A websites worth is tied to it’s domain name. When you build traffic to a website you are building traffic for that domain name, when you develop back links to the site you are developing links for that domain name. If you lose your domain name you effectively lose your business and everything you have spent working towards.
This is why it’s important to lock your domain, why you should always make sure your domain is auto renewed and most importantly, make sure your domain name isn’t stolen. Unfortunately, there have been more reports of domain name hijacking in the last few months.
Hijack of DavidAirey.com
The first person I personally knew who had his domain name hijacked was David Airey, the designer who created the BloggingTips logo. About a year ago David went on holiday in India and told his readers he would be away for a few weeks. A criminal took advantage of this and used a google mail security flaw to hijack his domain name. Once the scumbag had Davids email he simply put in a domain transfer request from ICDSoft and transferred the domain name to GoDaddy.
David contacted the guy, named Peyam, and got this response :
:))
Im sorry to say but its not possible to have it or it take about 1 month if you try hard to have it again :)) and you lose your visitor ….hahaha
You can purchase it for 650 $ And we will use escrow sevicesthat will done in less than 2 days !
With the help from many of his readers David managed to get his domain name back but I can only imagine the stress and frustration which was caused by the whole ordeal.
Hijack of MakeUseOf.com
Earlier this month I read how Aibek Esengulov, owner of MakeUseOf.com, lost his domain name to a domain hijacker. The domain was registered at GoDaddy so the criminal (or should I say scumbag, douchebag, a’hole!) called up and impersonated Aibek and demanded the domain name be transferred to an account at NameCheap. Apparently, this was all done within an hour.
In response Aibek setup a temporary blog on blogspot to get more coverage about the hijcack. Many blogs including Daily Blog Tips, Digital Inspiration, Performancing, The Inquistr, The Next Web, TechyShit and LinkMoney gave their full support and spread the word about the hijack.
In this instance the hijacker asked for $2,000 to get the domain name back and quite rightly, Aibek refused to pay.
Aibek then went through the same procedure David Airey did and after sending some documents to GoDaddy they spoke with Enom (NameCheap is an enom reseller) and got the domain name back.
How secure is your domain name?
There are two things about these stories that worry me. Firstly, I think that domain registration companies should be doing more to prevent domain hijacking in the first place. Surely they can add a few more security steps along the way or at least provide an option for that. Some domain name companies let you password protect each domain individually so perhaps more options like that should be added.
For example, you need to provide your mothers maiden name or secret password in order to transfer the domain and if you do not have that information you need to send them evidence of who you are. I know this would be a real pain in the ass but if it stops domains from being hijacked so easily it’s surely worth the extra hassle. I need to give credit to Godaddy and Enoms support teams though as in both instances they did get the domain back to it’s rightful owner after just a few days.
Secondly, it concerns me that GMail can still be hacked so easily. Indyan posted in the forums yesterda that Aibek has confirmed that the hijacker hacked his GMail account in order to get the domain name. It’s scary to think that a domain hijacker can use the same technique which was causing havoc last year.
Aibek also confirmed that the guy who stole his domain has also stole YuMP3.org and Cucirca.com and is maybe the same guy behind 788 other stolen domain names.
How to protect your GMail Account
The technique which was used to hack David Aireys GMail account was explained by GNUCitizen around 14 months ago :
The victim visits a page while being logged into GMail. Upon execution, the page performs a multipart/form-data POST to one of the GMail interfaces and injects a filter into the victim’s filter list. In the example above, the attacker writes a filter, which simply looks for emails with attachments and forward them to an email of their choice.
This filter will automatically transfer all emails matching the rule. Keep in mind that future emails will be forwarded as well. The attack will remain present for as long as the victim has the filter within their filter list, even if the initial vulnerability, which was the cause of the injection, is fixed by Google.
I’m not sure if hackers are using the exact same technique but it wouldn’t surprise me.
If you use GMail then you should be concerned about this. Aibek posted some great tips on how you can protect your GMail account and your domain name. This is what he suggests :
- Well, my very first advice would be to check your email settings and make sure your email is not compromised. Check fowarding options and filters. Also make sure to disable IMAP if you don’t use it. This also applies to Google Apps accounts.
- Change contact email in your sensitive web accounts (paypal, domain registrar etc.) from your primary Gmail account to something else. If you own the website then change the contact email for your host and registrar accounts to some other email. Preferably to something that you aren’t logged in to when browsing web.
- Make sure to upgrade your domain to private registration so that your contact details don’t show up on WhoIS searches. If you’re on GoDaddy I’d recommend going with Protected Registration.
