Tips for preventing domain theft

I've been thinking about steps to take to prevent domain theft and thought it might be worthwhile to start a thread where we can share ideas on how to best secure our domain assets. I'll start the ball rolling with some ideas of my own ( some of them might be overly paranoid ) and hopefully others can add to the discussion.

1. The email address in your whois info should be different from the administrative email address you use for your registrar. Hackers will sometimes try to get into your email account so that they can then unlock your registrar account by going the "forgot password" route and intercepting the reset password email. If a hacker doesn't know what email address you use for your account, that makes their job that much more difficult. Domain privacy can add an additional layer of security here since your whois information won't provide any clues about who you are and what email addresses you tend to use.

2. The email account you use for your registrar should be an address you don't use for any other purpose. This will prevent hackers from being able to research you and deducing your administrative email address based on publicly available information.

3. Use 2 factor authentication for both your registrar account and your email account.

4. Use strong passwords for your email and registrar accounts and don't use the same password for both.

5. Don't use an easy to guess username for your accounts ( eg firstname/lastname or company name are a bad idea ).

6. Keep your computer secure and free of malware. If a hacker gains access to your computer, they can potentially gain access to your accounts. I've personally switched over to Linux since protecting a Windows based machine seems like a never ending battle.

7. Pay extra attention when receiving emails that seem to be coming from your registrar and that have you clicking links. If the link takes you to a page that requests your username and password, it's most likely a hacker site.

Any other suggestions?

 

Great pointers.

Would just like to share a few things as well about 2fa and other security features.

2fa app - When I found out about this, I was a bit hesitant so I started some search. A few years ago this was bypassed (if I remember right) both by whitehat and blackhat folks, of course developers had to fix holes which I'm not sure if there are any more. Regardless, I am using it now since everyone seems to be recommending it left and right and .. I haven't heard of anyone being brute forced while using it in recent years. Works fine and does add some confidence for sure.

The only thing is you'd have to know what to do if for some reasons the device you set your app with gets stolen or lost. You still need to setup other stuff like Recovery codes to access your account in case that happens. Outlook and Gmail will give you that option among others. With Gmail, for example, you can generate a set of 10 one-time codes and generate new ones whenever you like (something Wordpress has too, pretty cool). Outlook can generate one at a time.

Now let's say ok you have your phone but have to use the computer elsewhere, another feature Outlook mail has is a single-use code sent to your phone which is great if you're paranoia is as bad as some diarrhea.. I mean if you're signing up using someone else's pc (if we're talking potential malware infection). Btw, Facebook has this feature as well (called one-time password/otp that's good for 20mins).

I will be waiting for squirrel noises.

**just realized OP post is 2014 .

 

Wow!!!! great eye opener for new domain owners........more ideas please.
Thank you

 

I'm a bit concerned as my authenticity has been queried, supposedly by Nominet who have threatened to remove all domains registered to myself via one certain registrar if they don't see some kind of govt ID - can they do that? Would they? I changed the registrant name of the domain in question to the name on the bank account - that should certainly check out, but I'm not happy about having done so and neither is the person whose bank account it's come from. Nominet via Above - emails from both orgs, one slightly threatening and one saying I best just do as asked or Nominet would remove my existing domains under this account and would not allow registration of any more in future - this can't be right?

 

also, list your domain on trusted sites like namepros.com, flippa.com, sedo.com

 

Super! I never thought of this part. Shall take care of it more.
Thanks for sharing and creating this thread.

 

Keep your antivirus software up to date and scan your computer regularly.

I scan my computer manually whenever I see something questionable happen. I have enabled auto scan of downloaded files, I have schedule scans automatically set to weekly.

 

If you dont buy any ,you dont need any.

 

Great advise. Thanks!

 

Hi Guys!

I'm new here. Here is what you can do. But only do this if you are comfortable using VeraCrypt or other Crypto Software.

If you wanna stay safe then you can do the following.

