Results 1 to 8 of 8
  1. #1
    Join Date
    Dec 2001
    Location
    Hanoi - Vietnam
    Posts
    306

    Domain hacking... how to resist it

    Hello, I have some domains now on the crosshair of hackers... my friends have some of his domains (illegally) transfer and lost all his right on those domains.

    Do you know any case like this, if it happened to you, how did you do?

  2. #2
    Join Date
    Jun 2002
    Posts
    362
    are you referring to DNS posioning ? if so, then there isnt too much you can do about this.

    Bind 9 has taken good steps towards fixing this problem, and you can secure your host.conf to help protect yourself even further, but there is only so much you can do.

    Im not fully understanding your question, but if it is DNS posioning, then your best bet is to secure your host.conf

  3. #3
    Join Date
    Dec 2001
    Location
    Hanoi - Vietnam
    Posts
    306
    No no, this is not anything I can do with the server... this is the registrar problems...

    Said, I have example.com registered @ registrar.com, I can go to registrar.com and change example.com's information, namerecords... etc...

    Until one day, my account @ registrar.com have no domains left, do some whois, it tell me that those domain have been transfer to some other registrar, with other information, with other namerecords... etc...

    For sort, MY domains become SOMEONE's domains without my knowledge...

    Hope you understand...

  4. #4
    Join Date
    Jul 2003
    Location
    Nothing but, net
    Posts
    2,064
    You might consider doing the following:

    1) Make up a strong password that contains only numbers letters (both lowercase and UPPERCASE) that actually means nothing.

    Example: ftgUP98fVlK71Dfz8

    2) Lock the domains via your registrar interface, this will prevent any transfers or changes to your domains without your first unlocking them.

  5. #5
    Join Date
    Dec 2001
    Location
    Hanoi - Vietnam
    Posts
    306
    I have lock the domain @ the registrar... and my password is more complicated than yours

    But I still feel insecure, my friend lost some of his domains recently... I don't know if it happen I can claim the domains back as I am the one who paid to register them.

  6. #6
    Join Date
    Mar 2004
    Posts
    98
    FrzzMan,

    This sounds rather strange to me. Could you please explain how someone could hijack your domain name from your registrar? (especially if you have the domain locked).

    I don't know what has occurred with your friend, why hasn't he contacted the new registrar and issued a formal (legal) complaint? It is ILLEGAL (a felony) to break into someone's computer account in the US (registrar.com is a US based company and is under US regulations). Especially, if the break in results in a loss to the account owner (loss of control over one's domain constitutes a loss legally).

    Tell your friend to contact the FBI's computer crimes division. This is fully under their jurisdiction. It shouldn't be hard to find out who took it, and if your friend is telling you the truth(?) he can watch the offending party go to prison as a result.

    Tim

  7. #7
    Step 1. Have you contacted the registrar ?
    Step 2. If a registrant (owner) change has taken place you might want to ask them who authorized it.
    Step 3. They might want you to fax them your lisc and give them the CC info you purchased the domain with.


    Getting on a forum to talk about it, priceless (useless)
    GO GO GO !
    Datums Internet Solutions, LLC
    Systems Engineering & Managed Hosting Services
    Complex Hosting Consultants

  8. #8
    Join Date
    Dec 2001
    Location
    Hanoi - Vietnam
    Posts
    306
    Originally posted by Ishtaria
    FrzzMan,

    This sounds rather strange to me. Could you please explain how someone could hijack your domain name from your registrar? (especially if you have the domain locked).

    I don't know what has occurred with your friend, why hasn't he contacted the new registrar and issued a formal (legal) complaint? It is ILLEGAL (a felony) to break into someone's computer account in the US (registrar.com is a US based company and is under US regulations). Especially, if the break in results in a loss to the account owner (loss of control over one's domain constitutes a loss legally).

    Tell your friend to contact the FBI's computer crimes division. This is fully under their jurisdiction. It shouldn't be hard to find out who took it, and if your friend is telling you the truth(?) he can watch the offending party go to prison as a result.

    Tim
    Hey man, if I know how to hijack an domain I didn't stay here asking you lol...

    About registrar.com, I didn't know anything about it... I just take the its name in my example case.

    BTW, thanks for suggestion to calling up FBI...

    About my friend case, I don't know if he willing to post this here so I won't post the detail, but I will tell him about this thread so he can provide some information so maybe you can help him... thanks.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •