate request to phone them. Much against my will I tried to do so instead of going to bed (Like, I suspect, most of their customers I am in a different timezone) only to give up trying half an hour later. Does anyone know any way of actually contacting a real live person in this company?
3:04 am on July 18, 2013 (gmt 0)

Administrator from JP 

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:Oct 12, 2000
posts:14894
votes: 112


So having decided that the email I got from them last month was a phishing attempt (it was sent through some other company's system, NOT moniker.com)

I just re-checked all the notices I was sent about this. They all came from moniker.com e-mail addresses, but looking at the header they did use some service called listrak which may have thrown things for you.

As mentioned above, I did have to call them. During the earlier days of this issue they must have had additional staff allocated because I was surprised to reach someone outside their regular business hours.