Giraffe Web was brought in a year or so ago via an account admin at solopreneur marketing company to help with updating a website, which is entirely in my wheelhouse to work on various website platforms – html, WordPress, Wix, SquareSpace, Duda, etc. We worked with this same client at the beginning of the pandemic on their virtual fundraisers, and their site was in WordPress. The client hired a new person, who switched their site over to a friend’s system on Duda. Then this person was fired.
The client is left with a Duda site, with a local firm though, as everyone thought. Now, there is not any particular reason or issue with using a web firm that is not local, unless…
I get a text message late in the evening from the account admin that heard the website was down – can I take a look. A quick view and I texted back that the domain expired and it happened five days previously and registered at GoDaddy. They have no website, nor any email, and a big event happening within a week.
NEWS FLASH: When a domain expires on GoDaddy, they immediately remove all custom DNS settings, which are all reverted to the standard GoDaddy parking page. If we are managing the domain (well, it wouldn’t have expired in the first place but I digress), we would have a backup copy of the DNS. Yes, we have some clients that manage their domain and practically every one has let their domain expire at some point because they completely ignored the emails from GoDaddy. GoDaddy will only send an email – and you have to read it and log into your account to verify that it is legit!
Now the investigation began as to who might have access to the domain at GoDaddy. Apparently nobody had any information. I logged onto my GoDaddy pro account and got the link to the claim form to gain access to the account, texted the link to the account admin, so it could be send it to the client.
I don’t hear anything. Not sure the client filled out the form. I check in. Account admin checks in with client – client says GoDaddy said it would be around 72 hours to her back. I assume they filled out the form. Find out three days later they did fill out the form. I get a text lamenting how could GoDaddy hold the domain hostage like this? Well, when the “fired guy” had the website reworked, someone made the registrant and administrator of the domain name an email address at the domain name. Makes sense in theory, but if you have no email because your domain has expired, then you are SOL as nobody could receive the request from GoDaddy to try to gain access with the methods that GoDaddy makes available.
I was then told they were just outraged that they had to upload their personal ID as well as a power bill showing the client’s address, as well as other info. I also can understand this but it has been standard protocol to have to do this since domain names since at least 90s. In the interim, I’d suggested they call the IT company managing the email, because sometimes they have access to the domain, but they did not. They called the “local” company who said they had no idea.
After a week filling out the regain access report, not 72 hours, the client regained access to their domain. I was contacted and said the email was working now and all we had to do was add the certificate to the website. I am thinking, OMG, please don’t tell me that GoDaddy sold them a new cert they do not need, on top of their $200 reinstatement fee, etc. But, not my problem really, except, we had no idea where the website is hosted – hence – no access to any webserver. And, it was likely the site was using free SSL anyway. The traditional SSL certs are really a royal PIA to install and I had not done one in years since the advent of the free SSL era.
Because I was only texting back and forth with the account admin, and not directly to the client or their IT people, I could only text a question, then wait for it to be passed to the client, who passed it to the IT company, etc. I was getting quite frustrated with the chain of people in between who didn’t understand any of this. However, they were complaining that now that they have the domain, and the email, and all I have to do is put in the cert, why is the site not coming up? So, I asked if the IT people had the settings for the website host. I asked if GoDaddy gave them their historical DNS info so they could recreate the DNS. Crickets. I told them they’d have to ask GoDaddy or whomever created the website. At this point, I did more research on Bing (because Google is a mess right now and you can’t find anything) and saw that the local company here, is actually a company in India – same logo. So, the local company is actually not local. And this is where the unless… comes in. Because, most local companies would have been on the case when the client contacted them.
All this being said, we could still log into the website because that login is not tied to the client’s domain name but a Duda admin site. In there is a setting for SSL and it said the site already had SSL and it was active. So, that problem solved. But, there was not one iota of information regarding what the A records were for the hosting. Not to fret too much, because we logged onto our Security Trails account, put the domain name in, and it gave us the entire historical DNS data. But I held onto it until I could find out if the IT people had made any progress, because I didn’t 100% trust the historical DNS info I got off the Security Trails site.
Another day of texting chain ensued, and finally the IT person responds, and I got their contact info too – “What is the record that points to the website that should be in the DNS records?” He had no idea where to find them out. But I already had the historical DNS, so I emailed him the A records and told him what to do. For some reason, he only put in one A record, and there were two different ones so the site didn’t come up. I went back and forth in centralops to see what had propagated, and sent him the screenshot along with the second IP again. Once he put that in, the site came up!
He told me later that he was able to get into the email account from the former employee and found the GoDaddy account number but no one knew the pin number. If you don’t have the pin number, and no phone number for 2FA, then GoDaddy will not give you any information, whatsoever. We are constantly running into issues with logging in and a client let an employee put in their mobile phone (because why not GoDaddy???) and they have since left and we cannot get into the account. It is a constant problem.
Time is of the essence when a domain name expires. You have to act quickly. Some domains stay in a grace period longer than others, but it seems to average around 30 days. During this 30 day time frame, you can likely renew the domain but after this, it can go in the aftermarket and you may be paying big bucks to buy it back.
Regardless of how the above story went, it really did take a team effort to get the domain recovered, email setup, and website restored. This is why my online collaborative business management comes in handy – documenting all the online asset information – and the investigative work needed.