- Relevant (for some reason though it shouldn’t be; GoDaddy’s track record is that bad.)
Jan 2017: [Godaddy has issued at least 8850 SSL certificates without validating anything](https://news.ycombinator.com/item?id=47911780)
Jan 2019: [GoDaddy injecting JavaScript into websites and how to stop it](https://news.ycombinator.com/item?id=18894792)
Aug 2022: [Tell HN: Godaddy canceled my domain, gave me 2h to respond, then charged €150](https://news.ycombinator.com/item?id=32470017)
Dec 2022: [GoDaddy buying domains when they expire to extort their own users](https://news.ycombinator.com/item?id=34153448)
Jul 2023: [Godaddy just stole my domain](https://news.ycombinator.com/item?id=36854166)
Jan 2024: [Tell HN: GoDaddy Stole My Domain](https://news.ycombinator.com/item?id=39209087)
- Likely an inside job. I had a similar experience with AWS where my account was compromised despite the fact that I had all the proper security features enabled. It was later discovered internal contractors were responsible. But up to that point AWS blamed the issue on me with no proof. A call to the AG office in my state got the ball rolling and initiated an investigation that finally got a manager to take the case seriously.
by FlamingMoe
6 subcomments
- He mentions these 3:
"- Every email address that exists out in the world is now wrong.
- Every piece of marketing material is now incorrect.
- All of the SEO is gone."
but it seems to miss even the biggest one, which is that you are effectively locked out of any online business accounts, your bank, your crm, anything that says "we noticed an unusual login, please enter the code we just sent to your email to verify the login."
- Register your domain as a trademark. It costs a few hundred dollars, and can be done online. This gives you stronger rights with ICANN, against anybody who illicitly acquired the domain, against typosquatters, the registrar, and the courts. You can send intimidating lawyer letters, and quickly escalate from the registrar's support department to lawyer-to-lawyer phone calls.
ANIMATS®
by PunchyHamster
10 subcomments
- I have no reason why would anyone use godaddy 10 years ago let alone today
by trollbridge
5 subcomments
- At the risk of sounding snarky;
Last Saturday afternoon one of his client’s domains vanished from his GoDaddy account.
Lee is one of the most competent IT guys I know.
'Competent' and 'client's domains [hosted on] GoDaddy' don't go together.
by ronbenton
3 subcomments
- Accidentally migrating the wrong domain name is incompetence. Doing so without any of the required documentation is negligent. This is bad on multiple levels
- And that is why I’d rather work with a smallish and responsible registrar like porkbun - this is after I lost a domain from a “cheap name” registrar.
Personal experience, no relationship to either registrar listed above
- Godaddy is pretty awful in a lot of things. This doesn't even surprise me. But I will say that their broker services have done me well. But I do transfer domains away as soon as possible to dynadot
- That's one of the reasons I can walk in the main office of my registrar within an hour. It's clearly not available to everyone but it's especially important that if you can't do that you can at least conveniently sue your registrar... So at the very least in your jurisdiction.
So much is tied to DNS and particularly email...
- I’ve successfully saved many people suffering with godaddy.
As soon as the word is mentioned I tell them the horror stories.
Saving this to the bucket of stories.
- Most of the issues we've seen in the past are due to payment failures, credit card declined, etc., that let the domain goto auction and lose access.
This is all new and from the content of the post looks like due to an employee error in transferring the wrong domain and they don't have a process to address the situation.
Corporates have a huge blind spot and everything with them is just a process and this case the process completely failed.
Unfortunately everytime it's the customer who suffers.
- They’ve been like that since the turn of the century. This is like eating every meal at McDonald’s and wondering why your health is suffering.
- I’ve made a lot of really good decisions in my life, I think, such as: deciding to have kids, deciding to move to another place I wanted to live, career choices, but by far one of the best of them all was getting all of my domains off of GoDaddy.
- GoDaddy stole several domains from me. And they've acknowledged it. It was through an Afternic exploit. They still haven't fixed it, even though I've disclosed it. They returned the two domains that were stolen from me, but refused to provide me with a list of other stolen domains, so now I'm trying to find this from renewals, as I have thousands of domain names with them. I do not trust them, so I created a small utility that checks my domain statuses via the API and notifies me if a domain is missing from my portfolio.
- Probably ten years ago with name.com I had a .at domain expire.
I caught it like a day or two later, and successfully renewed it through their site but it did not take.
There was somehow already someone up squatting my domain. I contacted support and they told me there's apparently no renewal window for .at but they could recover it for $140 - oof .. sure. It was nothing super important but would be annoying to lose.
Then it took like a week for them to get back to me, but after that week I got my domain back. I have no idea what gymnastics happened on their side.
by miki123211
0 subcomment
- If your system relies on DNS, there's no decentralization; you just change whose hands your fate rests in.
Email, Mastodon, Matrix and XMPP are not decentralized. You just exchange reliance on Google / Microsoft / Proton / Fastmail for reliance on Godaddy / Namecheap / Porkbun (in addition to Let's Encrypt, ICAN and the registration authority).
