New owner for https://ftp.(my domain name)
To owner of (my domain name),
Google has identified that (an email address) has been added as an owner of https://ftp.(my domain name)
Property owners can change critical settings that affect how Google Search interacts with your site. Ensure that only appropriate people have owner status, and that this role is revoked when it is no longer needed.
The domain name is the same as mine but with ftp. in front of it. Iāve checked in Google Search Console and this person has not been added as an owner on my domain name. When I go to the [https://ftp.(my](https://ftp.(my) domain name) it takes me to a shop with one item on it (possibly a shopify store).
I know this not strictly a Shopify topic but Iām hoping someone might be able to help. Is this something I need to worry about. Is there anything I should do? Does ftp. in front of a domain name mean anything?
I am the owner of the store and there are no staff members. Iāve checked in Shopify admin and no one else has been added. Iāve had no emails from Shopify to say that Iāve had a log in from an unknown device.
I do not have a Partner Dashboard account.
The only thing Iāve had is the email from Google Search Console saying that an email address (which is unknown to me) has added themselves as an owner of the domain name ftp.(my domain name).
I donāt appear to have been hacked but a shopify store does exist at ftp.(my domain name), which I have reported to shopify.
Yes, I did get an email from google with the No.2 I do not recognize. I went to search console and there is no record of any other user/owner being added.
The problem is that it is not my domain name, it is my domain name with ftp. in front of it. Google seems to think that it is a problem. Iām still not completely sure what the ftp. means!! Do I own the ftp. prefix domain name?
I have just found the rogue owner of the ftp. address in google console. I have removed them but it says that they can just add themselves back again unless I remove a html tag from my homepage. Do you have any idea of how I would find this? How did they gain access in the first place?
Any luck with this? I just woke up to the same problem. No owners except me in the list yet I got 2 of these emails.
''New owner for https / mail dot mydomainname dot com / password
To owner of mydomainname,
Google has identified that xxx has been added as an owner of https / mail dot mydomainname dot com / password
Property owners can change critical settings that affect how Google Search interacts with your site. Ensure that only appropriate people have owner status, and that this role is revoked when it is no longer needed.āā
When you go into Google Search Console, is that subdomain listed or is it only your root domain that you can see? If itās not listed then click on āADD PROPERTYā and add the exact subdomain. Once you have done this you will be able to choose that subdomain, click on SETTINGS and then click USERS & PERMISSIONS, you will then see the offending āownerā and be able to remove them (as the owner of the root domain you have control).
This will leave a āLEFTOVER OWNERSHIP TOKENā which you can only delete if you have access to the code on their store, which of course, you do not. So they could potentially add themselves back as an owner.
If you are not using the subdomain then go into the DNS settings where your domain is registered (mine is Godaddy), find the CNAME file associated with the subdomain and delete it. This will take their store down. If youāre not sure what effect this will have on your own sites then make a note of the details so that can add it back in again if you need to. Iām guessing youāre not using it and thatās why itās been hijacked.
Iāve spoken to a few different people on other forums who have experienced the same thing. Is yours going to an Indonesian gambling site too?
Iām wondering if Shopify is allowing people free trials using any subdomain without checking authorisation. Make sure you contact Shopify about this so that they are fully aware of the problems they are causing.
This just happened to me too! And yes itās going into a gambling site called Serba88.
How did they add themselves into my domain without my consent? Apparently they did it via HTML Tag, and now i canāt remove their ownership!
This is really frustrating and Shopify said itās not their problem but GoDaddy..
Iāve been talking to people on the Shopify forum and on the Google Search Central Community and there are lots of us having the same problem. It seems to be with people using Godaddy and Shopify and itās when you have an unused DNS file in Godaddy (such as ftp.), malicious users can then create a subdomain of your domain name with this file.
I donāt think itās a Godaddy problem, I do not think my Godaddy account was compromised in any way. The problem seems to be that Shopify are allowing malicious users to set up stores using subdomains without any authorisation from the root domain holder.
Have you deleted the DNS file from Godaddy? This will remove the page that the subdomain is pointing to.
I got this today too. I initially did not see new users or owners, but then tried adding that EXACT ftp url in the Google Search Console (e.g. https:// ftp. my-web-site. com).
