If you are responsible for any website domain, PLEASE make sure you secure you registrar account, setup MFA and have a long complex password. If you lose access to your registrar account or your hosting account and/or FORGET to renew your domain then the bad guys definitely will help you out by taking it over. I just spent about 4 hours helping a friend track down ownership of their domain. It is hosted on WordPress and luckily I still have admin access to that. They have email from that domain and it is hosted with Google Admin. We were also able to reach out to the company who hosts the domain, albeit pro bono for the last several years, something they would love to offload. I contacted GoDaddy and since I can’t provide proof of a GoDaddy account then I am in a Catch 22 right now. I did submit an email to [email protected] and submit a request on their site changeupdate.com. The key to this whole thing is the whois record. It shows Wild West Domains as the registrar which I know is a reseller (subsidiary) of GoDaddy. Unfortunately the domain was renewed on 11/1/23 which either means it was automatically renewed and we need to find the good owner, OR it was forgotten about and a bad guy purchased and renewed it on their account and is looking for a big pay out. We know also the WordPress has several updates needed and the content on the site has been completely changed to some Japanese blog. I am now waiting on the abuse department to reply back to my request.
If this domain was not set to auto renew then it goes to the open market after so many days and is fair game for anyone to renew. This actually happened to Google a few years back. So if a large company can lose access to their domain then so can you. – https://jasr.me/lost-google-domain
Stay tuned for more on this story…
I was able to get access to the domain dns and it was an account that has been set up years ago and forgotten about. I update the account info and password and documented everything. The host was able to restore the site for a couple of minutes by overwriting the WordPress core files, but the bad script soon took over again and the site is still in a hacked state.
My options now are to wait for the host to make a backup export and send to me via a FTP account that I setup for them so I can restore the site files and sql database on my host or to completely start a new WordPress site and start from scratch. I’m hoping for the first option.
I just loaded the site and see it’s restored on the front end but the backend admin portal is still hosed.
And just refreshed and it’s back to bad…again.
Stay tuned for more updates on this website recover journey.