- Twilio once put our entire top level account as a sub-account under a national telecommunications company without any notification. Can’t remember how we found out, and nothing broke, but it was a security nightmare that this was possible.
by Pine_Mushroom
0 subcomment
- I had a very similar situation happen to me with a ~12 year old domain; michiganmushrooms.net. The particulars are slightly different than this case, but the totally unhelpful support team is exactly what I experienced too. Unfortunately I was never able to recover the domain and more or less had to shudder the business that was associated with it.
- Fair play to Susan for doing the right thing, what a mess though
- GoDaddy is the worst registrar, consider it a liability in any of your setups and switch immediately. I've had similar experiences, save yourself the trouble.
- Not surprised. The bureaucracy, human errors, the defficient attention span to anything, not just tranafers of multidecade domains. But attention to anything. Sometimes I am also puzzled how at company x, and company y, when reaching out customer support it feels aa if they are about to make a mistake and I try to slow them down not to.
by ValentineC
0 subcomment
- I had a similar problem with Crazy Domains: they accepted forged documentation, turned off two-factor authentication despite multiple emails from me saying never to do so, and me literally being on a call with them as it happened. The domain compromise happened as part of a plan to hijack my OG Twitter username [1].
It took getting my country's NIC and regulator involved before they restored control of my domain back to me.
I've never gotten a formal apology from them, and the incident took so much out of me that I've never gotten around to pursuing them any further.
But fuck Crazy Domains, Dreamscape Networks, and Newfold Digital (fka Endurance International Group).
[1] see also: https://news.ycombinator.com/item?id=47859496
by 0xbadcafebee
1 subcomments
- This is actually an old issue of many domain registrars, as well as nameserver-hosting companies. They are extremely vulnerable to phishing and other attacks, because their customer support can unilaterally do whatever you convince them to do. And it turns out that often they don't take any convincing! I have gotten domains transferred and nameservers changed many times over the years with zero documentation. Which means cyber criminals can do it to you too.
Too bad there's nothing we can do about it. It's up to the corporation to decide how they want to deal with this; if they screw you over, there's no consequences to them. You could try to sue them, but that would take years to unravel (if you even win), and meanwhile your online business is shut down.
We could introduce regulatory codes, like a software building code, or an internet infrastructure code, to prevent these kinds of things from happening, with a faster recourse if it does, inspections to ensure it is being done well, and fines if it's not. But that sounds like a lot of work; I'm sure companies have our best interests at heart! Let's keep everything exactly as it is.
- Apparently, GoDaddy is so infamous that their infamy has its own Wikipedia page!
https://en.wikipedia.org/wiki/Controversies_surrounding_GoDa...
- npm can give you security warnings about packages. I wonder if there is space for an external dependency warning system for sites. 'WARN: godaddy has elevated security complaints related to service XXX' and the like when you push a PR. Add it as a GH action check and it goes against a public DB of complaints. Sort of a higher level 'do you trust your provider' check.
The core problem tight now is there is very little incentive for companies to fix their support since there is no easy way to advertise how bad it is compared to other companies. There is no natural market for the value of support since consumers don't have an easy/obvious way to compare built into how they do things day to day. An infra scan of services tied to public support metrics could help plug that hole.
by Beijinger
1 subcomments
- Well, I don't understand why he did not complain to ICANN? This would be the second step after customer support failed. Last step is a lawsuit. GoDaddy is opening itself up there to liability big time.
[Assuming that the poster gives true statements, but I have no reason do doubt this]
- GoDaddy proved themselves corrupt forever ago, grabbing domains their customers didn't pay for in time and then auctioning them back to those customers for massive markups. There's a litany of terrible things they've done.
My main domain is still with nic.ddn.mil / rs.internic.net … i.e the travesty of itself today, networksolutions, which once had the ethics to only give one domain name to each physical site so as to make sure future generations could have them. That fled the moment some pharm company attempted to buy about 90 domains at one and the greed set in. But the same process they failed to improved for a decade or two after getting an income stream is still considered more reliable that GoDaddy.
GoDaddy is corrupt, the joke everyone already knew who was in the know.
by D2OQZG8l5BI1S06
1 subcomments
- The flagstream.com domain of Lee's employer is still registered to this day at GoDaddy.
After such a story how do you not learn from it and migrate everything immediately?
- Holy. Time to leave GoDaddy. What's the best alternative?
by altairprime
1 subcomments
- This is a textbook case for suing for compensation and punitive damages. I hope someone opened an arbitration complaint on day one to get the wheels turning. Maybe they’ll consider reviewing https://www.icann.org/compliance/complaint (one can dream).
- Unfathomable incident: arbitrary entity misusing its arbitrarily assigned unilateral power, following perverted incentives.
- The amount of dark patterns in product management (Domain renewal) UI related to selling additional services and general shadiness from godaddy make it a very poor choice as a registrar. Concur with the other person who has no idea why anyone would choose to use it.
- When is people gonna stop using that crap name server??
What else needs to happen? GoDaddy is a scam!
by reactordev
0 subcomment
- GoDaddy is completely consumed by ServiceNow bureaucracy. They are unable to operate at any kind of capacity. I was a fan until recently when I met an engineer from GoDaddy that led me to believe they are all incompetent there. I know it’s not the case but it left such a sour taste in my mouth that I no longer want to do business with them at all.
- I'm only using SOC II compliant vendors from now on.
- Friends don't let friends use GoDaddy, it's an absolute nightmare.
by protocolture
0 subcomment
- I had an issue for a customer once where they had lost the root account credentials for their domain registrar, and it was the only vector they could use to perform some critical action.
It was trivially easy on the phone to pretend to be the guy with approval (he was out of the country and uncontactable) and get the account reset. I could have then transferred the domain.
A few years after that I had a similar issue with the same registrar, and they had added a cooldown, and review to the password reset process. But it was fundamentally the same and I was able to eventually repeat my process.
Godaddy and a lot of other registrars are in the position of catering to extremely non technical people as part of their core business proposition but also, having the responsibility of protecting those people from fraud. Its rough designing processes that permit transfer at all for these people. I dont envy them, but its something they opted into.
- any serious business should bite the bullet and use markmonitor or something similar where you get a named support guy
- I'm super surprised that not a single comment here is bothered by this straight-out-of-Opus article. I guess the shared fury at GoDaddy is enough to overrule that emotion, or something. Because there are sure such comments on other articles like these.
The AI slop style makes it so annoying to read interesting content. It's sad that I have to resort to it but it made me just run it through an LLM again to remove the slop style, which did make it readable again.
- Any provider for critical domain vault?
by githubholobeat
0 subcomment
- AGENTS.md at GoDaddy gone rogue.
by omnifischer
6 subcomments
- Wait few hours. Some CTO or PR guru will post a message here.
- We are totally revamping our processes. This never happened out of incompetence. Humans make mistakes. We are contacting the client for 1 year free renewal - waiving. Will mail a coupon code. We consider this issue closed.
- Flagstream should still get lawyers involved
- I've heard this story before...in fact I've heard it several times, and funnily enough each time it involved GoDaddy. Stop. Using. Them.
by Traubenfuchs
0 subcomment
- Where does a distinguished hacker news member hold their domains?
- The job of tech support is to get you off the phone and free up the call queue.
- I wanted to buy a domain that was under GoDaddy's control.
We agreed on a price.
I sent the money (not cheap).
Weeks went by and then they emailed me to say that the person they thought owned the domain didn't actually own it.
Mind you, this is a domain that was hosted on their service.
The broker started to ignore me, since his job was done.
It took about 4-5 months and a huge amount of harassment at multiple support levels to get my money back.
Net negative for the internet.
by systemvoltage
0 subcomment
- Any recommendations for a trustworthy registrar?
- This reminds me of when a friend’s website inexplicably disappeared and was replaced with a redirect to an ad for some GoDaddy ai website builder and support couldn’t explain how that happened other than “the nameservers were changed” despite the fact that the account hadn’t had any logins for over a year.
- Wow, that is insanely atrocious. I'll look into moving off any remaining domains away from GoDaddy.
by timnetworks
0 subcomment
- godaddy is a fucking joke, and at ten times the price [of what I use instead]!
and they burrow their stupid certificates into your computer, you can thank microsoft for that one I guess
- > Lee is one of the most competent IT guys I know.
And yet he uses GoDaddy?
by DetroitThrow
0 subcomment
- Another example of a long list of stories where GoDaddy practically destroys decades of business trust for a customer by just ripping their domain away for no reason. What an awful company.
- "Lawyers would have gotten involved"
Oh, please do. Mistakes happen, and the scale of GoDaddy means that even rare mistakes will happen. But they may still be liable for damages, how much is the reputational damage, and the possible lost business? Why wouldn't you go this route?
- [dead]
- [dead]
- [dead]
by talkingtab
0 subcomment
- You are not helpless in these situations. You have a legal right to take action, appearing pro se, so it cost you almost nothing. Our legal system has degenerated into a medieval class system of trial by combat. Corporations can sue you, small corporations and users do not have a symmetric ability. It is like challenging a (dark) knight with armor and a very sharp sword to combat. You will lose. But here is the thing, if people start challenging, it is going to cost them a lot of money to field that knight. Think of this like drone warfare against Russian tanks. Be the drone. If GoDaddy has to field a lawyer for stuff like this, they will have the financial motivation to provide support.
While you could use small claims court, you have to be careful about your ability to appeal and to obtain evidence. In this case you are clearly aggrieved and AI should be able to help you draft a cease-and-desist letter.
Oh, and I have to include a disclaimer that this is not legal advise, that you should pay lots of money to get advice, etc or some dark knight will show up at MY door.
Do not be helpless. You have the right to take legal action. Knowing how to file a case pro se is a useful skill that every citizen should have. (Oops, that is not legal advice either!)
Hacker News