homepage Welcome to WebmasterWorld Guest from 50.19.169.37
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / Domain Names
Forum Library, Charter, Moderators: buckworks & webwork

Domain Names Forum

    
Domain Name Hijacking
stealing active domains from others
Marn




msg:689703
 10:04 pm on Jun 21, 2001 (gmt 0)

Curious, how many of you have heard of someone stealing someone else's domain by forging a letterhead of a legitimate business.

I talked to a customer who was able to convince Network Solutions to switch her domain back to her web host after someone had fraudently convinced Network Solutions to point it to another host provider. The party had done this with faxing in a request using her business name and so on.

I can't imagine this to be very common because NSI is often in of itself difficult to deal with.

 

Brett_Tabke




msg:689704
 3:56 am on Jun 22, 2001 (gmt 0)

There still has to be a confirm from someone listed on the Whois. Either via email or via snail mail. NS won't release a domain without some sort of authorization to the contact info.

shedemon




msg:689705
 12:12 pm on Jun 24, 2001 (gmt 0)

There are essentially 2 ways hackers go about stealing a name. One involves changing the ownership without the owner knowing it, and the other is to get technical and/or financial control of the domain.

Changing ownership is sometimes difficult to achieve. It depends on the Registrar. NSI seems to have the best rules to protect owners. The old and new owners must sign a document in the presence of a notary (who also signs). And an original of the document must be sent by snail mail. There are some registrars that request a copy of ID and/or letter head in addition to the 2 signatures, but since everything is transmitted through fax, the images are usually impossible to make out. More commonly though, I've seen registrars ask for the 2 signatures sent by fax, and nothing more. Especially if the company making the request is one of their partners or resellers.

If a registrar's rules are too tight, a person can easily transfer a domain name to a more convenient registrar. Only a handful of registrars send e-mail to request the owner or administrative contact to validate the transfer. Others, like NSI, send an e-mail after the transfer. And if the e-mail is no longer valid?

E-mail invalidity is the most common reason domain names are stolen. There are many ways to work around the rules and change contacts.
Make sure to update your e-mail, telephone number, and address regularily.

To prevent domain name stealing, make sure that your registrar uses the following procedures:

1)All registrar transfer requests must be validated by the owner or they will not go through.
2)Make sure that the owner address, telephone #, and e-mail are always up to date.
3)Make sure that all contacts' information is up to date.
4)Make sure that your registrar uses tough ownership transfer rules.

shedemon




msg:689706
 12:21 pm on Jun 24, 2001 (gmt 0)

Btw- NSI doesn't always require an e-mail confirmation. Sometimes if you tell them that the contact's e-mails are no longer valid (such is the case when providers close out), or that you can't remember your password, or PGP key, and therefor can't use the e-mail address verification method (MAIL-FROM), NSI support asks you to send in a fax.

It's true that all contacts receive an email when a request is made. If the e-mail request is ignored which is what most folks do instead of replying with NO- and a fax is sent, then NSI will make the requested changes.

Scary, isn't it?

Mike_Mackin




msg:689707
 12:39 pm on Jun 24, 2001 (gmt 0)

>NSI support asks you to send in a fax.

We had a client do this BUT they required him to have it notorized and asked him to include a photocopy of his drivers license.

Marn




msg:689708
 8:31 pm on Jun 24, 2001 (gmt 0)

Thanks for the advice and the helpful links, the domain is still being held so to speak even if it is expired and the name would be desirable by some (computer enthusiasts)

I haven't heard back from my friend, but I hope to get his domain, more for personal use than to sell it.

shedemon




msg:689709
 8:49 pm on Jun 26, 2001 (gmt 0)

>We had a client do this BUT they required >him to have it notorized and asked him to >include a photocopy of his drivers license.

Maybe the rules are different because i'm working out of France, but I have had 3 cases in the last 4 months which were accepted without a notary's signature. And once without any copy of ID. But usually, they lose our faxes completely....

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Domain Names
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved