INTRODUCTION
Recently I have been dealing with a domain theft. Trying to locate information and warning the original user. One thing this process has brought to light is the little people know about securing domain names.
The following are my thoughts on how to best secure your domain names. This is by no means a complete guide however if you think you can add too it please feel free in commenting and I will keep this post updated.
IMPORTANCE OF UPDATED WHOIS
Some people are very concerned with privacy and as such put false information in their WHOIS. This is dangerous on two counts.
The proper way to handle your privacy is to use something called WHOIS privacy, almost all registrars offer this type of service. I would urge you to avoid using a whois privacy service not associated with your registrar as you are unlikely to receive any necessary correspondence. Some cctld's offer this service free for private individuals at no extra cost (for example .co.uk offer this).
SECURING YOUR WHOIS
Regardless of whether you have whois privacy enabled on your domain or not I believe it to be a good practice to use an email address solely for whois information. This is the domain people will come to know as your WHOIS email. If this is only used for whois and they hack it they cannot do much damage with it. On the other hand if they hack this email and it is the same email used for your registrar then they can simply use the forgot password feature of your registrar to get the password, the rest is easy.
Bottom line is make sure your whois information is 100% accurate and updated.
SECURING YOUR REGISTRAR
There are several things you can do to secure your registrar. The first consideration you have is which registrar to use. Make this decision wisely, some registrars handle security better than others. Check out what features these registrars offer to help with security, even if it is simply emailing you when changes are made. Ensure you have a way to contact the registrar in the event of a problem. There is no point having a contact number for your registrar if they either never answer or are closed a lot. Once you have settled on a registrar then when signing up with them ensure you do the following:
If during sign up the registrar asks for security questions step off of the beaten track. A lot of people use questions such as the following as security questions:
OTHER CONSIDERATIONS
Other best practices can include ensuring for example that you use software that can track your domains, ensure this software also contacts you in some way in the event of any changes to the whois of your domain. If you couple this with for example email notifications from your registrar you are ensuring that you have a fail safe. If one method fails you have a backup.
WHAT IF MY DOMAIN IS STOLEN
If you are unfortunate enough to find out your domain is stolen, you should first and foremost contact the registrar to stop any transfer. While this is happening, ensure that you change all of your passwords, this includes your email passwords and registrar passwords.
Also make a big stink about it, post on forums or social network sites. The more people know about it the more people you can rely on to keep you updated and alert you of any changes.
Have I got anything wrong here? Have I forgotten anything? If so please do leave a message. Also if you have something to add please do. I will ensure this post is kept updated with more and better information.
-------------------------------------------------------------
This article has been written 100% by me. If you would like to syndicate please contact me on my blog Opinionated Poster
Recently I have been dealing with a domain theft. Trying to locate information and warning the original user. One thing this process has brought to light is the little people know about securing domain names.
The following are my thoughts on how to best secure your domain names. This is by no means a complete guide however if you think you can add too it please feel free in commenting and I will keep this post updated.
IMPORTANCE OF UPDATED WHOIS
Some people are very concerned with privacy and as such put false information in their WHOIS. This is dangerous on two counts.
- Having incorrect whois information makes it hard/impossible for your registrar to contact you in the event of a problem.
- It is against ICANN's rules to have false information. If you are caught you could find your domain confiscated. You also run the risk of if you are subject to a WIPO they will be unable to contact you and you will most likely lose the hearing by default.
The proper way to handle your privacy is to use something called WHOIS privacy, almost all registrars offer this type of service. I would urge you to avoid using a whois privacy service not associated with your registrar as you are unlikely to receive any necessary correspondence. Some cctld's offer this service free for private individuals at no extra cost (for example .co.uk offer this).
SECURING YOUR WHOIS
Regardless of whether you have whois privacy enabled on your domain or not I believe it to be a good practice to use an email address solely for whois information. This is the domain people will come to know as your WHOIS email. If this is only used for whois and they hack it they cannot do much damage with it. On the other hand if they hack this email and it is the same email used for your registrar then they can simply use the forgot password feature of your registrar to get the password, the rest is easy.
Bottom line is make sure your whois information is 100% accurate and updated.
SECURING YOUR REGISTRAR
There are several things you can do to secure your registrar. The first consideration you have is which registrar to use. Make this decision wisely, some registrars handle security better than others. Check out what features these registrars offer to help with security, even if it is simply emailing you when changes are made. Ensure you have a way to contact the registrar in the event of a problem. There is no point having a contact number for your registrar if they either never answer or are closed a lot. Once you have settled on a registrar then when signing up with them ensure you do the following:
- Supply valid information on sign up
- Use a different email than your whois email
- Choose a secure password, avoid words and ensure that the password contains uppercase, lowercase, numbers and if possible special characters
- Enable any security features the registrar offers
- Ensure registrar lock is enabled by default if possible
If during sign up the registrar asks for security questions step off of the beaten track. A lot of people use questions such as the following as security questions:
- Place of birth
- Mothers maiden nam
- Date of birth
OTHER CONSIDERATIONS
Other best practices can include ensuring for example that you use software that can track your domains, ensure this software also contacts you in some way in the event of any changes to the whois of your domain. If you couple this with for example email notifications from your registrar you are ensuring that you have a fail safe. If one method fails you have a backup.
WHAT IF MY DOMAIN IS STOLEN
If you are unfortunate enough to find out your domain is stolen, you should first and foremost contact the registrar to stop any transfer. While this is happening, ensure that you change all of your passwords, this includes your email passwords and registrar passwords.
Also make a big stink about it, post on forums or social network sites. The more people know about it the more people you can rely on to keep you updated and alert you of any changes.
Have I got anything wrong here? Have I forgotten anything? If so please do leave a message. Also if you have something to add please do. I will ensure this post is kept updated with more and better information.
-------------------------------------------------------------
This article has been written 100% by me. If you would like to syndicate please contact me on my blog Opinionated Poster
Last edited by a moderator:
