Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security IT Technology

Does Your Domain Have a Registry Lock? (krebsonsecurity.com) 11

Posted by msmash from the psa dept.
Brian Krebs: If you're running a business online, few things can be as disruptive or destructive to your brand as someone stealing your company's domain name and doing whatever they wish with it. Even so, most major Web site owners aren't taking full advantage of the security tools available to protect their domains from being hijacked. Here's the story of one recent victim who was doing almost everything possible to avoid such a situation and still had a key domain stolen by scammers.
This discussion has been archived. No new comments can be posted.

Does Your Domain Have a Registry Lock? More

Does Your Domain Have a Registry Lock?

Comments Filter:

  • Dreamhost (Score:3)

    by fermion ( 181285 ) on Friday January 24, 2020 @01:42PM (#59652278) Homepage Journal
    And some legitimate businesses still use Dreamhost who will hold you domain hostage if you forget to renew.
  • Comment removed based on user account deletion

    • Re:fire up the time machine, krebs. (Score:5, Informative)

      by Solandri ( 704621 ) on Friday January 24, 2020 @02:49PM (#59652492)
      I transferred all my domains out of GoDaddy over the last 5 years (one by one as my domains approached expiration). The process was simple, with clear instructions along the way (assuming you read them, instead of skipped them thinking you could figure it out as you went). Unlocking the domain was just a few clicks. There's a substantial amount of back and forth (intent to transfer, confirm intent to transfer, transfer, confirm transfer) between the old and new registrars that you have to approve at each step. But that's how it should be. The entire process took less than 5 minutes per domain, except for one domain where the confirmation code took about 20 min to appear (the others appeared within a few minutes).

      If you curious, I left GoDaddy because I got tired of the constant pushing of services I didn't need nor want, and having to play the coupon lottery to get the best prices (which are the same or slightly higher than a good discount registrar's regular prices). There's a lot to complain about GoDaddy, but transferring domains away isn't one of them. I've also helped friends and clients transfer domains between other registrars, and the process was pretty much the same (GoDaddy is actually one of the quicker ones).

      (I ended up switching to Namesilo. The only emails I get from them are when a domain is about to expire/renew, or if they detect a problem. No ads.)

      • Re:fire up the time machine, krebs. (Score:4, Interesting)

        by RatherBeAnonymous ( 1812866 ) on Friday January 24, 2020 @05:11PM (#59653126)

        I can't really complain about GoDaddy. We use them at work and we have maybe a hundred domains. They have some annoyances, but nothing I can't cope with. Their DNS servers are responsive. The site's relatively easy to use with pretty straightforward organization. Their support staff always answer quickly and are knowledgeable. They don't nickle and dime us like Network Solutions (let alone NetSol's 3-day wait period for transfer authorization codes). I'm sure there are cheaper or better services out there, but not likely cheaper enough and better enough to make switching worth my time.

        • "My experience with them had been"

          $YOUR_POST

          "... until one day...".

          is what I hear when people call us to help bail them out.

          To be sure, some people will have a luckier time than others and not experience the common problems.

          My favorite was when we sent their support a pcap of one of their severs sending a TCP RST instead of answering the HTTP request and they told my client that we were just making up the pcap because their servers didn't do that. Odds are somebody there could have solved it in 10 minutes

    • Re: (Score:2)

      by Dahan ( 130247 )

      nearly every commercial registrar has locked domains on creation and transfer for about a decade.

      That's the registrar lock, aka clientTransferProhibited, which as TFA notes, was already enabled for the domain in question. The article is about also enabling the registry lock, aka serverTransferProhibited. Registrar lock means your registrar (e.g., Dreamhost or GoDaddy) can (be social-engineered to) unlock your domain. Registry lock means someone would also need to contact the registry for the TLD and convince them to remove the lock. (E.g., for a .com domain, that would be Verisign, no matter who you us

  • Thank you for helping my online business stay safe and secure Brian Krebs. I am very excited to partner with Brian Krebs to learn simple and effective ways to myself and my assets. Could you please tell us more about products and services The Brian Krebs Corporation can provide in this area?

  • Sure (Score:2, Funny)

    by nospam007 ( 722110 ) *

    But the LockPickingLawyer picked it in 3 seconds.

  • Or at least lock phone support behind a real 2 factor authentication, so even the customers reps can't do anything if you lost your 2 factor and you have to put in a slow multi day investigation and had a real admin or something do it. The amount of hacks that come form dumb ass phone tech is god damn amazing!

Slashdot Top Deals

I've noticed several design suggestions in your code.

Close