Hii,

Is it possible for a hosting company to hijack its cliecnt's domain.. ( okay lets leave the reasons why they would want to do it )

I wonder what control will they have on the domain, so that they can hijack it, unless the client has registered the domain the hosting company. But even then, the buyer will have the complete control over the domain....in that case...can a Domain be still HIJACKED ?!

Thanks for the feedback

The only way a company can get your domain, is if they register it for you and add themselves as the owner or admin/technical contact, or if you add them as one or more of those, would they have control. It's common to add the hosting provider as the technical contact, but some registrars won't allow the technical contact to modify the domain anyway. There's no reason why a host should own the domain anyway, so just add yourself as the contact and owner and you'll be safe from a host taking it or taking control of it.

My domain name has been hijacked by a former host company (AIT.) They claim that I owed them money months after I moved to another host. (I don't, but that is a different story.)

I made the mistake of originally registering my name through AIT's registrar (AITDOMAINS.COM.) One day they just simply opened up my domain name record, edited it to display themselves as owner/admin/etc. (Do a whois on daytoninternet.com to see what it looks like.)

You would think that they would require a judgement from a court to be able to do this, but it is in their TOS. I did not receive a courtesy e-mail, letter, phone call, fax, telegram, or even a smoke signal before they did this. Professional, eh?!

In hindsite, I should have moved the domain name to another registrar when I left their company. Learn from my mistake. (I am still fighting this.)

<<Admin edit: please set up a 4-line signature through your profile instead of directly typing it into your post.>>

It really depends on how the host registers the domain, but yes it happens all too often.

Suggestion, if you buy a domain protect yourself. Demand a reciept and keep your credit card statement as long as you own the domain. Without them you will have no proof you actually own the domain.

Thanks for the tip. You can neve rbe too careful.

If the hosting company is the admin/technical contact they can modify all information for the domain.

My other suggestion, would be to not have your contact for admin, technical and especially ownership email at your domain name or one hosted on them. However it's rare that someone would steal a domain that way and it's almost always a matter of someone using a provider to register the domain for them, such as a poster mentioned above.

However, that is a rather paranoid and extreme example and it is my opinion that if you need to worry about them using your email against you in such a manner or anything else, you shouldn't host on them anyway. However, protecting the domain and registering it yourself, making only you the owner and contact is just safe and should always be practiced and no hosting provider that's reasonable will try and tell you otherwise. After all, it is your domain if you pay for it.

Originally posted by multipleimage
If the hosting company is the admin/technical contact they can modify all information for the domain.

I believe that up until very recently, Verisign would allow the technical and/or administrative contacts to change the record, which meant that they could change the ownership contact. Perhaps that was only an issue a few years ago (I know it was then), but definitely ensure that they aren't the owner contact. It all depends on the registrar as well.

I registered my domain name myself, although I did it through my host company's registrar. I was listed as the owner/admin/billing/and technical contact for my domain name and they still got in and made the changes without my consent. The only words of advice I can give is "Don't put your eggs all in one basket." Don't allow your host company to also be your registrar and vice-versa.

Originally posted by 2host.com


I believe that up until very recently, Verisign would allow the technical and/or administrative contacts to change the record, which meant that they could change the ownership contact. Perhaps that was only an issue a few years ago (I know it was then), but definitely ensure that they aren't the owner contact. It all depends on the registrar as well.

Some registrar's still do that.

Originally posted by dayton
I registered my domain name myself, although I did it through my host company's registrar. I was listed as the owner/admin/billing/and technical contact for my domain name and they still got in and made the changes without my consent. The only words of advice I can give is "Don't put your eggs all in one basket." Don't allow your host company to also be your registrar and vice-versa.

I see, I didn't realize they were you registrar as well. I assume they are an openrs registrar then. Don't take offense to this next part where I said "if this is what happened" to mean it didn't (I'm sure you understand); If this is what happened, then I don't know how I'd have reacted if I were you, but it's really troubling to hear these things and we all know they happen. Once is too much and we all know it's happened far more than once. People that commit those acts need to be arrested and serve jail time, not just civil action.

Thanks for the feedback friends !

okay, assuming that owner/admin/billing/and technical contact is in the name of the person who pays for the domain, TECHNICALLY is it possible for a hosting company to hijack the domain, if it was registered theu' them itself !?!

Also, i assume and i am sure that most of the hosting companies which also offer domain registration are just reseller of some or the other ICANN accredited Registars, In that case, how much control will these resellers have...the actual registrar will have much higher control over the domain, even if it was registered thru' their reseller. So why not contact the actual registrar ( for which your hosting company is the reseller ) and inform them of such an Hijack...will the registrar be able to do anything abt this ??

Thanks again

If you're talking about a domain from a registrar that the provider isn't in control of, then unless they know your login information that only the domain owner would have or can obtain some means to fake being you (using your email, etc. (which there should be more to it anyway)), then you are the only person with the information to control said domain.

If the provider is an OpenRS reseller, they could go out of business, take control and whatnot in some manner, which I'm not personally sure of exactly how as I've never been an OpenRS reseller and have no desire to ever be, but I believe you are basically buying a domain through/from them and they are ultimately in control.

I hate to sound naive about that aspect for the OpenRS service being a web host and all, but I honestly don't know, as I've just never had any interest in looking into it, how it works, etc., as I just would prefer and suggest other people use a respectable and known registrar that they know will be around and can feel safe about, rather than being at the mercy of an OpenRS registrar that will ultimately effect you and your domain, control of it, etc. or anything else possible if they go out of business, don't pay bills, or have some other issue especially relating to the OpenRS service.

I just see no reason to do this, other than that it might be easier just to be able to set up everything for a client that doesn't understand how to register a domain or is intimidated, etc. So while there's some likely pro's, there's too many reasons to stay clear if you want my opinion. Mainly just because it's a bad idea to go through another person when you don't need to. I'd rather go from point A to point Z than from A to B to F to Y to Z.

:eek: I had my domain hostage at ....SHHHHHHH <whisper> Cyberwings<end Whisper>:angry:

My first site was set up by them and they took care of the domain stuff <note, me newbie> They listed my Name as the contact etc... but USED THEIR E-MAIL ADDRESS:confused: . Then as I was moving my sites ( I was on RS servers that stayed up for a while. I could not transfer the domain to anywhere else.
BUT.........
CW was/is a GoDaddy reseller, I pleaded with them. Finally got a rep who understood my problem. He sent me to the bosses. (GD doesnt like to witch customers to their service from a reseller, Understandably) But they seem like they are going to help. I got a phone call from them yesterday.
I'll post Good News here when the story ends:cartman:

Dayton, I have a registrar that did the same thing. They showed me how to switch the info back and fourth with nic handle. It was no big deal. Many companies seem to do this but they should be alerting people they are doing it. It is deceptive. My company said to alert them if I was going to sell domain so the assumption might be they registered in their name. Most reputable companies would find it a very costly to actually hijack a domain.