Home
Business-Wise
Kate's Collage
"Vinny Da Vendor"
"Benny Da Buyer"
Kizer & Bender
Memory, Paper & Stamps
Category Reports
Designing Perspectives
Trade & Consumer Groups
Subscribe to CLN
Scene & Heard
Jobs
Industry Research


Creative Leisure News
2677 Ashley Ct.
Tremont, IL 61568
Phone: 309-925-5593
Fax: 309-925-9068
Email: mike@clnonline.com

 

 

Technology issues that affect your business

Printer Version

"My Domain Has Been Stolen!

Take a few simple steps to protect your domain name from being hijacked.

By Lynn Carlisle, Carlisle Communications, Inc. (September 3, 2007)

(Note: Lynn was led into the Internet by visionary Dave Larson and his pioneering web portal CraftNet Village in 1996. She has developed websites for industry ever since, notably Joann.com's pre-commerce web presence and several others, currently including caron.com, bond-america.com and berroco.com.)

On a recent Monday morning, as was her usual practice, a friend and business associate started her daily online session by checking on her own domain, let's call it "myshop.com." What she saw started her heart racing. The content, graphics, links, everything at myshop.com had completely changed. Calls to her web developer and her host confirmed her fears: they hadn't made any changes. A quick check of her WHOIS record made the day go from bad to worse: my associate was no longer listed as the domain owner and someone else's company name and contact information was now on the official registration.

What happened?

The short answer is that myshop.com had been, what the web industry rather dramatically terms, hijacked. Without my friend's knowledge, a thief had intentionally gained control of her domain's registration and changed all the registration information, essentially stealing the domain name.

Before going further, let's review a few terms for those of you who are already lost. A little education will go a long way in this area because, unfortunately, domain hijacking deliberately preys on the ignorance of domain owners like my friend.

Terminology.

Domain name: The name of your website, such as myshop.com, myshop.org, myshop.us, myshop.net, etc.

Website: Content that comprises your website in the form of web pages, images, databases and more.

Host: Where your website content resides.

Registrar: Where you have registered your domain name. Until a few years ago, Network Solutions was the only registrar in the country. The industry was deregulated and now more than 900 registrars exist, each with varying or non-existent levels of security.

Registration: Owning a domain name is the same as registering a domain name. You pay an annual fee to a registrar and claim it as your own. Each domain name can only have one owner. So only one person or entity can own myshop.com at any given time.

Registrant: You, the domain owner.

WHOIS record: All registration information is available via a WHOIS lookup, unless you specify that your WHOIS record information be made private (see below).

So how did the domain hijacker steal the domain? The answer is so simple it's frightening. The thief signed up for an email address. Let me explain what we think happened:

The thief identified myshop.com as a target by looking up the WHOIS record for myshop.com. There, the thief could see my friend's name, business name, business address, contact phone numbers, fax number, and bingo – my friend's very vulnerable email address. My friend's email address was vulnerable because it was supplied by a public service, in this case, earthlink.net. And because it was vulnerable, it was the key that allowed the hijacker to steal the domain.

It's a very, very common scenario, one that you may find familiar. When my friend dreamed up myshop.com, she checked with her favorite registrar to see that it was available. It was, and she registered the name by paying a fee and supplying all of her contact information to the registrar.

Since she was just getting started in her new business, for the required email address, she supplied the only one she had, which was myfriend@earthlink.net. The registrar informed her somewhere in the fine print (that she didn't read), that all future communication about this domain would be directed to myfriend@earthlink.net.

A few months passed while my friend got busy hiring a web developer, finding a competitive host, choosing a hosting package, designing web pages and tracking how much traffic came to her site. She set up domain-specific emailboxes for herself and her departments (me@myshop.com, info@myshop.com, sales@myshop.com) and she followed all of the conventional web marketing wisdom: she put her new email addresses on everything from business cards to shopping bags. She assumed that her domain was secure, paid up for a couple of years, and operating as it should.

A couple of years went by and all seemed to be well. Until that fateful Monday when that forgotten email address on her domain registration allowed someone to unlock every security level at her registrar and walk off with her domain. Turns out, she had not renewed her old email address, myfriend@earthlink.net, so it was available to anyone who wanted it.

Via the public WHOIS record, the thief spotted the vulnerability, signed up for myfriend@earthlink.net, and began contacting the registrar pretending to be my friend. First the thief changed the owner's name and all contact information. Then the thief mapped myshop.com to a new host and created a new domain-specific email address, maybe thief@myshop.com.

And here's the key: the thief returned to the registrar and changed the registered email address from myfriend@earthlink.net to thief@myshop.com. Now, to the whole world, to the registrar itself (and to its legal department), the thief is the registered owner of myshop.com.

All of this happened in the space of two days, completely online, without any human contact at all.

What to do now.

When my friend began to piece together what may have happened and to complain to her registrar, the registrar politely reminded her of what she had been told a few years ago: all communication about the domain would be sent to myfriend@earthlink.net. When the thief began to make changes to the registration, the registrar probably duly sent emails to that address, which the thief had taken over, emails that the thief probably read and gleefully deleted. The one security measure in place to protect the domain was breached and the domain had been hijacked.

So, here's a short list that may help you protect your domain from being hijacked:

1. If the email address that appears on your registration is a yahoo.com, earthlink.net, google.com, aol.com, msn.com address, or one from any other public free provider, change it today. Be sure that the email address that appears on your registration is unique and that you have control of it.

