Tips for preventing domain theft

Discussion in 'Warnings and Alerts' started by discobull, Dec 28, 2014.


  1. discobull

    discobull Active Member VIP

    Jan 3, 2011
    Likes Received:
    I've been thinking about steps to take to prevent domain theft and thought it might be worthwhile to start a thread where we can share ideas on how to best secure our domain assets. I'll start the ball rolling with some ideas of my own ( some of them might be overly paranoid :) ) and hopefully others can add to the discussion.

    1. The email address in your whois info should be different from the administrative email address you use for your registrar. Hackers will sometimes try to get into your email account so that they can then unlock your registrar account by going the "forgot password" route and intercepting the reset password email. If a hacker doesn't know what email address you use for your account, that makes their job that much more difficult. Domain privacy can add an additional layer of security here since your whois information won't provide any clues about who you are and what email addresses you tend to use.

    2. The email account you use for your registrar should be an address you don't use for any other purpose. This will prevent hackers from being able to research you and deducing your administrative email address based on publicly available information.

    3. Use 2 factor authentication for both your registrar account and your email account.

    4. Use strong passwords for your email and registrar accounts and don't use the same password for both.

    5. Don't use an easy to guess username for your accounts ( eg firstname/lastname or company name are a bad idea ).

    6. Keep your computer secure and free of malware. If a hacker gains access to your computer, they can potentially gain access to your accounts. I've personally switched over to Linux since protecting a Windows based machine seems like a never ending battle.

    7. Pay extra attention when receiving emails that seem to be coming from your registrar and that have you clicking links. If the link takes you to a page that requests your username and password, it's most likely a hacker site.

    Any other suggestions?
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. Namescost

    Namescost Established Member

    Nov 15, 2015
    Likes Received:
  3. cmdomains

    cmdomains Established Member

    Jun 19, 2015
    Likes Received:
    Great pointers.

    Would just like to share a few things as well about 2fa and other security features.

    2fa app - When I found out about this, I was a bit hesitant so I started some search. A few years ago this was bypassed (if I remember right) both by whitehat and blackhat folks, of course developers had to fix holes which I'm not sure if there are any more. Regardless, I am using it now since everyone seems to be recommending it left and right and .. I haven't heard of anyone being brute forced while using it in recent years. Works fine and does add some confidence for sure.

    The only thing is you'd have to know what to do if for some reasons the device you set your app with gets stolen or lost. You still need to setup other stuff like Recovery codes to access your account in case that happens. Outlook and Gmail will give you that option among others. With Gmail, for example, you can generate a set of 10 one-time codes and generate new ones whenever you like (something Wordpress has too, pretty cool). Outlook can generate one at a time.

    Now let's say ok you have your phone but have to use the computer elsewhere, another feature Outlook mail has is a single-use code sent to your phone which is great if you're paranoia is as bad as some diarrhea.. I mean if you're signing up using someone else's pc (if we're talking potential malware infection). Btw, Facebook has this feature as well (called one-time password/otp that's good for 20mins).

    I will be waiting for squirrel noises.

    **just realized OP post is 2014 .
  4. Cyrilek

    Cyrilek Established Member

    Dec 22, 2015
    Likes Received:
    Wow!!!! great eye opener for new domain owners........more ideas please.
    Thank you
  5. SophieWar

    SophieWar Established Member

    Feb 9, 2016
    Likes Received:
    I'm a bit concerned as my authenticity has been queried, supposedly by Nominet who have threatened to remove all domains registered to myself via one certain registrar if they don't see some kind of govt ID - can they do that? Would they? I changed the registrant name of the domain in question to the name on the bank account - that should certainly check out, but I'm not happy about having done so and neither is the person whose bank account it's come from. Nominet via Above - emails from both orgs, one slightly threatening and one saying I best just do as asked or Nominet would remove my existing domains under this account and would not allow registration of any more in future - this can't be right?
  6. innocent452003

    innocent452003 New Member

    Mar 6, 2016
    Likes Received:
    also, list your domain on trusted sites like,,
  7. isankett

    isankett Established Member

    Dec 26, 2016
    Likes Received:
    Super! I never thought of this part. Shall take care of it more.
    Thanks for sharing and creating this thread.
  8. Julio

    Julio VIP ★★★★★★★★★★

    Nov 8, 2005
    Likes Received:
    Keep your antivirus software up to date and scan your computer regularly.

    I scan my computer manually whenever I see something questionable happen. I have enabled auto scan of downloaded files, I have schedule scans automatically set to weekly.
  9. ben pedri

    ben pedri Active Member VIP

    Dec 6, 2015
    Likes Received:
    If you dont buy any ,you dont need any.
  10. Steger13

    Steger13 Established Member

    Apr 17, 2017
    Likes Received:
    Great advise. Thanks!(y)
  11. Auspicious-Success

    Auspicious-Success Established Member

    Jul 11, 2017
    Likes Received:
    Hi Guys!

    I'm new here. Here is what you can do. But only do this if you are comfortable using VeraCrypt or other Crypto Software.

    If you wanna stay safe then you can do the following.

    1. Create an encrypted file container with VeraCrypt or other reliable Crypto Software.
    2. Create a text file with logins and passwords in the encrypted container and use passwords that do not have anything to do with a dictionary whatsoever or anything personal like DOB. Just numbers and letters in a big mix 20 characters minimum for passwords.
    3. Please do not ever use the remember me tick box "passwords are cached". Take the extra time to dismount your container it can save you from the intruders getting information from the cached files in your computer. If you get hacked there will be a very tiny chance for them to crack the VeraCrypt container. If you used a good password for it that is.
    4. Please use an extremely difficult password for your email account. If they get ahold of that you are in a major sh*tstorm.
    Only do this if you have a good memory. You wouldn't want to forget the container password since there is no way to retrieve your password.
  12. BigRich

    BigRich New Member

    Aug 29, 2017
    Likes Received:
    I know this is an old thread but I only joined today and I'm having a look around :)

    One thing I didn't see mentioned in the above thread is Super Registry Lock i.e. taking the domain off automated API with the relevant registry. Significant changes such as NS, Transfers and Ownership updates must be verbally confirmed with the registrant via pre-arranged communication channels and then the registry will in turn verbally confirm the changes with the holding registrar, only once both verification's have been carried out will the amendments be applied.

    Just a thought... ;:)
  13. Peter

    Peter Top Member VIP ★★★★★★★★★★

    Nov 9, 2003
    Likes Received:
  14. DnameAgame

    DnameAgame Be polite, remember to say BrandPlease Business Account

    Apr 3, 2017
    Likes Received:
    Thank you for sharing, all should be aware. You likely saved someone a big headache in the near future. Scammers dont hide too long because they know most forget - if it was someone else.

    On another point, read a post earlier about the loss of content producers (sorry poster - please link). One of the point made was - if you liked the content of not it was be distributed and widely. So, messages like this - serious warnings to the community - are going to get far less exposure as a consequence.

    It is even more important to keep this type communication going - NamePros is the best place to keep as many in the loop as possible. It will likely bring more to NamePros as well - fringe / stalker "domainers" need places to get news and "inside" info only we have. hahahahaha

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!

Share This Page