Domain theft is nothing new to Web-hosting business and once you lost a domain to a theif, next few days are going to be sleepless for you. One of my Bloggers friend Hesham domains (FamousBloggers.net and other domain) got hacked by a hacker and at the top of it, the guy who stole his domain, made him an offer of $999 to get the domain back. You can read the complete story here. Most of newbies, who starts with domain, they are not aware of domain security features available on their domain manager account and they miss out many important settings, which should be there from day one.
Well, as we say Prevention is better than cure, in domain business once you lost the business, you will be sitting on the thin line of getting your stolen domain back. Infact, chances are very less and there are many legal procedure involved. Here I’m sharing some of the domain security settings, which you should enable in your domain right now. These settings are available on most of the domain registrar I use like Godaddy, Namecheap, ShoutMydomain.
Domain Security settings for Newbie:
So, you are the proud owner of over 100 domains and once fine day you woke up and realize your domain manager account is missing all the domains and that’s what we call WTF moment. Have you taken care of all the privacy and security settings offered by your domain service? Specially, I hate Godaddy as transferring domain from one Godaddy account to other is easy and anyone can do it, once they get access to your account. So, lets start with the security measures for securing your domain name:
As we say “Sometime we are so busy in learning advance stuff..that we forget our basics..!!! A mistake which we should never make!!”. Start with creating a secure and strong password. Make sure it’s a mix of alphanumeric with special characters. Keep changing your password after every regular interval. I have set a date for maintenance of my blog, and that’s the day when I change all my passwords and update them. Basic but most important step.
Another thing is, many of us hire freelancer and companies to work on our site and we give them access to our domain panel, make sure to change your password when work is done. Also, check all settings like primary email and who.is of your domain to make sure nothing has been altered.
Don’t use Emails to direct access to your Domain account:
How many times you Emails from your domain registrar to login to your account to avail discount and similar notification Emails. If you are tech-savvy, always check the header of Email or check the URL which you are using to login to your domain account. Phishing is most common form of social-engineering and this is what hacker do to get your account access. They will send you an Email which will look exactly the same as your domain newsletter mail, and in most of the cases people click and login to their account and lose access. It’s better to login to your account by directly typing the login URL in URl field such as
Enable Privacy: Buy Who.is guard:
Until unless you have a company with a cyber lawyer, enable Who.is privacy for your domain. This will make sure no one can find contact details of your domain. Your who.is record will be updated with an anonymous record. Most of domain registrar like ShoutMydomain, offers free who.is guard for an year.
Though using who.is guard every year could be a costly affair for newbie bloggers, in this case make sure Email name used in who.is info, should not be the same as your domain access Email. Domain hackers usually target such Email first by various Social engineering skills.
Domain locking feature:
When you are done purchasing your domain, make sure to take advantage of Domain locking security feature. This will avoid any unauthorized transfer and domain changes. You can easily find this setting in your domain panel. Here is a screenshot of Godaddy domain manager panel.
Use separate hosting and domain account:
One of the biggest domain mistake webmaster do is, using same hosting account for domain and hosting. I will never recommend this, as once hacker get access to your hosting account, you will lose access to your domain and there is no option of restoring. My suggestion is to, use different domain registrar and also take daily backup of your hosting account on 3rd party services like Amazon S3 or dropbox.
Anyhow, I’m sure these steps will help you to add extra layer of security but even though if your domain is hi-jacked, it’s always a good idea to keep domain name transfer dispute form ready. Here is one handy link for Godaddy domains, which you can use in case of your Godaddy domain is Hi-jacked. Here is ICANN guide on what to do when unauthorized domain transfer happens.
I hope this quick tutorial will help you to increase domain security and fight against domain theft. If you have more suggestion and ideas to avoid domain stealing, do let me know via comments.