2. Be sure that all other contact information is current. If your office or shop has moved, update the address. If the technical contact is no longer with the company, update the contact. Even if the area code has changed, correct it.

3. Contact your registrar and lock your domain. This will prevent any transfer from taking place without notifying you. However, this isn't foolproof, if you don't have a current email address.

4. Contact your registrar and make your WHOIS information private. There may be a fee involved, and private WHOIS information can be a red flag in some instances, but look into it anyway.

And what's happening with my friend's domain? After numerous calls to her registrar, she will likely have to file an online arbitration process that carries a hefty initial price tag of $1,200. She may have to hire a lawyer. Her email addresses don't work, so all email communication has been cut off to friends, customers, and vendors. Her customers and vendors are confused and getting angry and she is losing business with every day that passes with her domain name in someone else's hands.

Protect your domain and your business with something as simple as a current email address.

(Note: Comments or questions can be directed to ljc@carlislecommunications.com.)

xxx
 

horizontal rule

Home ] Business-Wise ] Kate's Collage ] "Vinny Da Vendor" ] "Benny Da Buyer" ] Kizer & Bender ] Memory, Paper & Stamps ] Category Reports ] Designing Perspectives ] Trade & Consumer Groups ] Subscribe to CLN ] Scene & Heard ] Jobs ] Industry Research ]

horizontal rule

©Copyright 2012 by Creative Leisure Communications
(Reproduction or re-transmission without permission is prohibited.)



   
   

 

Tech Topic Recent Columns...
 CAN'T WE ALL JUST GET ALONG? Why some browsers may be misreading your website, and what to do about it.

 QR CODES: WHAT ARE THEY AND HOW COULD THEY AFFECT CRAFTING? The possibilities are endless, for retailers and vendors alike.

 QR CODES: THE WAVE OF THE FUTURE; How one designer/consultant is already using them for her clients.

HEY, YOU: GET ONTO THE CLOUD; Access any data, from anywhere.

USING TWITTER AND FACEBOOK FOR MARKETING; Basic advice to get you started.

MAKE THE IPHONE WORK FOR WORK;Applications that make the iPhone -- and you -- more productive.

ONLINE AND ON MESSAGE: MARKETING THROUGH SOCIAL MEDIA, PT. II; More ways to building interest in your store without expensive advertising.

ONLINE AND ON MESSAGE: MARKETING THROUGH SOCIAL MEDIA; Building interest in your store without expensive advertising.

AN INVITATION TO LEARN...How CHA's Standards and Technology can help your business.

THE BIRTH OF A BRAND; The story behind Caron's new NaturallyCaron.com yarn.

MY DOMAIN HAS BEEN STOLEN! Take a few simple steps to protect your domain name from being hijacked.

CHA 2007 SUMMER SHOW: DIGITAL SCRAPBOOKING SEMINAR LINEUP; Seminars designed to help retailers understand - and profit from - the digital revolution.

BLOGS AND PODCASTS; Economical ways to reach customers, particularly younger consumers.

WHY PROTECTING YOUR DOMAIN IS A GOOD INVESTMENT; It can be expensive if you don't.

THE (FEMALE) MOUSE THAT ROARED; How women and the craft industry have changed technology.

CRAFTS & TECHNOLOGY; Friends or Foes? Can you attract younger consumers by embracing technology?

DEALING WITH A HACKED WEBSITE; How to handle an awful situation.

THE SEARCH IS ON; Driving more traffic to your website via search engines.

DO YOU HAVE PERMISSION? How to build your business with an email newsletter.

DIGITAL SCRAPBOOKING: WILL IT HELP OR HURT? Will it inspire more photography or hurt product sales?

CRAFTING AND THE "RESET GENERATION"; Teaching the joy of creativity -- and the process -- to the new, techno-savvy market.

A PLEA TO MANUFACTURERS FROM DIGITAL DIVAS: DON'T FORGET ABOUT US! There's money to be made by adapting your products and services to digital scrapbookers.

SPAMMING, SHILLING, ASTROTURFING, EVANGELISTS AND OTHER INTERNET PREDATORS; Lots of people with lots of ways to hurt your business.

THE DIGITAL WORLD OF SCRAPBOOK DESIGNS; The internet has changed the way magazines and vendors find and use designers.

WHAT DOES YOUR WEBSITE SAY ABOUT YOU? Eight practical tips to avoid or eliminate expensive pitfalls.

THE RIGHT-CLICK BANDITS; Is your site being robbed by the Right-Click Bandits?

USING SEARCH ENGINES MORE EFFECTIVELY: How to find a needle in a haystack.

SHOP AT HOME TV: A new sales opportunity for manufacturers?

HOW THE INTERNET CAN MAKE -- OR BREAK -- YOUR COMPANY'S REPUTATION

THE PRICE OF MOBILITY; Where will you be when your cell phone rings?

SEEK AND YOU SHALL FIND; A telltale sign you're living in the 21st century.

HOW TECHNOLOGY IS CHANGING US; Not just our lives -- our business, too.

THE VIRUS, HOAX PROBLEMS: WHAT TO DO; No, you are not immune.

WILL SPAM KILL EMAIL AS A MARKETING TOOL?; We may throw the baby out with the bathwater.

 
Search CLNonline.com


Trouble With Your Password?

Industry Polls

Try Two Issues Free

Subscribe Now

CLN Archives

Humor Archives

Consulting Services

Tell A Friend About CLN

Contact Mike

Frequently Asked Questions