8 Things a Domain Thief Loves
By Joe on Sunday 15 February 2009, 21:19 - Internet - Permalink
We all put a lot of effort into securing the domain names we purchase. It may be creative energy finding the perfect name for your blog in an increasingly crowded landscape; or waiting patiently for your company name to be released back into the wild by someone who's owned it for 5 years but never used it.
Regardless, your domains can be stolen or sniped from right under your nose. We thought we'd take a light hearted look at how to keep your domains safe from potential domain thieves:
1. Unlocked Domain Names
The thief does not like a locked domain name, it means they have to go through another layer of protection to steal it. Lock all your domains by default.
Do you realise how easy it is for a thief to crack your free email compared to pop3. C'mon now, get serious.
Solution: Lock all your domains by default.
2. Domain name front running (also called domain sniffing)
Just because that domain you searched for three months ago is now with someone using it to promote a Nigerian Strip Poker site, does not mean that it was sniffed and then stolen. However, enough evidence does exist to suggest the practice does exist.
http://www.gandibar.net/post/2008/10/22/Why-domain-name-services-are-not-all-equal
What more can a domain thief hope for than to know the domain name you want.
Solution: search for your name on reputable domain registrar's site (not to blow our own trumpet but you won't catch anyone 'sniffing' here)
3. Weak Passwords
You may think that having a password like "123abc" is an ironic way to fool password crackers, but you wont be laughing when your domain name is used to promote a One Legged Albanian Car wash service.
Solution, make it long and hard. the password that is.
4. Non Variant password implementation
Yes I know it's easier to have the same password for every online account you own. Not wise, if you lose one, you lose them all. Think about that for a minute.
Solution: Keep a hard copy of your accounts and respective passwords handy.
5. Shady, Not to be Trusted Domain registrars
I'm not naming names here, but there are some places you should not be registering your domain. Your neighbourhood domain name thief knows the weak registrars. When you're a vulture you hang where the meat is.
Solution: Read up on the registrar, make sure they have a good rep.
6. Industrial Password Cracking software
If you have a free email service, or you are with a registrar whose security is weak, then the domain name thief will be bringing out his favourite password cracking software.
Solution: Chose a long password and include non dictionary letters.
7. Downloads of Dodgy Software
If you want to spend hours downloading all six series of T. J. Hooker using Bit Torrent I'm not going to judge you, even though Shatner will be losing the royalties. But, are you really sure that download isn't letting some hairy-assed keylogging software onto your pristine machine.
Once the domain thief has a keylogger installed he can open a can of rampant destruction on your security and as you say goodbye to that domain name at least Shatner can comfort you.
8. Naive people who cannot spot a Phishing scam
I've never met someone who has had their details phished, but who would admit it? If your registrar has sent you an email to confirm personal details or to confirm your password, it is most probably a phishing exercise.
If in doubt, email or call the registrar.
So there you have it. It's impossible to guarantee 100% security, but if you make it so hard that even the hardened domain thief cannot work up the enthusiasm, it's job done.
Comments
Thank you for this article...
I also have suggestion for you to increase your account security.
Since domain owner will not login to domain account every day, it would be great if there is some notification option to be send to account owner's email address for every successful or failed login. So in case the account compromised, the real owner will have the notification and can act immediately.
Also send notification for every important changes to the account, like email address.
Wish I'd read this months ago - i paid $1200 0to retrieve a domain that was drop-caught!
Good job. I've been doing all of the things that you suggest since I registered my first domain in 1997. This is a case in which an ounce of paranoia can save several tons of frustration (and expense, as described by KK above!).
To thank you, I linked to this article in my Journa today:
http://www.computerbob.com/wp/8-thi...
--CB
Good job...
I have a few suggestions, mostly regarding contact info.
# It is a good idea to enable privacy protection
# Whether or not you have enabled privacy protection, be sure to have valid contact info.
# The contact email ids are very important. Never make a foolishness like have a contact mail id on an expired domain (and leave the domain unlocked)