Fancy playing Russian roulette with your online business?
Of course not, but if you knew how insecure your domain name might be, you’d realize what a risk you were taking when you register one.
Here are five potential security risks pertaining to domain name ownership and tips to minimize them.
Insecure Passwords
Most registrars allow registrants to manage their domain names online using a control panel or a management site. This is convenient but a massive security risk. If you give out the password or make it easy to guess, you potentially allow anyone access to your domain name.
Solution: Make your password impossible to guess and make it available to a minimum number of people. If possible, keep the password to yourself. Update the password on a regular basis.
Unencrypted Access
If the domain name management site uses a URL that begins with http:// instead of https://, it means all information flowing between your PC and the server is unencrypted. In that case, the information transmitted is available for skilled hackers to read and interpret, which is a severe security risk.
Solution: Use a registrar that offers secure access to the domain name management site. Look for a URL starting with https:// and a padlock icon in your browser.
Backdoor Modifications
Network Solutions Inc. allows customers to make changes to their domain name records by fax. For domain names registered under organization names, the company requires faxes on a company letterhead.
Time and again, hackers have forged letterhead and changed the administrative contact for a domain name. Once they have control of the administrative contact e-mail address, all kinds of other changes are possible. They can also transfer the name to a different registrar altogether.
Solution: Use a registrar that doesn’t allow domain record updates via fax.
Domain Transfers
The domain name transfer system was designed to allow domain name owners to transfer names from one registrar to another. This is a good idea because it compels domain name registrars to provide good service or risk losing customers to rival registrars.
Unfortunately, it is also a serious security risk. Why? When a transfer is initiated, it is first and foremost the responsibility of the gaining registrar to verify the validity of the transfer request. Each registrar has methods for doing this. Some are very security conscious, others aren’t. Knowledgeable domain hijackers initiate transfer requests through the weakest domain registrars.
Solution: Register your domain names with a registrar that uses some kind of “domain lock” or “registrar lock” service. When the registrar lock is activated, it’s impossible to transfer names to a different registrar.
Invalid E-mail Addresses
When your name is due for renewal, most registrars will send an e-mail message to the administrative or billing contact asking for a renewal payment. This is most likely to be the only way the registrar attempts to contact you. If you don’t receive these e-mail messages, your domain name could expire. When this happens, anyone can reregister the name.
Solution: Keep your domain name contact or WHOIS information up to date. In particular, make sure the e-mail addresses are valid and that you check them regularly for messages. A neglected e-mail address is of no more use than an invalid e-mail address.
SnapNames offers a comprehensive security solution. It offers an inexpensive service called SnapBack, which will notify you immediately whenever changes are made to your domain name records, whether by hackers, the registrar, or the registry.
While not quite as good as preventing the changes in the first place, quick action on unauthorized modifications gives you a better chance of keeping your domain name.
As a bonus, this service will automatically attempt to reregister the name for you if it expires due to nonpayment or is accidentally deleted due to a registrar or registry mistake. Again, no guarantees, but a great second line of defense.