Do you run online business? Does a customer type bestonlinestoreintheweb.com in a web browser if he/she wants to enter your online store? Buying domain name is easy and cheap nowadays, but how secure it is?
Your own domain name…
There are few actors involved in the domain name ecosystem and registration process.
If you want to reserve (buy) your own domain name, a registrant must register it with an ICANN-accredited registrar or one of their resellers. Some of the biggest and well-known registrars are OVH, NameWeb, R01. The registrar will check if the domain name is available and create a WHOIS record with the domain name registrant’s information.
While registrars are contracted to conduct the day-to-day business of selling domain name registrations, registries are responsible for maintaining the registry for each TLD. The responsibilities of the registries include accepting registration requests (whether from registrars or directly from domain name registrants), maintaining a database of the necessary domain name registration data and providing name servers to publish the zone file data (i.e. information about the location of a domain name) throughout the Internet.
source: icann.org
… can be hijacked!
Domain hijacking or domain theft is the act of changing the registration of a domain name without the permission of its original registrant, or by abuse of privileges on domain hosting and registrar(s) software systems. Wikipedia
Sometimes attackers move the domain to a new registrar. It makes recovery process for more difficult.
Below you find some examples of domain hijacking incidents:
- Diigo: https://techcrunch.com/2012/10/27/social-annotation-site-diigo-com-recovering-after-domain-hijacking-nightmare/
- nytimes.com: https://blog.cloudflare.com/details-behind-todays-internet-hacks/
- Michael Lee’s graphic design and advertising business mla.com. He lost about 200k $ and took almost 2 years to get the domain name back: http://web.archive.org/web/20141001081551/http://www.huffingtonpost.com/2014/09/29/domain-theft_n_5877510.html
- For 5 hours customers of major Brazilian bank were redirected to phishing sites: https://www.wired.com/2017/04/hackers-hijacked-banks-entire-online-operation/
The real issue is that domain hijacking occurs at the registrar level and registrars compete with each other on price, not on security. Most popular registrars do not support: - multiple users account under the same organization account - two-factor authentication - multiple authorisations levels - no sufficient authentication validation for phone/(e)mail requests - split-password rule
Below you will find some registrars with focus on security, not on price: - CSC https://www.cscglobal.com/ - CloudFlare https://www.cloudflare.com/registrar/ (if you already are a CloudFlare customer on Enterprise plan) - MarkMonitor https://www.markmonitor.com/
Check your domain locks
You can also ask you registrar if it has support for domain locks.
In whois record you should see fields “Delete”, “Renew”, “Transfer”, “Update”. Your domain is registry-locked if the whois record includes statuses:
serverDeleteProhibitedserverTransferProhibitedserverUpdateProhibited
If your record includes only clientUpdateProhibited it means that domain is only locked at registrar, but not at the registry.
If you have any questions, send us an email at contact@cloudgardens.eu