How to make your domain name bullet-proof from thieves and hackers

[mole]

I'm in the process of compiling a how-to guide to Fort Knox the security of domain names from advanced hackers and thieves. Please contribute your best ideas.

I'll start :-

1. Get all your names out of Netsol :-D

 

[Mr Webname]

2. Simple but true - protect your Admin email domains.

 

[draqon]

3. Monitor your domains regularly to make sure they are still under your ownership. This won't prevent domain hijacking, but it will make it easier to deal with if it happens.

 

[Nexus]

4. (In addition to #2) Protect the domain name of the *nameservers* for your administrative contact e-mail domain name. This includes keeping track of current news on companies that may be providing e-mail services for you (ISP's, hosting services, registrars, etc).

~ Nexus

 

[Jack Gordon]

5. Use a registrar that "locks" your domain, preventing transfers out without your action to go in and unlock them first.

 

[Steen]

Well,

If you want fort knox, say if you own sex.com or disney.com or the likes, I would suggest you transfer into totalnic.

 

[WebCat]

6) Based on their TWO unauthorized transfers in the Secretary.com fiasco, get your valuable domains out of eNom as well! Apparently all you need is either a fake ID, or NetSol to tell them to jump, and anyone can hijack a domain from eNom.

 

[HeavyLifting]

7. hardcopy (printed) documentation of your ownership of the domain, including whois, and sales paperwork if you purchased the domain from a previous owner.

8. use an admin email address that is independant from any of your valuable domains (i.e. use an AOL address).

 

[shaw]

9. protect your own computer from viruses and spyware. don't download and install "free" software. use a mail reader that's more secure than MS Outlook or Outlook Express.

10. renew your best domains for years in advance.

 

[Steen]

Originally posted by WebCat
6) Based on their TWO unauthorized transfers in the Secretary.com fiasco, get your valuable domains out of eNom as well! Apparently all you need is either a fake ID, or NetSol to tell them to jump, and anyone can hijack a domain from eNom.

I am so suprised to hear this over and over.


Many many registrars have obbeyed to NSI's/Verisign's commmands in such cases. Many times before.

Its not an enom problem!

 

[WebCat]

Originally posted by Steen
Many many registrars have obeyed to NSI's/Verisign's commands in such cases.

Commands? NetSol's commands?

Steen, I guess you believe (just like they do), that NetSol rules the world.

Can you give me one instance where GoDaddy or Dotster kissed the collective cheeks of the almighty Network Solutions?

Curious WebCat
/\_/\
(0 0) Heil NetSol!
>^<
\__/

 

[mole]

11. Get ID Protect. It shields your admin email and contact details from possible identity theft/impersonation.

 

[C0113c70r]

12. Keep your friends close, and your enemies even closer. If you can, join the ranks of the hackers then make it known to them through their methods who you are when they approach one of your domains, web sites, or products. Many hackers tend to respect the properties of fellow hackers and members of their underground communities.

For an example of what I mean, visit my site at http://www.C0113c70r.com

The logo on the page is located somewhere on all my other sites. Sometimes invisible to the average surfer, but clearly present to the skilled hacker.

--- C0113c70r

 

[Monte]

13. Make sure your registrar has both registry and regsitrar lock capabilities and have the highest security selections to ON. Most only have the ability to lock domains at the registry.

14. Make sure your regsitrar has email notification approval ability to both the admin and account email to pre-approve any change to your account that might jeapardize your domain record from being changed.

15. Ask for administrative review of your domains when requesting a transfer out of one registrar to another. This will ensure that your names are auto NACKED for transfer with out prior notice from you to the registrar.

16. Request a 60 day registrar lock of any domain in your account that changes ownership in case there is a fraud or theft attempt. This will provide ample time to move domains back into your own name if credit card purchases of domains are charged back after sales and to prevent other fraudulent activity.

Moniker.com provides all of the above and more to protect from domain theft.

Monte

 

[David G]

Originally posted by mcahn .....15. Ask for administrative review of your domains when requesting a transfer out of one registrar to another. This will ensure that your names are auto NACKED for transfer with out prior notice from you to the registrar. Monte

I thought so called admin review was madatory at Moniker anyway. So asking for it is not needed, right? It has been said in this forum that your supt dept say's upper level mgt approval is required for transfers away?? Also, what in the world is auto NACKED? P.S. I do not at all approve of upper level mgt review.

BTW, this is a bit off topic but since I could not find your email addr on your site I will ask you here. I got email from Pool.com saying I won a name and it was reg'd with you. Also email from Moniker saying to enter a given auth # to move the name into my new acct - opened today.

However, when I do that it does not work and the acct still shows zero domains in it? Unfortunately, several emails about this to your supt dept have gone unanswered today, please tell me what to do? Thanks.

 

[Nexus]

Originally posted by DNMole
11. Get ID Protect. It shields your admin email and contact details from possible identity theft/impersonation.

?? If "ID Protect" is what I think it is, I would strongly recommend against it as a bullet point. I think "ID Protection" services are well intentioned, but are like bandaging a wound with razor blades.

My comments in this thread:
http://www.dnforum.com/showthread.php?s=&threadid=44755

~ Nexus

 

[mole]

Originally posted by Nexus
?? If "ID Protect" is what I think it is, I would strongly recommend against it as a bullet point. I think "ID Protection" services are well intentioned, but are like bandaging a wound with razor blades.

Try it for yourself nex (if you haven't already), then you might begin to be more aware:-

1. A thief will not be able to lie to the registrar, for example, they are so-and-so from this country in this city and town by just firing up your whois.

2. The all important admin email is hidden for good no compromises there.

When you manage IDP, you can change your actual contact details every minute and no one outside of the registrar will even know it was even changed.

Bottom-line is simple - the registrar will be able to verify your identity a whole lot better if someone were to impersonate you.

Personally, I prefer to go public, since this helps build trust in the site. I've only used IDP for 3 of my secondary domains, but I think its a god send for extra security.

 

[mole]

17. If the name is very valuable, get third party authentication. You can do this with for example, the Geotrust True Site program. http://www.geotrust.com

18. Get it hosted at a credible host like http://www.vianetworks.net and put the technical contact email per the host provider. If sometime happens, at least you have a credible third party to back you up.

 

[mole]

19. Something cheaper, get your domain onto Alexa and submit your contact details.

20. Federal copyright a site that contains all your domains screen captured with services like that C-something service you can buy on Godaddy.

 

[Delete]

avoid enom. they will take your domains with no questions asked if asked by verisign. Godaddy in the other hand will not without a court order. I had a real hard time proving ownership on one of my own domains with godaddy.