最新消息:

Namecheap帐号无故被锁: Account is on Hold due to Security Reasons

随笔 观测者 1878浏览

前天查看邮箱的时候,发现邮箱里有两封Namecheap发来的邮件,一封是“Welcome to Namecheap.com helpdesk”,这是开通Namecheap提供的helpdesk服务的欢迎邮件,另一封是“Namecheap.com Notice: Account is on Hold due toSecurity Reasons”,说我的帐号存在安全风险,系统已将之锁定,要想解锁请联系Namecheap客服。

看来是Namecheap将我的帐号锁定之后,帮我自动开通了helpdesk服务,并在开通邮件中提供了帐号密码,让我登录指定网址来联系Namecheap客服人员。于是按照邮件中提供的帐号密码登录https://support.namecheap.com/,发现Namecheap已经在系统中帮我自动生成了一个Ticket,内容与邮件中是一致的,如下:

Hello,

We are contacting you regarding your Namecheap account. We received an alert that it may have been compromised. In order to prevent unauthorized access to your Namecheap account we have taken the pre-caution to place a hold on it.

Please scan your computer for malware, viruses, keyloggers and backdoor programs to make sure that your sensitive information is safe on your side. We would also suggest you change all your username and passwords elsewhere as well just as a pre-caution. Once you complete this, please get back to us as soon as possible, so that we may verify your account ownership and provide you with access to your Namecheap account.

We are being pro-active for the security of your account. Please accept our sincerest apologies for any inconvenience this may cause you.

Looking forward to your reply.

---------
Regards,
Alexander Ge.
Hosting Customer Support
Namecheap Group

http://www.namecheapgroup.com

其实我相信我的帐号并不存在安全风险,首先,我的密码是由大写+小写+数字组合而成,并非简单的短位密码,陌生人想破解它非常困难。此外,我还设置了二步验证,输入帐号密码之后,我的手机会收到一条包含验证码的短信,要在网页上输入验证码才能继续登录。而我的手机一直在我身边,也没收到过任何验证码,所以排除了帐号被盗的可能。于是我回复了该Ticket:

Hello,

I am the owner of this account, I am very sure my account is in safe, please unlock my account, thank you!

本以为会很快得到回复,不过我高估了Namecheap公司客服的敬业程度,这条Ticket发出后,等了几个小时都没收到回复。为了在他们回复的时候能够及时知晓,我在Gmail邮箱中设置了过滤器,凡是Namecheap公司发来的邮件一律转发到我的139邮箱,然后我的手机就会收到通知。过了大概12个小时左右,此时已是北京时间凌晨4点多,我被一条短信吵醒,我的Ticket终于有人回复了:

Hello,

Thank you for getting back to us. In order for us to provide you with the access to the account, please supply the following details:

- The first four and the last four digits of the credit card you used with us.

Please accept our sincere apologies for all inconveniences it causes you. This is done due to security reasons in order to prevent your Namecheap account from malicious users. Looking forward to your reply.

---------------
Regards,
Nikita P.
CFC, Risk Management
Namecheap, Inc.

看来他们对我的身份还是不放心,让我提供我信用卡的前4位数字和后4位数字,这个信用卡是和我账户绑定在一起的,通过这个可以验证我的身份。大半夜被短信吵醒也没有睡意了,于是我起床开电脑回复了Ticket:

Hello,
This is the details:
The first four digits: ****, the last four digits:****.

这条Ticket我回复得很快,在他们要求我提供证明之后的不到10分钟我就提供了,而且这时候是他们的上班时间,他们应该会立马回复我吧?不过我再一次高估了他们,Ticket发出之后很长时间都杳无音讯,于是关电脑上床继续睡觉。到了今天下午,我仍没收到回复,于是联系了Namecheap官网上的24小时在线客服,客服让我提供了工单号,然后告知我他们公司的Risk Management部门这时候不在岗,让我继续等待。直到今天晚上8点多,我才收到短信,我的帐号终于被解锁了:

Hello,

Thank you for the details provided, your Namecheap account has been unlocked. Please proceed with the password change and let us know if you require any further assistance.

---------------
Regards,
Nikita P.
CFC, Risk Management
Namecheap, Inc.

整个过程算是有惊无险,我要吐槽的是为什么Namecheap要无故锁定我的帐号?即使本意是好的,但是这处理效率未免太慢了吧?解锁一个帐号花了3天时间,如果我的帐号中有域名急着要续费,岂不是白白耽误了?另外,既然需要我提供信用卡数字来验证身份,为何不直接在第一封邮件中就说清楚?先是一来一回两封Ticket,然后才让我提供,这样就耽误了一天时间。

本来对Namecheap还挺有好感的,这次事件让我改变看法了。现在Namecheap续费也比NameSilo贵,而且仅提供一年免费的隐私保护,而NameSilo的隐私保护是永久免费的,如果以后再发生这种事件,我该考虑转移我的域名了。

转载请注明:观测者 » Namecheap帐号无故被锁: Account is on Hold due to Security Reasons