Why The InstantShift Website Has Been Down for The Last Three Days

Many of you have been wondering what happened to our site, why it was down and why we are not responding to emails related to InstantShift.com. In short, our website was hacked.

Because of this vicious attack, InstantShift.com has been down the last three days We have been continuously updating our status on our Twitter account (@instantshift), and everyone who follows us there is aware of the reason behind this downtime.

Why The InstantShift Website Has Been Down for The Last Three Days

This attack happened to many other well-known sites in our niche, including css-tricks.com, kirupa.com and designshack.net.

To help you understand the situation, we have listed all the details related to this matter below in chronological order.

On December 2, David Appleyard informed us that our domain name as well as his domain designshack.net had been hijacked (stolen) by someone, and that the ownership of our domain (InstantShift.com) had been transferred to PlanetDomain. We immediately thought of David Walsh, webmaster of davidwalsh.name, who has been going through the same trouble since November 29.

Our site was live until December 5 at 8:00 AM, and then the hacker removed our nameservers associated with this domain. Since then, the website has been down, and we are not able to send or receive mail related to InstantShift.com.

The Timeline of Events:

Friday, December 2, 2011

  • We’ve received an email from David Appleyard saying our domain name had been stolen. At first, we didn’t believe it, so we checked our WHOIS details which proved that we actually had been hacked and that our domain had been moved to PlanetDomain from GoDaddy. After receiving a few more emails from other people, we realized that this had been happening to other related sites like designshack.net, kirupa.com, css-tricks.com, sohtanka.com and shiachat.com.

  • We called GoDaddy (our original registrar) for support, and they told us to email transferdisputes@godaddy.com with all the details, which we did immediately. We received a follow-up email requesting us to fill in a transfer dispute form and provide proof of our ID, which we also did immediately.

  • We called PlanetDomain, but they were not very helpful and told us to email the details to domains@planetdomain.com. After sending a detailed email, we received an auto-generated reply saying they received our email.

  • We started tweeting about this on our Twitter account (@instantshift) and receiving updates from fellow infected site owners.

Saturday, December 3, 2011

  • No update from GoDaddy or PlanetDomain.

Sunday, December 4, 2011

  • No update from GoDaddy or PlanetDomain.

Monday, December 5, 2011 (the day our site went down)

  • At 8:15 AM, we tried sending a business email to one of our sponsors from our email contact@instantshift.com; the delivery of the message failed. After checking our WHOIS details, we realized that our nameservers had been removed by the hacker.

  • We immediately called PlanetDomain support about this issue, and again they told us to email them at domains@planetdomain.com. The site has been down since then, and we have no control over this situation.

  • We received an email from GoDaddy saying:

    We are in contact with PlanetDomain.com and are requesting that the domain name be transferred back. If their records also show the same registrant at the time of transfer, we will work with them to see if they can transfer the domain name back. However, they are not required to transfer the domain name back.

  • They also told us to submit more ID proof for our domain and its ownership.

  • We called PlanetDomain again to get an update of the situation, and they told us that they had frozen our account and that no one could access the account (not even the hacker). Unfortunately, in this frozen state, the PlanetDomain staff themselves are not able to update the things related to our domain, so they are helpless in restoring our nameservers. Once again, this was not helpful.

Tuesday, December 6, 2011

  • For the first time in the last four days, we have been contacted by the PlanetDomain staff by email at our official email address (contact@instantshift.com), but unfortunately ,our site was down so we were not able to receive any email sent to our site address; therefore, we requested them to send further updates to a different gmail address. This is what they replied:

    As per the decision between PlanetDomain and GoDaddy, we have decided to reverse the transfer back. This means the domain will be transfered back to GoDaddy. At this stage, we are waiting for confirmation from GoDaddy in regards to this.”

    We will update you via email as soon as we hear from them.

  • We tweeted both @GoDaddy and @netregistry (owner of PlanetDomain) about the situation.

  • From PlanetDomain (@netregistry) via Twitter, we received this reply:

    As per our previous email, we are waiting on confirmation from GoDaddy regarding reversing the transfer.