It then revealed the owners and files that had permission. I revoked the access. I have no idea how this happened.
The first email was a gmail account and the next said iam.gserviceaccount
This same issue happened to us over the weekend. There were no CNAME or A records so we ended up logging into our domain registrar and forwarding ftp.oursite.com to our main site. Any official update form the Shopify team?
Sorry to hear this happened to you too. Out of interest, where did they point your hijacked subdomains to, was it an Indonesian gambling site too? I have a theory that they are hijacking subdomains so that their IP address is showing as not in Indonesia, as gambling is illegal there.
I havenāt had any more updates from Shopify. I had a ticket open and was in conversation with one of their team about it; their last reply to me said that they were forwarding the matter to the relevant teams and that they were unable to interfere with Shopify accounts. When I tried to reply I found that they had closed the ticket! Have you contacted Shopify? Itās good if more people contact them about it so they know how prolific this is.
Hi, Iām following your trail from GSC Community.
It happened to me as well, based on your info and my own rough research it seems theyāre exploiting unused sub domain & shopify store? I still donāt know how they gained access and shopify support isnāt helpful at all.
Had this happen with a merchant recently as well. Not surprising, but was GoDaddy - which seems to be a common link here.
Would recommend you update all passwords for access to GoDaddy and make sure youāve got multi-factor authentication setup as well. Donāt use SMS/text as option whenever possible and use an authentication app instead (1Password is great for paid tool, Bitwarden good free open source alternative for password managers).
For other folks facing this problem, youāll have records within GoDaddy that you need to remove the DNS record that allows for a subdomain on āftpā or any other subdomain you donāt necessarily own. Before that, in order to gain access to your search console and remove other members you can add a TXT record to verify your ownership and then remove the bad actors. They wonāt be able to do HTML verification after you verify with DNS, remove, and then delete the subdomain record.
Iām working with a merchant who had this happen where Shopify does not have access/ability to create records and weāve done all authentication manually (recommended because it works better anyways). This seems to be an issue with GoDaddy, not Shopify.
On the positive, Google views subdomains as separate entities so itās not likely that your primary URL property has been damaged but this is something you want to manage as quickly as possible.
If you donāt have your primary property set up as a Domain property, would recommend that as well because youāll receive emails then whenever a new URL-prefix property is created.
I am having the same problem with my site, but after deleting the DNS entry relating to FTP two days ago (and removing the unauthorized user from Google Search Console), the Indonesian gambling page is still up. I looked at their pageās source code and the Indonesians are using a Shopify storefront xxx.myshopify.com that somehow points to a subdomain of my site. For example, my shopās URL is https://www.MYSHOP.com and the Indonesian set up their gambling page at https://MYSHOP.com
I reported the Indonesian Shopify store to Shopify yesterday, and I was told they will escalate the issue to the relevant department.
Can anyone help with how to get the gambling page taken down? I have contacted Godaddy and Shopify. Godaddy just tells me to report my own site to their team investigating scams, etc. ā which is totally not helpful, as I donāt want my own legitimate site taken down! Shopify had me update my DNS entries, change my passwords and said they will look into the Indonesian Shopify store (who knows when?).
Hi Alice14, sorry to hear that this is happening to you too. Scary isnāt it?
As the Indonesian gambling site didnāt use your ftp subdomain (ftp.yourshop.com) then removing your ftp file from your DNS records will not do anything. Itās still a good thing that youāve deleted it as you do not need it for a shopify store and it stops it being hijacked by anyone.
Is your own shopify store still up and running? Did you only have https://www.yourshop.com pointing at your store and not https://yourshop.com? Both of those belong to you and you should really have both pointing to your store. I donāt really know enough about this to advise you properly but if you go to your Shopify dashboard and then go to SETTINGS and then DOMAINS you should see what domains you have pointing to your store (I have MYSTORE.co.uk as a primary and www.MYSTORE.co.uk as a redirect to my shopify store).
The next bit Iām not too sure about, hopefully someone else might jump in and advise, if you make sure both of those are directed to your store then they will no longer point to the gambling site and it will disappear. Hopefully that makes sense.
My partner started a thread about this in the Google Search Console forum which you can find in the link below, thereās a person there that is being really helpful and if you post on that thread then they might be able to help further:
