So your domain has been stolen. What now?
WhoTalking.com. Taken! Then taken back.
I was recently contacted by a local entrepeneur, Michael Q, after his internet domain was taken in circumstances similar to my own.
An intruder gained entry to his email account and used that to get enough information to transfer ownership of his domain away from his registrar.
His registrar was "crazy domains" (in my case it was 'Go Daddy') and the gaining registrar was a french registrar, bookmyname.com (in my case it was WebNames.ru, a russian registrar).
Michael and I wrote back and forth a lot over the next few days. I gave him as much advice as I could, and he kept me informed about his progress. On about the fifth day I got the excellent news that he was back in charge of his domain again.
Michael wrote a complete chronology of the incident: How I Lost My Domain Name and How I Got it Back
And here's my own step by step guide to what happens and what to do if your domain is hijacked, based on my experience and Michael's:
Losing and Regaining Your Domain, Step by Step
- Notice a warning in your gmail account that you've logged in using an unknown means from a distant location. Your spidey senses will begin tingling.
- Check for deleted emails -- find one from your domain registrar, saying you've transferred away from them. This will include details of the gaining registrar.
- Panic and or freak out completely at this point.
- Check for email rules that automatically delete any emails from the losing or gaining registrar. take screenshots of and then remove those rules.
- Secure your gmail account. change your password, change all your security questions and answers, change your recovery email address, disable any third party apps from accessing it, and disable pop and imap access. Start using 2-step verification.
- Think about all of the other things you store in your email account. Other passwords in particular. Start the long process of resetting every password you have. Put it in priority order. Use a proper password management system (e.g. password safe) so that all passwords are unique, complex and as long as possible.
- Now, and only now, is it time to stop panicking.
- All registrars are ICANN accredited businesses. They must abide by a code of practice, or they will lose their accreditation. One of the rules is that a domain can't hop to a new registrar for another 60 days. So breathe a sigh of relief and realise that you have 60 days to regain control of your domain.
- Contact your registrar and inform them that your domain has been hijacked and moved to the gaining registrar. Tell them it is a "disputed transfer", and that you want to fill out their disputed transfer away form. See if they have one (they should).
- Contact the gaining registrar -- it's their co-operation that will matter the most. Be nice to them. You may need to register at their site, go ahead and do this.
- Tell them your domain was hijacked from the losing registrar and moved to them.
To establish your identity you may need to send them a scanned copy of your identification (drivers license, passport). It's a scary thing to do, but seems to help, so go ahead and do this if they ask for it.
(It may also, for reasons that are beyond the scope of this article, help to send them a photo of yourself with a loaf of bread on your head)
Tell them when you first got the domain, what it was used for. Direct them to the way back machine screenshots of your use. If you don't speak their language you may need to find someone to help translate, or fall back to google translate.
- If you receive emails from the thief, take screenshots but do not respond. You have nothing to gain by responding. If however you do respond, I suggest you say some scary cold blooded shit like Liam Neeson's character in Taken. His message was perfectly direct:
I don't know who you are. I don't know what you want. If you are looking for ransom I can tell you I don't have money. But what I do have are a very particular set of skills. Skills I have acquired over a very long career. Skills that make me a nightmare for people like you. If you let my website go now, that'll be the end of it. I will not look for you, I will not pursue you. But if you don't, I will look for you, I will find you and I will kill you.
On second thoughts, killing people and even threatening to kill people, are considered a tad illegal in most jurisdictions. So you might want to write that email and then delete it without sending it. A better tactic is to try and draw out the hijacker. Ideally you'll get him to explicitly ask you to give him money to get your website back. People have used emails like this as part of the evidence they provide to the gaining registrar.
- Once the gaining registrar has established the facts, you should get your domain back. You may not be able to transfer it to the registrar of your choice until the 60 days have elapsed. You may need to wait while they wait for the hijacker to respond to their questions. Naturally the hijacker isn't going to have a very good story, and may simply fail to reply to their questions. But even this takes time. Patience is necessary. Remember you have 60 days.
That's all I've got. If something like this happens to you, or has happened to you, I wish you the best of luck.
'Mike' on Thu, 01 Nov 2012 19:15:02 GMT, sez:
I would recommend using an email account that you control instead of a gmail account.
Another tip is to use a separate "private" email account for your registrar login, and a second "public" email account that is listed on whois. Thieves can try to brute force the "public" email address all they want, when the real controlling email is private and safer.
'Michael Q' on Thu, 01 Nov 2012 22:10:00 GMT, sez:
Very useful and helpful article with complete guides of how to prevent and deal with stolen domains.
A Computer Simulation of Creative Work, or 'How To Get Nothing Done'
NimbleText 1.9 -- BoomTown!
**This** is how you pivot
Art of the command-line helper
Go and read a book.
Slurp up mega-traffic by writing scalable, timeless search-bait
Do *NOT* try this Hacking Script at home
The 'Should I automate it?' Calculator
aaron swartz: the early works
Finding (and removing) duplicate files on your hard drive
Harvey, a .net chat server built with RabbitMQ
So your domain has been stolen. What now?
kv can remember it for you, wholesale
Hello IT Department
Dialog Between a Man and His Vista Laptop
NimbleText 1.6, Codename Jetboat
On Task Hoarding and Todo Bankruptcy
Developer UI Done Right: Mercurial Commandline!
Rediscovering the Amstrad CPC 6128
The Correct Order for a First Time Viewing of The Lord Of The Rings
A new era for Android.
Mind-boggling Demo of New Gaming Genre, aka Folder-Based Hangman, aka Fun with Recursion
Complete secretGeek Archives
TimeSnapper: automatic screenshot journal
25 steps for building a Micro-ISV
3 Minute Guide Series
Universal Troubleshooting Checklist
Top 10 SecretGeek articles
Now at CodePlex
RealTime Online CSS Editor
How to be depressed
You are not inadequate.
the little schemer
The Best Software Writing I
The Business Of Software (Eric Sink)
dot net kicks
Human Link Machines
a continuous learner's weblog
weekly link post
LogEnvy - event logs made sexy
Computer, Unlocked. A rapid computer customization resource
BrisParks :: best parks for kids in brisbane
PhysioTec, Brisbane Specialist Physiotherapy & Pilates