How the Domain Names are Hijacked?
No! This is not an article to help or encourage anyone trying to hijack a domain. Rather, this is like an eye-opener and a wake-up call for all those ignorant web-masters to secure their website domains.
From Wiki: Domain hijacking or domain theft is the process by which registration of a currently registered domain name is transferred without the permission of its original registrant, generally by exploiting a vulnerability in the domain name registration system.
Related Read: Difference Between Hacking and Hijacking
Any website consists of 2 parts – a Domain Name System (or DNS) and a web-hosting server (where files reside). What this means is, in reality domain name and web server are 2 completely different entities and are integrated together before the website goes live.
When someone registers a domain name (say example.com) with a domain name provider (like GoDaddy or Namecheap), he gets to use a control panel provided by the registrar. Using this control panel, he would have to point his domain to his web servers which might be hosted elsewhere. Now, whenever an Internet user types “example.com”, the domain name “example.com” is resolved to the target web server and the web page is displayed.
How the Domain names are Hijacked?
A domain can be hijacked only when the domain’s control panel is compromised. In order to gain access to the control panel, you would need these 2 details about the domain
1. The domain registrar name and
2. The administrative email address associated with the domain.
Getting these 2 details is not too tough. Just use a WHOIS service (like DomainTools or whois.net) to lookup the details related to that domain. Under WHOIS Record, you will get to see both the registrar name and the administrative contact email address.
This administrative contact email address is the key to hijack a domain. Once the hacker hacks into this email’s inbox, he will be able to change and control the domain as he likes. Now, hacking an email is a completely different topic. Usually, a hacker sends a phishing email containing a fake login page, fooling the user to reveal his email id and password. More sophisticated ways include using keyloggers embedded within an email.
Once the hacker takes full control of this email account, he visits the domain registrar’s website and click on forgot password in the login page. There he will be asked to enter either the domain name or the administrative email address to initiate the password reset process. Once this is done all the details to reset the password will be sent to the administrative email address. Since the hacker has the access to this email account he can easily reset the password of domain control panel. After resetting the password, he logs into the control panel with the new password and from there he can hijack the domain within minutes.
How to Protect your Website Domain from Hijacking?
If you have read the above part carefully, you would already know the answer for the current question. Yes! keeping your administrative email address associated with your domain secure and safe is the key. I would suggest you to go for private domain registration or WHOIS guard privacy. This would cost you around $3 per year or sometimes, you might get it for free as well.
When you register a domain name using the private registration option, all your personal details such as your name, address, phone and administrative email address are hidden from the public. So when a hacker performs a WHOIS lookup for you domain name, he will not be able to find your name, phone and administrative email address. So the private registration provides an extra security and protects your privacy.
Even with WHOISGuard ON, people can still contact you via a routing email Id provided by WHOISGuard. Some hackers might try to make use of this routing email id to contact you for link exchange or buying text links, so that they get to know your administrative email address if you choose to reply to their requests. Make sure you don’t entertain such requests coming via WHOIS.