Defeating Domain Name Theft

March 1, 2018

Common Mistakes You Should Avoid Managing Your Domain Name

Do you have control of your own website domain? Here’s a simple quiz to check.

  • Question 1: Do you know when does your website expires?
  • Question 2: What company is your domain name registrar?
  • Question 3: Whose credit card is on your domain name account and when does that expire?

If you don’t know the answers to these three basic questions, then you don’t have control over your domain name. You have a chance of losing one of the most valuable assets in your business.

Managing to Protect Your Domain with AHEM

When it comes to managing your domain, many hackers do not spend time developing the newest hacking tools. They often don’t need to. Simple mistakes by domain owners are all they need to hack a domain.

While there are many technical flaws that a hacker could use to take over a domain name, taking the time to manage your account would erase 90% of your exposure to hackers.

An easily solution to managing your account is putting in place a method we call the “AHEM” method, or:

Account expiration
Hiding your domain contacts
Email management
Managing your domain registrar account

Account Expiration

Some accounts are not actually hacked. The owners just let the domains expire by accident.
Domain registrars like GoDaddy will give domain owners a 10 day grace period to renew. If the owner doesn’t renew, the domain goes back into the open market. An opportunist can then buy the domain for peanuts and force previous owners to rebuy the domain back for thousands over the original purchase price.

The solution to account expiration is twofold.

First, ensure your domain registration account auto renews each year. It’s usually just a checkbox, so it’s an easy change to make.

Second, pay for yearly renewal and set a reminder to review the billing information at the same time the domain renews. Domain owners often forget to update their credit cards with their domain registrar. Thus, even if the account auto-renews, the bad or expired credit card will cause the process to fail anyway.

By visiting your account yearly, it will keep your domain information accurate.

Hide your account contacts

Every domain includes the contact information for the technical contact, the administrative contact and the support contact. Unless hidden, this information is publicly available by simply looking up the domain on a site like “whois.com”.

For a fee (or for free by using registrars like Google), you can hide this information from public view. This means when you’re account get searched, no one will see the personal email addresses associated with managing the account.

By keeping your managing emails private, hackers will have less information available to hack your domain. They wouldn’t be able to force guess a password on your email, simply because they don’t know your email.

Email Management

Losing the email associated with an account is a final mistake account managers make.

When registering a domain name, many companies relegate this to a low level employee who then registers the domain under their personal email or their own work email. When that employee leaves the company, the company has suddenly lost the ability to login to their domain name account.
Instead, create a new company email that’s only for domain names, such as domains@xyzcompany.com. Anyone who then needs access to alerts from the registrar can then have them forwarded from this domain. Ideally, there should be more than one active user who get the forwarded emails.

The single account allows you one central account to manage your domain, making management easier.

By having a team who receives the forwarded emails, It helps ensure you won’t lose your domain because your personal information changed or because an account manager isn’t responding. Registrars are required to occasionally check your domain information to ensure it’s accurate. If they can’t verify, then they could cancel the domain just like it expired.
Managing your domain account
Registrars often offer customers the ability to buy their domain for 2, 5 or even 10 years. Discounts may make it seem like a good deal but being hands off on your domain account for possibly 10 years doesn’t work for most forgetful humans. Renew and review the domain yearly.

On the renewal date, schedule a task in your calendar to log back into your domain account and check that your information is up to date. Checking your billing and contact information is also vital as bad information there could also cause the account to be cancelled.

Managing Your Domain is Not Foolproof

It’s vital to manage your domain name account to ensure you keep control of your domain name. This is your property, after all, and losing access to your domain name could mean a sizeable financial loss.

NewtekOne, a Arizona company that manages over 100,000 registered domains, recently lost several domains of their own. They never said how they lost access; however, they were on the 10 year plan to renew their domains, and oddly, 10 days after their domains expired, the companies lost control to a hacker in Vietnam.

We have seen a few of our own customers lose access to domains due to employee turnover or missing account information. The problem is being definitely human, and the solution is almost always a little bit of management.

EXTRA – What happend to NewTek Webhosting

February 2018, a Vietnamese hacker hijacked three of the main domains for Newtek Web Hosting, a web host that also registers domains. Newtek manages over 40,000 websites, and one of the stolen domains managed traffic for those websites. Thus, when a customer typed in a customer’s website, they were redirected to the hacker’s website. Newtek quickly created a new set of domains to manage access to their customer’s websites and databases; however, people had to manually configure their websites to use those domains. This left some customers down for a week or more.

We think NewTek didn’t renew their domains and let them expire and this opened opportunity for Vietnamese hackers.  The renewal date is January 28th. After two weeks of grace period, they went to the hackers hand.

In 2017, hackers were able to steel over 700 domains from domain name registrar Gandi. The hackers gained access to Gandi’s backend administration system through a subcontractor’s weak password. In many cases, the companies involved couldn’t get their domains back.

Categorised in: ,