We had a similar, but with a much happier ending, experience at about the
same time!
A customer of ours requested (through another ISP) that there domain name be
updated to allow them to move their website to the new ISP. The ISP (after
several failed attempts) requested that NSI update the database with the new
Tech, Admin, and DNS #'s. This prompted NSI to send us an email as we were
the Administrative and Technical contact. I attempted to respond as I always
do acknowledging the changes, but every reply to NSI's email came back
saying they could not perform the changes because the email was coming from
the wrong email address.
The day before this occurred a WHOIS showed that we were still the Admin and
Tech contacts, but when I did a WHOIS on this day the changes had already
been made EVEN THOUGH I COULD NOT REPLY TO ACKNOWLEDGE THAT THEY SHOULD BE
MADE!
In our case the changes made were requested by ALL parties, but the point is
that NSI made the changes WITHOUT ANY APPROVAL FROM ANYONE!
Nick
-----Original Message-----
From: owner-discuss-list@opensrs.org
[mailto:owner-discuss-list@opensrs.org]On Behalf Of Joe Baptista
Sent: Thursday, June 01, 2000 4:05 PM
To: discuss-list@opensrs.org
Subject: NSI Customer Service...a MUST READ! (fwd)
---------- Forwarded message ----------
Date: Thu, 1 Jun 2000 15:54:38 -0400
From: Ron Bennett <bennett@WYOMISSING.COM>
To: DOMAIN-POLICY@LISTS.INTERNIC.NET
Subject: NSI Customer Service...a MUST READ!
The following text so exemplifies NSI's Customer Service that
I saved it and it would make a perfect addition to Russ Smith's
http://ChangeYourDomain.com/ website
NSI Customer Service nightmare - large excerpt shown below:
http://www.web.ca/hijack.html
The Story ...
As most of our users have noticed, there were problems with e-mail and some
web sites with Web Networks from May 27 until sometime late on May 31. This
problem did not originate with our servers. The problem was as a result of
an attempt to steal the domain name WEB.NET.
Our domain name is registered with the US-based domain registrar - Network
Solutions. Someone contacted Network Solutions (NSI) on Friday via the WWW
and electronically directed them to change the contact name and the IP
numbers or Internet "address" on the Internet to which "WEB .NET" is
directed. Network Solutions complied with this order without proper
authorization (an encrypted password and faxed-back authorization). No one
at Web Networks was consulted either electronically or by phone to
authorize this change.
This problem seems to have been fixed -- at least temporarily -- by a
company of ReserveMe.com. Unfortunately, the domain is still under the
administrative control of the person who stole it.
We are continuing to demand that Network Solutions return control of the
domain to Web Networks immediately. We have provided them with proof of
ownership and proof of payment for our most recent registration invoice.
The following is a brief sequence of events:
Monday morning we received calls from users indicating that they
could not get their e-mail. Checks on our systems indicated the problem was
not with our servers. Our subsequent investigations revealed the following:
Over the weekend, someone contacted Network Solutions via their web
site and changed the contact names and the name servers. We were unable to
contact Network Solutions on Monday due to the Memorial Day Holiday in the
US.
Without a password or written (faxed) confirmation from Web Networks,
Network Solutions (NSI) approved these changes. This should not have
happened.
The redirection resulted in mail services for most Web Networks
members being down. This also resulted in web sites with the domain name
web.net in their URL being unviewable at that address.
At 7:00 am on Tuesday, Web Networks contacted NSI again. Although
very polite, the staff in the call centre at NSI were not empowered to fix
the problem.
After speaking with several different people at NSI, Web Networks was
directed to contact the Investigations Unit of NSI. We left messages and
sent e-mail, but no human being was available and no one from this
department has returned our calls.
Despite several faxes throughout the day to Network Solutions,
messages in voice mail boxes and sitting on hold for over four hours
altogether, no one was able to address the problem.
Meanwhile, a request was made to transfer the domain from NSI to
TUCOWS – another domain registrar. The thief appears to have been trying to
cover up his trail.
After speaking with Tucows, they were unable to address the issue.
They redirected us back to the NSI investigations unit.
Luckily, we were able to contact ReserveMe.com -- the owner of the
DNS server controlling the Web Networks domain. They were able to redirect
our domain back to our servers for period of about 12 hours.
Unfortunately, their machines went down due to the load. The Web
Networks redirect was no longer on their server when it came back up this
morning. This means that some e-mail was delivered and other mail was not
delivered.
On Tuesday evening a representative at NSI confirmed that all of the
changes to the DNS names would be reversed back to the web.net settings.
Upon arriving on Wednesday morning, we discovered that this was not the
case.
Discussions with staff at NSI suggested that our perpetrator had
named himself as Technical contact making it impossible for Web Networks to
make these changes even with more legal documentation of ownership than can
be described. This staff person suggested that this could take some time to
be resolved and that he would speak to the Investigations Unit immediately.
While the discussion with NSI continue, service has been restored
again by ReserveMe.com. This is a good will gesture on their part. They are
under no obligation to help us. We still need resolution from NSI to take
full control of our domain. We are hoping that this will happen today.
This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:35:37 EDT