Unix Tools
unix tutorials, unix security, unix help


Domain Hijacking

A Way to Steal Your Domain  

In the wild and wooly days of the internet people would occasionally find their domain names in the "hands" of another owner. The process is called hijacking and is as illegal as any other form of theft. The problem is that it was hard to prove.

These days registrars take a few more precautions and have greatly updated security. If your domain lands in someone else's hands today it's likely because the domain expired and you just lost the rights to it. Make sure you keep your registration up to date and that won't be a problem.

Still, hijacking is still possible and the following article goes into the problem and the solution in more detail.

Article by Subhash Kumar

Domain hijacking is the process by which internet domains are basically stolen. Many people confuse domain hijacking with the "reuse" of an expired domain. One is a legal process and one is not. Domain hijacking is theft, reuse of an expired domain is "opportunity usage".

Domain theft is an aggressive form of domain hijacking that usually involves an illegal act. In most cases, identity theft is used to trick the domain registrar into allowing the hijacker to change the registration information to steal control of an unexpired domain from the legitimate owner.

In domain hijacking or domain slamming for some reason, you can't get into your own domain, you're not receiving email from that domain, and you discover that it's now registered to someone else. Needless to say, to a small online business this can be devastating.

It could happen for a number of reasons. Maybe you have a particularly valuable domain name that someone wants to sell. In fact, .com domains are supposedly more likely to be stolen than any others. It's also possible, though unlikely, that whoever stole your domain did it as an attack on your business or you personally.

This is also done by sending a forged fax to the domain registrar, impersonating you (the registrant.) Other attacks are more subtle: the email that tells you your domain name is about to expire, and that you need to renew. Are you sure that email is actually from your registrar? That last form of attack is called domain slamming, after a similar and now illegal practice formerly engaged in by certain phone companies, which switched user's long distance phone companies without their knowledge or consent.

Domains can also be hijacked when registrars don't follow all the procedures. The gaining registrar (to whom the domain is transferred) is supposed to get the approval of the domain name registrant or administrative contact before going forward with the transfer.

Likewise, the losing registrar (from whom the domain is being transferred) is supposed to notify the registrant of the transfer during the five-day grace period before the transfer is completed. Either way, that's YOU if it's your business. You can deny approval of the transfer, but only if you know about it.

Protection from Domain Hijacking

All it takes is one easy step to protect yourself from potentially losing your domain name in this manner. You can place a 'lock ' on your domain name. Your domain name registrar should allow you to lock your domain name either by phone, fax, email, or online domain manager using your login and password . Your domain registrar will let you know which method they require. Once a lock is placed on your domain name, a transfer of registrar cannot be completed unless the lock is removed by you.

 To check if your domain is locked or not, visit www.NetSol.com, click on the 'Who-Is' section of the site, then enter your domain name. Scroll down below the registration information and look for the section that says, 'Lock Status'. If this says, 'REGISTRAR-LOCK ' then your name is protected. If this says, 'ACTIVE' then your domain name is not locked and your domain name is not protected.

Most, if not all, registrars provide domain locking functionality. They may or may not charge for it and they may or may not activate it by default. Make sure that you verify for yourself that all your domains are locked.