{"id":19267,"date":"2015-02-12T03:00:54","date_gmt":"2015-02-12T08:00:54","guid":{"rendered":"https:\/\/webhostinggeeks.com\/blog\/?p=19267"},"modified":"2021-10-19T06:51:38","modified_gmt":"2021-10-19T10:51:38","slug":"can-your-domains-get-hijacked","status":"publish","type":"post","link":"https:\/\/webhostinggeeks.com\/blog\/can-your-domains-get-hijacked\/","title":{"rendered":"Can Your Domains Get Hijacked?"},"content":{"rendered":"<p>Imagine this scenario: your customer service line gets a call from the owner of a small business whose e-commerce website is hosted through your service. The owner is in a panic. After months of steady visitor traffic and consistent daily transactions, suddenly all visits to her site have stopped. Not knowing what do to next, she now turns to you for help.<\/p>\n<p><!--more--><\/p>\n<p>After a little bit of investigating, you discover that someone has unlawfully accessed your domain control panel by impersonating her company\u2019s administrative contact, modified the <a href=\"https:\/\/webhostinggeeks.com\/guides\/dns\/\">Domain Name System (DNS)<\/a>, and transferred her domain name to a different server. You\u2019re now placed in the unenviable position of informing her that her domain has been hijacked.<\/p>\n<p>Sound implausible? Such attacks have actually happened, with some even targeted at high-level companies listed on enterprise-class domain registries. While not as common as the threats posed by viruses and malware, domain hijacking can be equally as devastating to an individual customer\u2019s financial stability and your reputation as a web host. The process of recovering a hijacked domain through logging a dispute through the <a title=\"ICANN\" class=\"zem_slink\" href=\"https:\/\/www.icann.org\/\" target=\"_blank\" rel=\"noopener\">Internet Corporation for Assigned Names and Numbers<\/a> (ICANN) be costly as well, with many customers simply choosing to register a new domain name in the end (most likely through another web host).<\/p>\n<h2>Who\u2019s Responsible for Domain Security?<\/h2>\n<p>The common line of thinking is that the responsibility of protecting a domain name lies with the customer who registers it, and that a compromise of security to that name is the result of poor monitoring on their part. Yet in the wake of investigations into the hijacking of the domains of some very prominent sites, ICANN\u2019s Security and Stability Advisory Committee (SSOC) identified failures on the part of both domain name registrants and the registrars with whom they had worked as being responsible for the incidents. Plus, from a customer perspective, they pay you for secure web services. In their minds, that includes the safety of their domain names.<\/p>\n<h2>Domain Hijacking Explained<\/h2>\n<p>In order to properly understand how you might be able to prevent your customers\u2019 domains from being <a href=\"https:\/\/webhostinggeeks.com\/guides\/dns\/#securityissues\">hijacked<\/a>, it helps to first understand the process of how a hacker can actually hijack a domain. What\u2019s most important to understand is that an attacker doesn\u2019t need to access your web server in order to get at a domain. Rather, hijackings occur via a backdoor route through the customer\u2019s actual contact email address.<\/p>\n<p>Here\u2019s how the entire hijacking process works:<\/p>\n<ol>\n<li>The attacker goes to whois.domaintools.com and searches for the target domain name. Under the Whois Record, he or she gets the customer\u2019s administrative contact email address.<\/li>\n<li>Searching the same record, the attacker finds the domain registrar (your web hosting service, in this case) under the \u201cRegistered through:\u201d field. If that information is not recorded there, he or she can simply find the ICANN Registrar listed under the \u201cRegistry Data\u201d heading.<\/li>\n<li>With access to the administrative email address, the attacker simply needs to hack into that email account.<\/li>\n<li>Having control of the customer\u2019s administrative contact email, the attacker then visits your website and chooses the \u201cForgot Password\u201d option in the login portal. He or she then enters either the actual domain name or the administrative email address to reset the password.<\/li>\n<li>An email is sent to the administrative contract address with instructions on resetting the password. The attacker creates a new password on the domain control panel, and now has full control of the domain.<\/li>\n<li>Within a mere matter of minutes, the attacker redirects the domain to his or her web server.<\/li>\n<\/ol>\n<p>Because your system recognizes the attacker as the customer\u2019s administrative contact, the hijacking often isn\u2019t discovered until the customer notices an abrupt halt to his or web traffic and\/or email correspondence. By that time, the amount lost in customer transactions coupled with the expenses required to fix the problem can be enormous.<\/p>\n<h2>What You Can Do<\/h2>\n<p>Recognizing the vulnerabilities inherent with the domain registration process, the SSAC highlighted several measures that both domain name registrants and registrars can do to help mitigate the threat of a hijacking. As a registrar, following these recommendations could help provide your customers with the peace-of-mind needed in order to trust their domains to your care. These recommendations include:<\/p>\n<ul>\n<li>Establish uniform guidelines for <a title=\"Extensible Provisioning Protocol\" class=\"zem_slink\" href=\"https:\/\/en.wikipedia.org\/wiki\/Extensible_Provisioning_Protocol\" target=\"_blank\" rel=\"noopener\">Extensible Provisioning Protocol<\/a> (EPP) authInfo. The transfer policy requires that registrar-generated authInfo codes be unique to each domain. However, customer-generated codes are not subject to the transfer policy restrictions. Thus, a customer may create a single code for all of his or her domains. If that code is somehow compromised, an attacker has access to all of the domains that are linked to that code. It\u2019s recommended that you encourage customers to follow the policy of one authInfo code per domain.<\/li>\n<li>Create a uniform default setting that applies domain locks on all customer domains. Communicate instructions on how to unlock the domain lock to the customer through means of correspondence other than email.<\/li>\n<li>Convey to your customers the importance of applying domain privacy protection to their hosting service package. Though such protection may come at an increased cost, the intangible value that their domain names hold as a symbol of their reputations with their own clients can be invaluable. Thus, that information should be afforded the same level of protection that they would give to customer and enterprise financial data.<\/li>\n<li>Look for ways to improve your customer authentication and authorization processes for any and all updates or changes associated with a domain. EPP can help by providing communication whenever domain information is renewed. Yet it may also benefit you to establish strict verification standards beyond a simple confirmation of the domain name or email address when a request is initiated to change customer contact or delegation information.<\/li>\n<\/ul>\n<p>Domain hijacking sounds scary and intimidating because it is just that. Knowing that someone with the right know-how can simply hack into an email account and modify a DNS can easily scare customers away from your hosting service. Thus, it\u2019s imperative that you as a web host do all that you can to assuage customer concerns by implanting the right kinds if safeguards to help protect them from would-be hijackers. While a fail-safe method to prevent domain hijacking has yet to be identified, you as a host can make the actual process of doing so difficult enough as to deter hijackers from targeting your customer\u2019s domains.<\/p>\n<p>Top image \u00a9GL Stock Images<\/p>\n<p><img decoding=\"async\" width=\"635\" height=\"144\" class=\"alignnone size-full wp-image-16835 lazyload\" alt=\"whg_banner.new.10k\" data-src=\"https:\/\/webhostinggeeks.com\/blog\/wp-content\/uploads\/2014\/07\/whg_banner.new_.10k.jpg\" data-srcset=\"https:\/\/webhostinggeeks.com\/blog\/wp-content\/uploads\/2014\/07\/whg_banner.new_.10k.jpg 635w, https:\/\/webhostinggeeks.com\/blog\/wp-content\/uploads\/2014\/07\/whg_banner.new_.10k-128x29.jpg 128w, https:\/\/webhostinggeeks.com\/blog\/wp-content\/uploads\/2014\/07\/whg_banner.new_.10k-420x95.jpg 420w, https:\/\/webhostinggeeks.com\/blog\/wp-content\/uploads\/2014\/07\/whg_banner.new_.10k-540x122.jpg 540w, https:\/\/webhostinggeeks.com\/blog\/wp-content\/uploads\/2014\/07\/whg_banner.new_.10k-372x84.jpg 372w, https:\/\/webhostinggeeks.com\/blog\/wp-content\/uploads\/2014\/07\/whg_banner.new_.10k-328x74.jpg 328w\" data-sizes=\"(max-width: 635px) 100vw, 635px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 635px; --smush-placeholder-aspect-ratio: 635\/144;\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Imagine this scenario: your customer service line gets a call from the owner of a small business whose e-commerce website is hosted through your service. The owner is in a&#8230;<\/p>\n","protected":false},"author":13,"featured_media":13724,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"wds_primary_category":0,"footnotes":""},"categories":[8,6,9,3558,11],"tags":[2223,6406,347,102,78,2906],"class_list":["post-19267","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-control-panels","category-domain-names","category-security-issues","category-web-technology","category-web-hosting-news","tag-domains","tag-hacking","tag-hijacking","tag-security","tag-web-hosting","tag-web-hosting-news-2"],"views":221,"_links":{"self":[{"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/posts\/19267","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/comments?post=19267"}],"version-history":[{"count":0,"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/posts\/19267\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/media\/13724"}],"wp:attachment":[{"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/media?parent=19267"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/categories?post=19267"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/tags?post=19267"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}