Sitemap · 2023 Dn.com All Rights Reserved
As the heat of internet entrepreneurship continues to rise, domain name theft incidents have become increasingly common in recent years, drawing more attention from both businesses and individual website owners to domain name security. On t
As the heat of internet entrepreneurship continues to rise, domain name theft incidents have become increasingly common in recent years, drawing more attention from both businesses and individual website owners to domain name security. On the evening of October 8th, a Weibo post by @黄四维 about "domain name theft and rights protection" once again brought the topic of "domain name security" to the forefront of public discourse. The Weibo post stated that after returning from a long holiday, Huang Siwei discovered that the domain name of his luxury goods portal website, Neeu.com, which he had painstakingly operated since 2004, had been transferred out of his domain name account and moved to a US domain name registrar. If he does not reclaim the domain name in a short time, it could mean that Huang Siwei's efforts over the past ten years would go to waste.
I. Why Are Domain Names Stolen
Typically, hackers steal domain names for either network attack-oriented or profit-oriented purposes. Network attack-oriented theft involves redirecting the domain name to their own server, turning the website into a page filled with Trojans or viruses, directly causing users who log into the website to be infected with Trojans and viruses. Even if the domain name is recovered later, the website's credibility will be greatly diminished.
Profit-oriented theft mainly falls into three categories:
1. Hackers can still mimic the original website and rely on the existing website traffic to gain continuous benefits.
2. They can steal high-weighted website domain names to create multiple subdomains and redirect these subdomains to illegal content websites, such as gambling, adult content, or private servers, to generate illegal revenue.
3. After obtaining high-quality domain names, hackers can profit directly through resale. Regardless of the hacker's motive, once a domain name is stolen, the website owner loses all control. Even if they register a new domain name, they must start from scratch to attract users and establish the domain name brand. Once again, user popularity and recognition will be greatly reduced.
Although there are many successful cases of recovering stolen domain names on the Internet, website owners often find themselves caught between ICANN, domain name registrars, registries, law enforcement agencies, and courts, with the manpower, time, and money spent often outweighing the benefits. This is especially crucial for smaller websites that are just starting to gain popularity; taking proactive domain protection measures is essential.
II. How to Protect Domain Name Security
1. Account Security
Whenever a domain name transfer occurs, the first step is to log in to the member account and obtain the domain transfer password. Therefore, the security of the member account should be the first thing users strengthen. In addition to the mandatory security protection provided by service providers, users can also enhance protection by regularly changing member passwords and setting super-strong passwords that include uppercase and lowercase letters, numbers, symbols, and are longer than 8 to 16 characters. Furthermore, logging into accounts in public network environments should be avoided whenever possible, as it is a common way for users to expose their accounts.
2. Email Security
According to the usual process, when users use domain transfer services, the registrar's system automatically sends the transfer password to the registrant's email address, while also sending a notification to the domain management contact's email address. Users can only complete the domain transfer process using the transfer password received in the registrant's email. Therefore, email security is another important layer of domain security. To secure emails, security experts suggest:
- Separating email passwords from domain management system passwords, effectively preventing hackers from breaching both defenses with one cracked password.
- Adding multiple layers of protection to the email, such as real-name authentication, linking to a mobile phone, password change notifications, and receiving email notifications via SMS.
- Binding the email to a mobile device to ensure timely receipt of emails. Even if a hacker gains access to the transfer password, users can cancel the transfer in a timely manner to prevent losses.
3. Whois Information Privacy
Through Whois information queries, internet users can easily obtain personal privacy information about a domain, including the owner's name and email address, administrative contact information, and more. In most cases, hackers use Whois information queries as a primary source of information to launch attacks on domains and emails.
Whois information privacy protection service is a value-added service for domains. After enabling this service, the system automatically shields owner details, including registrant, administrative contact, technical contact, and billing contact information, when users query the Whois information of the domain. The service uses specialized "registrant" information as a substitute for the original information, making it difficult for hackers to access the true owner's information through Whois queries, reducing the likelihood of domain theft. This service is supported by most top-level domain registrars in the country.
4. Domain Name Locking
In addition to privacy protection, website owners can choose domain name locking services to protect their domains. Most top-level domain service providers in China offer domain name locking services for their entire range of domains. When domain name locking is enabled, any modification requires verification of security questions associated with the account. Only after passing the verification can changes be made to domain registration information, DNS settings, domain management rights, and domain status. Furthermore, when domain name locking is active, the domain is in a "transfer prohibited" state and cannot be transferred without unlocking it first. This comprehensive locking mechanism effectively prevents hackers from using domain transfer services to steal domains.
