Look what EV1servers replied. They said they cannot change the ownership of a domain without a court order.

I suspect that they didn't even read the whole of my e-mail and just pasted some standart reply hoping that I will leave it like that :(

<no email quotes. See TOS [webmasterworld.com]>

[edited by: tedster at 8:35 pm (utc) on May 20, 2004]

Look what EV1servers replied with!

Looks right to me - you need to speak w/a lawyer.

Problem is - I am in EU not USA :(
Have you any idea on how to solve it?

Romster,

lets not go deep into specifics here mate.

I am sending you the name of 1 of Europes best domain lawyers.

good luck

Shak

First, the transferring out registrar should have a record of the transfer authorization. Demand it. If they don't have a proper authorization then they should be hard at work getting the domain back. Most registrars will work with one another where there's been a bona fide error or evidence of fraud.

Second, are you saying that the transfer out registrar's system doesn't require a confirmation email when someone changes the admin email address? Most do. Ask if they do. They should have a record of the change dates so where's the confirmation email?

Third, Escrow.com requires you to confirm that you have exclusive control of the domain before they will release funds. I've done enough business with them to know that they are very helpful when asked, however, if you confirmed control of the domain there's not a lot for them to do - unless you have evidence to suggest the domain seller was in on the scam. What does the domain seller have to say about all of this? Is the seller cooperating?

Fourth, ICANN requires that the WhoIs record contains currently accurate information. If it's not accurate that should help you make your case.

I'm sorry to hear of your difficulties but something here just doesn't add up. How easy was your UN and password to hack? Did you ask the registrar if their system records attempts to enter UN and passwords - as that would support the hack theory if there were 1000s of attempts. Did you give that UN & PW info to any other person? Does the system require a confirmation from the admin of record to change the admin email or does the system at least send out notice of a change to the admin email of record at the time? Does the registrar have proof of sending confirmations? If not, then why aren't they fighting to get the domain back.

I don't plan to get into a dialogue with you on this. If the domain is valuable then Shak's lawyer acquaintance should be able to get things rolling with just a call from you and a call to the registrars with a follow on letter.

This is going to come down to proofs if there's fight. I don't believe a fraud will want to fight.

Just to clear this up.

Domain was bought 2 months ago and I confirmed that I have full control after I had it in my account and my info in the WHOIS. (EV1servers has proven that it is not enough as 2 days after I had it in my account they moved it back to the previous owner (without informing me) but after I complained they pushed it back and told me that it was a mistake and will not repeat.) So escrow released the funds ~1.5 month ago.

Now all I get from EV1 is we cannot in anyway interfere and so on.

>I think that somebody has managed to hack into my account at EV1servers.net – pushed the domain to his account – changed the whois – and than moved the domain to the RegisterFly.

My best guess is that EV1servers.net dropped the ball, and allowed a transfer they shouldn't have. I've seen this happen before.

>Now all I get from EV1 is we cannot in anyway interfere and so on.

If they resell Tucows, protest to Tucows. (I am assuming Tucows is an ICANN accredited registrar.)

rfgdxm1 >>> dropped the ball, and allowed a transfer they shouldn't have. I've seen this happen before.

I just mailed Tucows.
When has it happened before? DO you have details? Was there any success in getting the domain back after EV1servers screwed it up?

Does anyone has experience on how I should deal with the new registrar in order for them to push the domain back to me or would they act only after a court order? If a miracle happens and EV1 realizes what they have done without my authorizaton - do they have any way of getting the domain back from RegisterFly or is it that they can only report to them that they have acted illegaly?

It was possible to "hack" ev1 at one point earlier this year ..I did so accidentally ..really accidentally I promise ..in the middle of a registration I did something that meant I was not charged on my CC but was registered as owner instantly ..I had quite a correspondance with their sales and then their tech people about it ( basically I "dissolved" a "shell" by sidestepping a routine call while on their secure server ) ..as I realised what had happened and could reproduce it I contacted them ..took the 5 days to beleive me and to lock it down ( now it is secure ) ...However in my book ..I find a hole as easily as that ..there are probably more ...At the time their apache versions were about 8 months behind what I would have considered secure ...
I don't do "probes" on machines that aren't mine ...but their reputation in the h@ckwurldz is that they are still relatively easy ...we don't keep any servers there now as we were losing too much time with "kiddie attacks" ....Maybe they got their act together since I don't know ...pricewise they are a good deal IMHO but security isn't their strongest point ...

>When has it happened before? DO you have details? Was there any success in getting the domain back after EV1servers screwed it up?

It happened to me, but it didn't involve EV1servers. I managed quite by accident to discover a software bug at a very well known registrar that made it possible for anyone, including me, to steal away any domain name at that registrar. (Because I am not sure they really fixed this bug, I am not going to post the name of the registar, as someone malicious may be reading here. As I am a hacker, and not a cracker, "hacker's ethic" means that I can't reveal to others security holes of registrars that I know of.) What happened was I was transferring a domain between 2 resellers of this registrar. The bug was that the software just auto-approved the transfer, WITHOUT asking the Admin contact for approval. Thus, I could have stolen *anybody's* domain name at that registrar by just transferring it into an account I opened with a reseller. At that point I could change the Admin contact to me, and do whatever I wanted with that domain. And, unless the rightful domain owner did a whois on his domains regularly, he'd never even realize this. If the rightful domain name owner didn't do a whois in 60 days, I could then even transfer the domain name to a totally different registrar. Since I would be listed as the Admin contact, they'd ask me to approve the transfer, and could reply yes. The potential for mischief here obviously is huge.

When my registrar gave me my password, which was the same one they gave me to long in with, I went and change it at the whois level so that the registrar no longer knows what it is. This way if they get hacked, I'm the only one that knows the password.

Now I have sent a couple of emails to EV1Servers asking if they have domain transfer authorization but they are ignoring me. Is there some way to MAKE them show me that they had authorization from Admin contact when they let the domain be transferred?

(I have not given them Authorization but somebody must have done it OR domain managers at ev1servers have acted against all regulations and laws)

Have written to a lawyer and still waiting for his reply but it sure looks like this is going to cost me a lot :(

Romster

Send them a certified letter stating your request and if you do not get a reply in 10 business days that you are turning it over to your attorney, (give the name and address of the attorney you contacted), and inform them that they could be libel for attorneys fees if that is the way you have to get the information. A lot of businesses don’t take any thing serious until they get a certified letter.