Jan, 2016 : Is it Possible for a Domain to be Hijacked?
📅 - Have you ever wondered if your domain could get hijacked? You may be surprised to hear that it can and it's not a good situation. You may hear from one of your hosting customers one day that their small e-commerce business ran online has stopped seeing customers after steady traffic and consistent sales.
When you hear from a client and start investigating to find that someone accessed your domain control panel illegally, it means that your domain was hijacked. This means that someone was able to impersonate the company's administrative contact, modified the actual domain name system, and transferred it to a different server.
This terrible situation happens and many times, high-level companies are targeted. This is just as serious as dealing with malware and viruses because a customer's financial picture is now affected while your web hosting business is going to get a bad reputation. It will take al ong time disputing for the domain back and many customers will simply move on with another web host. Take a look at what you need to know about domain hijacking.
All about domain hijacking
The web host is responsible for domain security by protecting the name and careful monitoring. Many times, the ball is dropped with both the domain name registrants and the registrars that they worked with allowing for hijacking. A customer is also paying for your promise of security to their web services.
You can prevent a domain hijacking if you understand the process. Without even needing access to your web server, someone can get your domain because it's often through a backdoor method and a customer's email address.
Typically, a hijacker will check whois.domaintools.com to get your name and email address. Searching the record, the attacker will find the registrar or your web hosting service information or find this on the ICANN Registrar. The hacker, now having this information, can hack into the email account.
Once the attacker has control of the email, the attacker can visit the website and tell it you “forgot the password” for logging into the portal. Once a new password is setup, the attacker has control of the domain control panel and minutes later, the domain is redirected to his web server.
What can I do about domain hijacking?
This serious situation should be avoided at all cost. You can take a few preventative steps in hopes that this won't happen to you. For starters, establishing uniform guidelines for Extensible Provisioning Protocol authInfo will mean that the transfer policy requires registrar-generated authInfo codes are unique to each domain. A customer would create a single code for all of their domains. Recommending to your customers to follow the policy of one authInfo code per domain will help to avoid a problem.
Creating a uniform default setting to apply to all domain locks on all customer domains will help as well. Make sure your customers have instructions on how to unlock the domain lock but don't put this in an email; find another way to communicate this. Make sure your customers know the importance of applying extra domain protecting on their hosting service package even if it means a higher cost. Lastly, make sure you can improve your customer authentication and authorization processes for all changes related to the domain.
With domain hijacking being such a serious situation, it's better if you are informed and prepared. Make sure you take extra precautions and communicate with your customers to ensure extra protection. Your job as a web host is to make sure your customer's concerns are addressed.
When you hear from a client and start investigating to find that someone accessed your domain control panel illegally, it means that your domain was hijacked. This means that someone was able to impersonate the company's administrative contact, modified the actual domain name system, and transferred it to a different server.
This terrible situation happens and many times, high-level companies are targeted. This is just as serious as dealing with malware and viruses because a customer's financial picture is now affected while your web hosting business is going to get a bad reputation. It will take al ong time disputing for the domain back and many customers will simply move on with another web host. Take a look at what you need to know about domain hijacking.
All about domain hijacking
The web host is responsible for domain security by protecting the name and careful monitoring. Many times, the ball is dropped with both the domain name registrants and the registrars that they worked with allowing for hijacking. A customer is also paying for your promise of security to their web services.
You can prevent a domain hijacking if you understand the process. Without even needing access to your web server, someone can get your domain because it's often through a backdoor method and a customer's email address.
Typically, a hijacker will check whois.domaintools.com to get your name and email address. Searching the record, the attacker will find the registrar or your web hosting service information or find this on the ICANN Registrar. The hacker, now having this information, can hack into the email account.
Once the attacker has control of the email, the attacker can visit the website and tell it you “forgot the password” for logging into the portal. Once a new password is setup, the attacker has control of the domain control panel and minutes later, the domain is redirected to his web server.
What can I do about domain hijacking?
This serious situation should be avoided at all cost. You can take a few preventative steps in hopes that this won't happen to you. For starters, establishing uniform guidelines for Extensible Provisioning Protocol authInfo will mean that the transfer policy requires registrar-generated authInfo codes are unique to each domain. A customer would create a single code for all of their domains. Recommending to your customers to follow the policy of one authInfo code per domain will help to avoid a problem.
Creating a uniform default setting to apply to all domain locks on all customer domains will help as well. Make sure your customers have instructions on how to unlock the domain lock but don't put this in an email; find another way to communicate this. Make sure your customers know the importance of applying extra domain protecting on their hosting service package even if it means a higher cost. Lastly, make sure you can improve your customer authentication and authorization processes for all changes related to the domain.
With domain hijacking being such a serious situation, it's better if you are informed and prepared. Make sure you take extra precautions and communicate with your customers to ensure extra protection. Your job as a web host is to make sure your customer's concerns are addressed.
Reads: 1214 | Category: General | Source: TheHN : The Hosting News
Want to add a website news or press release ? Just do it, it's free! Use add web hosting news!