Defending the domain

If you run a website, your most precious commodity is your domain name registration. Consider this:

  • If your site gets taken over by a hacker, you can put up a new site on a fresh machine, point your DNS servers to the new machine, and you are back in business.
  • If you have a business dispute with your hosting company and they stop hosting your site, or they go out of business, or law enforcement seizes all their servers because an unrelated site they host did something illegal, you can move to a new hosting company, point the DNS servers to them, and you are back in business.
  • And if you have some problem with your DNS provider, you can get a new one, point the domain registration to them, and you are good.
  • But if someone gets control of your domain registration and locks you out, they can point it to their own DNS servers, and redirect visitors to a facsimile of your site, one that steals their login credentials, or displays doctored pages that will harm your business reputation. And you cannot do anything about other than picking a new domain name and trying to figure out how to get your customers to go to the new site.

So what should you do to protect your domain registration?

  • Use a separate domain registrar. A lot of hosting companies will register your domain for you. This is convenient, but if you decide to change hosting companies, you have to beg them to transfer your domain, or at least point it to the new hosting company. Having a separate registrar, who has no financial interest in where you host your site, keeps you in control.
  • Use two-factor authentication when logging into your domain registrar, preferably with an authentication app like Google Authenticator for Android or iOS. (Two-factor authentication via SMS messages is vulnerable to social engineering. This article gives a vivid example of how SMS messages can be intercepted.)
  • Make sure you renew your domain name on time. Krebs on Security had a recent post about criminals buying the domain names of legitimate sites that have let them expire and using them to host fake stores that steal credit card information. (Another reason to stay on top of the renewals is that some domain registrars charge a lot—US$ 80—to reinstate expired domain names, even within tho 30-day ICANN grace period.)
  • Activate the transfer lock or registrar lock for your domain name on your registrar’s site. This prevents it from being transferred to another registrar via automation.

Of course, you still have to protect your DNS provider account, and your website itself, but if your domain name is secured, it is much easier to recover from other lapses in security.


Leave a Reply

Your email address will not be published. Required fields are marked *