reconnaissance

SecurityTrails Blog · Sep 27 · SecurityTrails team

Preventing Domain Hijacking – 10 Steps to Increase your Domain Security

OS Server daemons (also known as services), as well as applications, always require security hardening to prevent remote attacks. Previously we posted two great articles about server hardening: How to prevent DNS Attacks and another one dedicated to increasing your SSH Server Security.

However, your entire online business can suffer if you neglect another key part of every Internet business: your domain name.

Let’s suppose you have an e-commerce website. Anonymous users, as well as existing customers and visitors, will use your domain name day-by-day to run simple tasks; such as buying from your online store, asking for technical support, making changes in their user accounts, sending email and other interactions with your website.

In other words: your domain name is extremely important.

But what would your reaction be if you woke up one day to find that your domain has stopped responding, or even worse --that your domain is showing different content than your original website design? You’d probably panic!

This can happen for a few reasons:

  • Your DNS server has been hacked, and attackers altered the DNS zone records.
  • Your FTP/SSH space has been compromised and attackers replaced your content with their custom files.
  • Or maybe the worst: your domain name has been stolen, or hijacked.

Let’s focus on hijacking.

What is Domain Hijacking?

Domain hijacking is another way to say your domain name has been stolen.

This means someone has gained access to your domain registrar account details and is now in full control of all domain-based functions, including changing DNS name servers, setting a new domain status and transferring the domain name, as well as altering the personal, technical and administrative details of all domains located under that account.

Having your domain stolen could significantly and negatively impact your business and can cost you your entire company if you don’t recover your domain ownership.

Once your domain has been hijacked, the attackers will probably transfer it to another registrar, the most common thing they do in these cases. Once this happens, trying to get it back to the original owner gets even more complicated.

How can anyone hijack my domain name?

There are many ways for attackers to gain control of your domain name, including but not limited to:

  • Tricking you by displaying a fake Phishing page to get your domain registrar login details.
  • Domain registrar data breach, exposing your personal login and passwords to the attackers.
  • Social engineering: they call you, claiming to be your domain registrar and asking for login details to verify your account information.
  • Local keyloggers installed in your computer, which eventually log all pressed keys and send information to attackers.

Is your domain hijacked right now? Keep reading.

Two ways to recover your hijacked domains

There are two ways to recover your domain name.

  1. Contact your domain registrar. This is the fastest way; call your registrar tech support team, explain the situation, and they’ll probably start investigating your account.

After some time, they may ask for a way to authenticate your ownership of the account. This may include sending personal data such as your social ID, driver’s license, and other details to help prove it’s really you requesting access.

But what if the attackers have already transferred the domain name to another company? That’s the worst scenario, and there is only one thing left to do:

  1. Get in touch with the ICANN (Internet Corporation for Assigned Names and Numbers). This is the top Internet authority for resolving domain name disputes between individuals or companies. More information about domain name disputes and how to proceed can be found in this domain dispute resolution help documentation.

10 Steps to Increase Your Domain Security

Let’s learn how to prevent these issues with your domain names. The following steps are actually pretty simple -- in fact, they don’t require any special technical abilities.

1. Choose a good domain registrar company

There are many types of domain registrars, all offering the same basic service: they allow you to register a domain name.

Some are cheaper than others, but that shouldn’t be your only consideration. When picking your domain name registrar for new registrations or domain transfers, take a look at the advanced and extra features they offer. For example:

  • Two-factor authentication. We would never register a domain name with a company that doesn’t have 2FA available for all user accounts, so make sure yours has 2FA allowed in their security features.
  • DNS management: if you don’t own your private DNS server, it’s always good to be able to set DNS records directly from your domain control panel.
  • Technical support: nowadays, having online support agents 24×7 is a must. If you have any problems, they’re the first ones to contact, so make sure they’re always available-- not only by email but also over the phone and ticket system. Immediate support is critical if you want to recover your hijacked domains.

2. Enable two-factor authentication

This is some of the most useful security advice we’ll always give you: enable Two Factor Authentication in all your online accounts. This includes your domain name register, where all your domain names are located. If someone is able to get your username and password, the second layer of authentication can really protect you from losing control of your domains.

3. Always enable domain locking

Domain locking is a common security enhancement offered by all domain name registrars: it allows you to prevent unauthorized domain name transfers to another registrar. This is one of the oldest and most popular ways to protect domain names from hijacking activities. It’s often enabled by default on most popular registrars.

4. Enable WHOIS protection

Having your WHOIS protection enabled can really help reduce the amount of personal data you expose to the Internet. This includes:

  • Address
  • City, state and country
  • Telephone number
  • Email address

As you can see, your domain WHOIS information can reveal a lot of data about you, that can later be used to launch social engineering attacks. By enabling this security tool you will reduce the amount of vulnerable OSINT data about you or your company.

5. Use a strong password

Using a strong password will help you prevent brute force attacks and unauthorized access to your accounts.

Have this in mind when setting a new password:

  • It must have 8 characters or more.
  • Try to avoid using dictionary-based words.
  • Include a combination of uppercase and lowercase letters, numbers and symbols.

6. Change your password periodically

Most security companies recommend changing your passwords after 72 to 90 days.

It’s important to use a strong password every time you change it. Keep in mind that if you plan to replace an old password with a weaker one, then it’s better not change it.

7. Keep your domain contact details updated

Here’s another key to increasing domain security: always keep your domain contact information accurate and updated.

We’ve heard a lot of stories about domain names being hijacked because the contact information included an old, expired domain-based email address, something hackers can easily use to their advantage. .

In case of emergency, your contact, administrative, tech and abuse details must always reflect accurate contact details. This way your domain registrar will be able to contact you as soon as possible if they notice your account’s security has been compromised.

8. Never share your domain register login details with strangers

Keep your domain registrar login details protected at all costs. This includes not sharing login details with anyone who can’t be trusted one hundred percent.

It’s fairly common for some web designers, developers and other IT services to ask for your domain register login data to alter some DNS configurations. The truth is, you can make these changes without giving them access, changing DNS records, or setting a new Name Server for your domain names. It’s not rocket science; if you don’t know how to do it yourself, ask your domain registrar for help -- but avoid sharing your login details with strangers.

If you can’t make the changes by yourself and you find it’s really necessary to give access to your registrar account, your best option is to create a sub-account with restricted privileges so you can be sure others will not modify anything beyond what’s needed.

9. Pay attention to incoming emails requesting registrar login details

Phishing attacks happen every day. It’s dangerous business, something that can reach you in the form of a simple incoming email from your domain registrar, or even the ICANN.

Scam and phishing emails are often sent by forging a trusted sender’s email address, or from a domain name similar to the original one from your registrar company. For example, if your company is Namecheap, they’ll send the email from a domain name like “namecheapsupport.com” or “namecheapmail.com.”

If you ever receive a suspicious email from your registrar asking you to click a link or requesting your client area username or passwords, don’t do it. Always contact your domain registrar from the official web page (never click on any link inside the suspicious email) and forward the email you received to their technical support so they can determine whether it’s real, or if it is indeed a phishing attack.

You can even receive phishing emails that appear to be coming from ICANN. In that case, be sure to forward your email to globalsupport@icann.org, so they can verify its authenticity.

10. Don’t use the same company for domain registration and web hosting services

A lot of domain registrars also offer web hosting services like shared hosting or dedicated servers. Their goal is to keep all your business within their company to sell you complimentary products. This can be appealing, if you want to keep all your eggs in one basket.

But what if an attacker gains control over your client area? Not only will he have access to your domain names, he’ll also get to your web hosting space, access your files and cause even more damage to your company.

Don’t gamble with your security. Keep domain and hosting on separate accounts.

Final Thoughts

Your domain name is just as important as your code and apps. If you lose it, your business may decline , clients will be confused if they can’t reach you, your SEO rankings will drop if someone replaces your original content with new material (preventing you from processing new sales... in a few words, it’ll be a disaster.

But by following the prevention tips we’ve provided, you can ensure the chances of domain hijacking happening to you will be tremendously reduced. You’ll gain peace of mind knowing your domain names are secure to the greatest degree possible. We at SecurityTrails are committed to helping you to enhance your domain security, not only with these useful tips but also with our own security toolkit. Don’t miss this opportunity -- start testing our SecurityTrails cybersecurity platform now!


You can also sign up for a free API account to automate all the cool tools we offer for your domains, IPs, DNS and server applications.