5. Registry Locking
In the internet era, people often associate domain name value with .com domains. The long history of .com domains and the preference of Fortune 500 companies have established their outstanding status and high value on the internet platform. To address this, registry locking services have emerged. It is worth mentioning that most Fortune 500 companies and many well-known enterprises choose to purchase registry locking services. The security level of registry locking services is high. In addition to the normal system verification process, registry locking services require users to set a unique contact when purchasing the service. The registrar's customer service professionals verify this contact offline. Once the verification is successful, registry locking services are activated. When users need to modify domain information, they must specify the contact person to unlock and complete the operation within a specified time. The dual control of system and human ensures the rigor and high security of the service, making registry locking services the ultimate domain protection strategy in the industry. Currently, most top-level domain registrars in China support registry locking services for major domains such as .com, .net, .cc, .name, and .tv.
6. Regular Logins
Usually, website owners do not have the habit of logging into the domain management system regularly, and they may not be able to detect that their website has been stolen if they rely solely on the frontend page. Using the example of Huang Siwei's case, the hacker had not yet changed the website's DNS address, so if he had not logged into the domain management system, he would not have discovered that the domain had been stolen. Therefore, for websites that have gained some popularity, technical experts recommend that website owners regularly check domain registration information. In case of theft, early detection increases the chances of recovering the domain. If necessary, passwords should be changed regularly, and attention should be paid to complexity. Domain security experts emphasize that passwords consisting of a combination of numbers, uppercase and lowercase letters, and special symbols offer higher security.
In the open world of the internet, there should never be room for compl
acency. Website owners must realize that someone is always collecting their information and waiting for an opportunity to steal their hard work. "Prevention is the best way to solve a crisis," is a rule of thumb followed by most entrepreneurs. This rule applies equally to running and cultivating a website. Taking proactive steps to protect your domain in advance is also a responsibility to yourself, your business, and your team.
29 Feb 2024 11:48:48 AMIndustry Information
The latest European ccTLD Registry Domain Name Report has been released. It covers the global status and registration trends for all top-level domains (legacy gTLDs, new gTLDs and ccTLDs), with a particular focus on the European ccTLD
28 Feb 2024 05:34:47 PMIndustry Information
Apple is said to be preparing to unveil a new Siri along with other AI features, including iWork, at the WWDC (Worldwide Developers Conference) in June this year. considering that Microsoft has already introduced AI features to both
28 Feb 2024 12:03:11 PMIndustry Information
ENS plans to pay auction bidders $300,000 to settle the dispute. 88 per cent of the vote approved a payment of $300,000 to ManifoldFinance, which won eth.link in the auction. 62 per cent also authorised a settlement for an amount less
27 Feb 2024 04:02:53 PMIndustry Information
Trader Joe's filed a dispute with WIPO under the Uniform Domain Name Dispute Resolution Policy (UDRP), but the domain name owner has said he registered the domain name as a financial trading site for the general public.
The sale of the untimely renewed domain name Dog.ai for $47,150 (roughly Rs. 340,000) earlier this month was void, as the auction winner apparently failed to pay. The domain is currently up for auction with a few days left; there are
Industry Information 27 Feb 2024 11:58:45 AM
The report is based on 145,100 aftermarket domain sales recorded by NameBio in 2023, totaling slightly over $139 million. At least from the NameBio data, it can be seen that the dollar volume of domain market transactions decreased by 21.2%
Industry Information 26 Feb 2024 04:14:39 PM
More exciting domain summits are coming up in 2024. Here are the dates and locations of upcoming domain summits in 2024 across the globe. Let's take a look at these important events.
Domain Summit 26 Feb 2024 12:05:24 PM
According to overseas media, another word domain name Loft.ai has been successfully traded for $50,000 (about RMB 359,000), which was registered in September 2018, with the prefix Loft meaning "loft and small room". The domain name
Industry Information 23 Feb 2024 04:26:36 PM
Recently, two other highly anticipated domain name transactions have also attracted people's attention. The domain "Bet.bet" was sold for $600,000 (approximately 4.3 million RMB), while the numerical and word combination domain Bet789.com
Industry Information 23 Feb 2024 03:17:34 PM
Recent news reports indicate that Meta, Inc., the parent company of Facebook, Instagram and WhatsApp, has filed multiple UDRP cases in defence of its "Meta" trademark. Shortly after the company's domain name was rebranded,
Industry Information 22 Feb 2024 05:57:14 PM