Currently set to No Index

Can Your Domains Get Hijacked?

Imagine this scenario: your customer service line gets a call from the owner of a small business whose e-commerce website is hosted through your service. The owner is in a panic. After months of steady visitor traffic and consistent daily transactions, suddenly all visits to her site have stopped. Not knowing what do to next, she now turns to you for help.

After a little bit of investigating, you discover that someone has unlawfully accessed your domain control panel by impersonating her company’s administrative contact, modified the Domain Name System (DNS), and transferred her domain name to a different server. You’re now placed in the unenviable position of informing her that her domain has been hijacked.

Sound implausible? Such attacks have actually happened, with some even targeted at high-level companies listed on enterprise-class domain registries. While not as common as the threats posed by viruses and malware, domain hijacking can be equally as devastating to an individual customer’s financial stability and your reputation as a web host. The process of recovering a hijacked domain through logging a dispute through the Internet Corporation for Assigned Names and Numbers (ICANN) be costly as well, with many customers simply choosing to register a new domain name in the end (most likely through another web host).

Who’s Responsible for Domain Security?

The common line of thinking is that the responsibility of protecting a domain name lies with the customer who registers it, and that a compromise of security to that name is the result of poor monitoring on their part. Yet in the wake of investigations into the hijacking of the domains of some very prominent sites, ICANN’s Security and Stability Advisory Committee (SSOC) identified failures on the part of both domain name registrants and the registrars with whom they had worked as being responsible for the incidents. Plus, from a customer perspective, they pay you for secure web services. In their minds, that includes the safety of their domain names.

RELATED:   Why Office 365 Is a Better Choice for Your Business

Domain Hijacking Explained

In order to properly understand how you might be able to prevent your customers’ domains from being hijacked, it helps to first understand the process of how a hacker can actually hijack a domain. What’s most important to understand is that an attacker doesn’t need to access your web server in order to get at a domain. Rather, hijackings occur via a backdoor route through the customer’s actual contact email address.

Here’s how the entire hijacking process works:

  1. The attacker goes to and searches for the target domain name. Under the Whois Record, he or she gets the customer’s administrative contact email address.
  2. Searching the same record, the attacker finds the domain registrar (your web hosting service, in this case) under the “Registered through:” field. If that information is not recorded there, he or she can simply find the ICANN Registrar listed under the “Registry Data” heading.
  3. With access to the administrative email address, the attacker simply needs to hack into that email account.
  4. Having control of the customer’s administrative contact email, the attacker then visits your website and chooses the “Forgot Password” option in the login portal. He or she then enters either the actual domain name or the administrative email address to reset the password.
  5. An email is sent to the administrative contract address with instructions on resetting the password. The attacker creates a new password on the domain control panel, and now has full control of the domain.
  6. Within a mere matter of minutes, the attacker redirects the domain to his or her web server.
RELATED:   Does Your Web Site Have Intelligent Human Interactions?

Because your system recognizes the attacker as the customer’s administrative contact, the hijacking often isn’t discovered until the customer notices an abrupt halt to his or web traffic and/or email correspondence. By that time, the amount lost in customer transactions coupled with the expenses required to fix the problem can be enormous.

What You Can Do

Recognizing the vulnerabilities inherent with the domain registration process, the SSAC highlighted several measures that both domain name registrants and registrars can do to help mitigate the threat of a hijacking. As a registrar, following these recommendations could help provide your customers with the peace-of-mind needed in order to trust their domains to your care. These recommendations include:

  • Establish uniform guidelines for Extensible Provisioning Protocol (EPP) authInfo. The transfer policy requires that registrar-generated authInfo codes be unique to each domain. However, customer-generated codes are not subject to the transfer policy restrictions. Thus, a customer may create a single code for all of his or her domains. If that code is somehow compromised, an attacker has access to all of the domains that are linked to that code. It’s recommended that you encourage customers to follow the policy of one authInfo code per domain.
  • Create a uniform default setting that applies domain locks on all customer domains. Communicate instructions on how to unlock the domain lock to the customer through means of correspondence other than email.
  • Convey to your customers the importance of applying domain privacy protection to their hosting service package. Though such protection may come at an increased cost, the intangible value that their domain names hold as a symbol of their reputations with their own clients can be invaluable. Thus, that information should be afforded the same level of protection that they would give to customer and enterprise financial data.
  • Look for ways to improve your customer authentication and authorization processes for any and all updates or changes associated with a domain. EPP can help by providing communication whenever domain information is renewed. Yet it may also benefit you to establish strict verification standards beyond a simple confirmation of the domain name or email address when a request is initiated to change customer contact or delegation information.
RELATED:   Web Hosting Wars: How Far Will a Host Go to Gain Your Business?

Domain hijacking sounds scary and intimidating because it is just that. Knowing that someone with the right know-how can simply hack into an email account and modify a DNS can easily scare customers away from your hosting service. Thus, it’s imperative that you as a web host do all that you can to assuage customer concerns by implanting the right kinds if safeguards to help protect them from would-be hijackers. While a fail-safe method to prevent domain hijacking has yet to be identified, you as a host can make the actual process of doing so difficult enough as to deter hijackers from targeting your customer’s domains.

Top image ©GL Stock Images

How to Find a Successful Name For Your New Blog?
How to Find a Successful Name For Your New Blog?

One of the most important decisions you can make to ensure your blog is among the best is to select a name. While there are more than 500 million blogs available...

How-to Start a Blog – Review of the Best 10 Blogging Platforms
How-to Start a Blog – Review of the Best 10 Blogging Platforms

If you want to start a blog as fast as possible, then you need to consider choosing a blogging platform. Thankfully, there are some excellent free and paid blogging platforms...

How Referral Marketing Can Benefit Web Hosts
How Referral Marketing Can Benefit Web Hosts

Even if the niche of web hosts are fully loaded with a lot of companies they are still one of the easiest to promote because you could write your own...

Broken Links: How to Find, Fix, and Benefit from Broken Links
Broken Links: How to Find, Fix, and Benefit from Broken Links

Links are what holds the web together. Essentially, the web is named as such because of the ability for pages and sites to link to other sources and relevant information....

Brand Value & the Most Powerful Brands (with Infographic)
Brand Value & the Most Powerful Brands (with Infographic)

Brand value – everyone wants it, however, only few are able to achieve it. The subject of “brand value” holds a significant position amongst marketers, executives, and entrepreneurs. Let’s discuss...

Reasons why your business should shift to Cloud hosting
Reasons why your business should shift to Cloud hosting

Cloud hosting has been on the rise since its inception. The improvement to your website performance and business efficiency that comes with Cloud hosting is almost tangible.

Why We Love the IT Support Career?
Why We Love the IT Support Career?

In almost all of my posts I was talking about the stressful side of the IT – the long hours, end user issues, migrations, midnight calls and the like. But...

IT Manager: Ways To Show Your Appreciation To Your Team
IT Manager: Ways To Show Your Appreciation To Your Team

Surely your team struggled hard and made things happen. You cannot say “this is what you get paid for” and just leave – you cannot keep your IT staff that...

1 Comment

  • Avatar for KAL KAL says:




Leave a Reply

Your email address will not be published. Required fields are marked *