Wednesday, December 7, 2011

  • We got a confirmation email from GoDaddy saying:

    Thank you for your message. We have initiated the domain name to be transferred back to us.

    We are now waiting for PlanetDomain to acknowledge the transfer and to return the domain name to us.

  • Our WHOIS details have been restored to GoDaddy, but the nameservers are still not restored.

  • Another message from PlanetDomain (@netregistry) via Twitter reads:

    We have acknowledged and advised GoDaddy. You should be able to update your nameservers via GoDaddy. Let us know of any issues.

  • We called GoDaddy support and told them to restore our nameservers, but they are not able to help as the domain was still processing with GoDaddy.

  • At last, we received this email from GoDaddy:

    Thank you for your patience regarding this matter. The domain name INSTANTSHIFT.COM has been returned to your account.

    We kindly request that you update your contact information as soon as possible.

  • Finally! We’ve restored the nameservers so the site will be live.

Now What?

Now we have full control over our site domain once again. There is no loss in site data as well as no problem with any site files as the hackers were only after our domain name. Everything is working fine as far as we know. If anyone finds any inconsistency, please email us at contact@instantshift.com or contact us via our contact form.

We learned that css-tricks.com, designshack.net and scriptandstyles.com have been restored back to their original owners, too. Now we are supporting others who were not yet able to get their domains back. We all are going to need all the support we can gather to get back what is rightfully ours.

For more information, you can follow us on Twitter (@instantshift) to learn more about the situation.

Status of the Sites which are Infected

  • scriptandstyle.comResolved
  • instantshift.comResolved
  • css-tricks.comResolved
  • designshack.netResolved
  • davidwalsh.nameResolved
  • sohtanaka.comUnresolved
  • kirupa.comResolved
  • shiachat.comResolved

Further Readings on This Attack

Like it? Share it.

17 Comments

  1. So pathetic that this can happen. It makes me question my loyalty to GoDaddy.

  2. Who the hell is doing this and why??? Do they hack all wordpress sites?

  3. How did you domain get hijacked in the first place?

  4. Do you think it’s an insider at GoDaddy that did this? I’ve been following this and find it interesting that it happened to all web design related sites that were on GoDaddy and got moved to PlanetDomain.

    Is GoDaddy looking into what happened?

  5. Good to see you back Daniel. I’ve been following what’s been happening to all the sites affected and glad to see the issue is getting resolved one site at a time.

    Hopefully measures are put in place to prevent something like this from happening again and whoever did this is caught.

  6. In reference to the numerous thefts of instantshift.com and others, one common denominator is GoDaddy. The ability to access the registry information of a number of domains is an indication that GoDaddy’s security is insufficient to protect the “assets” of their clients. I would only hope that they would beef-up their security to protect their clients … and their reputation.

  7. welcome back and wait for your cool posts!

  8. so glad you´re back, you had us all so worried but finally we have you here.

  9. I really enjoy visiting your blog! your interesting system to see things is what keeps me interested. Thanks so much!!!!

  10. a waiting new posts.,

  11. that is not right ..your blog is a interesting blog ever i see ..

  12. Oh wow, I did not know that this could even happen. I was wondering why did i get mailer demon from your official emails. Anyways it is all an experience. Happy that the contents are untouched.

  13. Glad you’re back but I’m more curious as to how you got hacked in the first place! I’m sure you guys are more security-savvy than the average webmasters, is this an issue with GoDaddy do you think?

  14. Hi Daniel! I am also one of the regular visitors to visit your site and I had wondered for the last 3 days about this issues. Thanks for sharing the information about the reasons for site down.

  15. It was a bit odd to see this site down for a while.

    As a regular visitor, I assumed that it had to be some sort of cyber attack and this post clarifies it all.

    Internet security remains the biggest concern even today.

    Lets hop you find the culprits.

  16. Indeed, the criminals needs to be brought under justice. So chilling..! Glad that you have your domain now.

  17. Wow, I bet your team broke out into a sweat… scary stuff, but so pleased you have sorted it out and have what belongs to you back.

Leave a Comment Yourself

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>