Are you in control of your domain name? Might seem a simple enough question, but have you really looked into how difficult it would be for you to lose your domain? Don’t overlook the value your domain name brings to your business—be it advertising, orders, or communication—and keep it safe. Double check how secure it is, it could just make your life a little easier.
In the past year, I’ve worked with three clients who have had problems with their domains from former employees and former web designers. It’s fairly simple in most cases for this to happen. Someone will set up the domain on your behalf to get the ball rolling and just leave it alone. Should a relationship turn, professionally or personally, it can see your domain in the hands of someone who might not be best pleased with you. With the domain in their name, or even just with the login details to where the domain is registered, they can do what they like initially. Be it changing the name servers of your domain to bring down hosting and email, or transferring it away to another registrar further removing you from control.
Of course, it’s not only people who you know that can cause you problems, you could also be a victim of Domain Hijacking by a baddy.
Preventing Domain Theft
Here’s a few key areas to look out for to make sure you stay in control of your domain.
Quite often I see people’s domains that aren’t setup in their name, it’s an employee or third party. These details are important as they define who owns the domain, and who is the primary contact for changes—such as domain transfers. If you’re not the contact on a domain and someone tries to move it without you knowing, no one is going to ask you if it’s okay. The confirmation will go to the person who’s contact details are registered to the domain.
If you already have a domain, you can check the registration details either through your registrar’s control panel or a Whois lookup if your details are public. Nominet provide a Whois service for UK domains, and for other domains I use who.is. Not in your name? Sort it out through your registrar.
Secure The Registrars Login
Sometimes, a web designer might ask you for login details to where your domain is registered to make some changes to set things up. If you really aren’t comfortable with making these changes yourself, probably to the name servers, then you can always ask your registrar to do them for you. Just get the details that need changed from your web designer and the support team should be able to help you out without passing on your login details to anyone.
If you trust your web designer, I would change the password to something temporary for them to make the changes, then change it again once they are done. A process they should probably be suggesting to you anyway.
I would suggest registering the domain with a separate company to where your website’s hosted. This doesn’t matter that much, but it makes sense that if one is compromised in some way, not everything is effected in one go. If you have someone working on your website’s hosting to get things setup, then your domain isn’t sitting on the same account for them to make any tweaks to that at the same time.
Secure The Administrative Email
If you’re targeted by a hacker, the chances are they’ll gain access to your domain by hacking your email account that is the administrative contact on your domain. If they have access to your email, they can login to your domain control panel through the Forgot Password link. Once they are in, they can start a transfer and change the name servers. Since they have access to the email account they can confirm all the transfer requests. You can combat this by keeping your email safe and setting your Whois information to private. This means a third party can’t look up your domain and get the email address they need to hack. Exercise good security practice on your email account by using two factor authentication and changing your password regularly.
Troubles? Questions? Email me.