1. Create an encrypted file container with VeraCrypt or other reliable Crypto Software.
2. Create a text file with logins and passwords in the encrypted container and use passwords that do not have anything to do with a dictionary whatsoever or anything personal like DOB. Just numbers and letters in a big mix 20 characters minimum for passwords.
3. Please do not ever use the remember me tick box "passwords are cached". Take the extra time to dismount your container it can save you from the intruders getting information from the cached files in your computer. If you get hacked there will be a very tiny chance for them to crack the VeraCrypt container. If you used a good password for it that is.
4. Please use an extremely difficult password for your email account. If they get ahold of that you are in a major sh*tstorm.
Only do this if you have a good memory. You wouldn't want to forget the container password since there is no way to retrieve your password.

 

I know this is an old thread but I only joined today and I'm having a look around

One thing I didn't see mentioned in the above thread is Super Registry Lock i.e. taking the domain off automated API with the relevant registry. Significant changes such as NS, Transfers and Ownership updates must be verbally confirmed with the registrant via pre-arranged communication channels and then the registry will in turn verbally confirm the changes with the holding registrar, only once both verification's have been carried out will the amendments be applied.

Just a thought... ;

 

About 10 years ago I wrote an article that covered some of this and a few more steps, still worth a read but could use an update.

http://blog.petermcdonald.co.uk/2010/12/27/securing-your-domain-name/

 

Thank you for sharing, all should be aware. You likely saved someone a big headache in the near future. Scammers dont hide too long because they know most forget - if it was someone else.

On another point, read a post earlier about the loss of content producers (sorry poster - please link). One of the point made was - if you liked the content of not it was be distributed and widely. So, messages like this - serious warnings to the community - are going to get far less exposure as a consequence.

It is even more important to keep this type communication going - NamePros is the best place to keep as many in the loop as possible. It will likely bring more to NamePros as well - fringe / stalker "domainers" need places to get news and "inside" info only we have. hahahahaha

 

Hi'
am new to the industry and have listed a few domains at sedo,namepros,afternic,eBay and 4.cn.
I have been contacted directly by a guy from Osaka Japan who says he is a senior broker through email [email protected]
He says he got my mail through Whois account and telling me there is a buyer who wants a certain domain of mine.
I have contacted him back that the domain is available. Kindly, what should I do/not do when dealing with abroker outside the market place?I understand some are just frauds.please help
Thank you

 

Pay extra fee for: serverUpdateProhibited in domain name's status

 

I think the two best ones you have listed are to use two factor authentication and avoiding social engineering hacks. The last one is probably the most common way people get hacked these days

 

The tips to prevent domain theft includes:
1.Pick an enterprise class domain name registry.
2.Keep up to date with the security patches.
3.Monitor where site traffic is going.
4.Request DNSSEC from your registrar.

 

Buy crap names then they are safe. Log into your accounts daily check totals so act fast if problems.

 

Ignore it, it's a scam.

 

If you can get a static IP address, Epik offers a free security option that only allows account login from your IP address. No other computer in the world could login to your account. That's pretty cool.

 

This is true. "IP Whitelisting" is what they call it. You can add multiple addresses to accommodate multiple devices/locations.

 

I use 2FA whenever I can, but even that can be a pain sometimes. I say this not because of the extra steps/time involved (totally worth it, in the interest of account security), but because every now and then, the 3rd-party responsible for 2FA at some registrars may experience a glitch which prevents you from using 2FA to log in. (At least I'm assuming it's a glitch, and not some sort of hack attempt or other nefarious act.)

When that happens, your only recourse is contacting the registrar and having them disable 2FA for you so that you can access your account again.

How do I know this? Because it has happened to me--more than once--with more than one registrar. #Chuckle

Additionally, this has only happened to me with SMS/text 2FA, not for services which utilize Google Authenticator or Authy.

 

Great advice. I didn't think it would be that easy to steal domains. But then again technology changes faster than I can keep up with it.

 

the ultimate safeguard