- Don’t open links in your email if you don’t know the person they are coming from. And if you decide to open the link make sure to log out first.
Overview
Having your domain name stolen is frustrating, stressful and potentially costly so be proactive and make sure your domain name is secure as it can be. I recommend paying extra to have your domain whois information protected and hidden from the general public and password protecting your domains if you have the option too.
Scarier than losing your domain name is having your Gmail account hacked. If you have emails with passwords in your gmail account then the hacker could cause mayhem and get access to your paypal, bank accounts or whatever.
If you have any tips or advice on protecting your domain name or Gmail account please leave a comment.
Thanks,
Kevin
* Kudos to Aibek of MakeUseOf.com for helping other webmasters who have had their domain stolen and for doing his best to warn others of this potential nightmare 
Angel Cuala | November 25th, 2008 at 8:44 am #
I heard the bad news about Aibek from Daniel Scocco, and I am glad he already got his domain back. Sorry if I can’t add tips about Gmail, but I think the best way to protect your account is to delete unsolicited messages and never bother to open it.
By the way, almost everybody is talking about Gmail. But what about Yahoo? Which do you think is safer to use?
Thanks for sharing such tips. I am off to Digg it.
Rich Hill | November 25th, 2008 at 8:59 am #
Kevin, excellent report as usual.
This did rile me up when I first heard it and did write the post you refer to. Even though all seems to have ended well for Aibek, I fear we all have a scary problem with Gmail.
A couple of other mentions in recent blogs said the Matt Cutts was looking in to possible security flaws and the Gmail team reported on one blog that there was no security flaw.
I’m thinking that going with your suggestions above would be the prudent thing to do. Err on the side of caution.
The first thing I did was to change my Gmail password that hadn’t been changed in however many years I had the account.
The fact that GoDaddy made the original transfer in one hour is scary. I thought it was supposed to take a day or two. GoDaddy is not my favorite hosting company.
Thanks.
Rich Hill
LinkMoney dot org
Rajeev Edmonds | November 25th, 2008 at 9:24 am #
This is very scary indeed.
Since these reports are out, I have shifted all sensitive data from my Gmail account. Now I daily check my filters. IMAP is disabled and I have chosen always to use https: while using GMail.
One thing strikes me that every such incident has one thing common, GoDaddy and GMail combination. It this a co-incidence or something else.
Fortunately, I don’t use GoDaddy.
Gochi | November 25th, 2008 at 10:20 am #
Aibek was able to cover everything but to make my online existence simple, I just do 2 things: I never click any links from unknown sources, and I always log out from anywhere I logged in right away. After reading a lot of scary happenings about domain names, I’ll do all the necessary steps to secure my GMail and domain accounts. Prevention is still the best solution. Thanks for all the tips, guys.
Cassie | November 25th, 2008 at 11:54 am #
Sick! I wouldn’t mind if some big burly webmaster happened to run into these guys in a dark alley. And I don’t think I’ll be getting as annoyed next time I have to jump through hoops to transfer my domains. Aren’t there any ways to get back at these guys legally? There needs to be serious consequences for their actions.
Rarst has cool feed | November 25th, 2008 at 12:01 pm #
That’s why I am using gmail only when and where Google forces me to. Being Google product is disadvantage for security - too much hype, too many people looking for holes.
Dennis Edell | November 25th, 2008 at 7:16 pm #
Never used, never will use gmail. I’m shocked though that a huge registrar like godaddy isn’t better prepared.
Dennis Edell | November 25th, 2008 at 7:16 pm #
BTW, I’m a rather large and burly webmaster…LOL
Sarah | November 27th, 2008 at 4:36 am #
I only use GMail for junks and never for work or serious matter..
Steven Finch | November 27th, 2008 at 6:19 am #
I know Aibek really well and know how hard it was for him to get everything sorted out in such a short amount of time. Domain names are vital and it is pretty much half of your brand image!
Arwen Taylor | December 2nd, 2008 at 4:03 pm #
I heard about this some time ago and promptly transferred all of my domains from GoDaddy to Namecheap. I changed my Gmail password and always logout and clear cookies before randomly surfing the internet.
It is scary the lengths people will go through to make a buck. What’s worse is that often these attacks come from people in other countries which makes going after them that much harder.
I had heard some other bad things about Gmail but it was so convenient having everything all in one place. Now, I think I think it’s better to be inconvenienced than SOL.
Thanks for the article. Be safe all!