Can anyone explain to me how a domain can be hijacked if...

[polish_aristocrat]

if it is locked and noone hacks your registrar and email account?

Thanks, and only serious replies please

[LasseKongos]

Quote:

Originally Posted by polish_aristocrat

if it is locked and noone hacks your registrar and email account?

Thanks, and only serious replies please

I like to know to....




pimpimp

[e-god]

human factor

[NickPapageorgio]

Quote:

Originally Posted by e-god

human factor

Exactly. I know I have overlooked important email alerts before. It's only human when you are so used to deleting so much spam all the time. Other than that I would say that the thief has to be in cahoots with the registrar. I dunno...

[DEA - banned for life]

its happening all the time now...its the next big thing

[Darth Vader]

The ability to jack domains is insignificant against the power of GeorgeK

[LasseKongos]

Quote:

Originally Posted by DEA

its happening all the time now...its the next big thing

And that is funny????

[Darth Vader]

Quote:

Originally Posted by NickPapageorgio

Exactly. I know I have overlooked important email alerts before. It's only human when you are so used to deleting so much spam all the time. Other than that I would say that the thief has to be in cahoots with the registrar. I dunno...

He is most definetly in "cahoots" The registrar in Sleazy dreams case was directi, an Indian Registrar. I think you'll find this newest jack was transferred there too.

I find your lack of domains disturbing.

[hydro]

$50,000 and ill direct lycos.com to your paysite

[xclusive]

you can also call support on some registrars and talk your way into it i'm sure

[DarkJedi]

Quote:

Originally Posted by Darth Vader

.

A fellow sith ? Oh, capital !

[Napolean]

social engineering

[Darth Vader]

Quote:

Originally Posted by DarkJedi

A fellow sith ? Oh, capital !

You have a high post count, but you are not a Jedi yet.

[arg]

I'm not positive, but I was under the impression that under the new rules, an ICANN-accredited registrar can jack your names regardless of lock status..."locked" means "please don't jack this domain," but it's just a request, not enforced by ICANN. I can't find anything that confirms or refutes this on ICANN's site. They say the current registrar can deny a transfer based on lock status if the domain owner can turn the lock on and off, but I can't find where they go into the technical details. Any registrar gurus know how this works?

I like ICANN's answer in a FAQ for what to do if your name is jacked and the previous registrar won't do anything: "What happens if my registrar does not want to initiate a dispute for me? Registrars are not required to initiate disputes. If your chosen registrar is uninterested in helping you with your case, look for a new registrar who is. There are over 200 ICANN-accredited registrars. See the full list here." ICANN won't let domain holders dispute a domain hijacking; only registrars can.

[EscortBiz]

Quote:

Originally Posted by Napolean

social engineering

exactly

same way you can call almost any hosting company or billing company and get anything done if you know what your doing

people need to train their employees better

[nofx]

Quote:

Originally Posted by Napolean

social engineering

that is one way

[NemesisEnforcer]

Quote:

Originally Posted by polish_aristocrat

if it is locked and noone hacks your registrar and email account?

Thanks, and only serious replies please

It is very easy. You hijack the domain through the registrars customer service, not via e-mail.

[Furious_Male]

Quote:

Originally Posted by DEA

its happening all the time now...its the next big thing

Its not funny but yes it does seem to be the in thing.

[fusionx]

I registered a new domain last weekend at Registerfly. It was automatically locked. At least it was reported as being locked without having to lock it after registration.

When I read about Sleazy's problem, I went back and double-checked all my domains, which had all been locked. The new one was not locked, and a handful of others were also open.

This is really disturbing.

I'm guessing it's bugs in the lock updating code. It is very new and probably hasn't been tested enough in the real world (I'm talking about the routines to do the bulk locking at the registrar, not the locking of domains themselves).

I'm going to check mine weekly from now on.

[rebel23]

im more worried about rogue Registrars than anything else... I think there is trouble ahead but nothing will be done

[vicki]

I can tell you some things that the guys over at DomainNameSystems.com see ..

people call customer support and try to 'convince' them they are the owner and ask them to 'remind' them of login info (it doesn't work at his place as he requires faxed proof hehe)

People use the same password for their domains as they do with alot of affiliate programs or hosting sites. If you have an untrustworthy employee at a sponsor program they can give that info a shot at a registrar and get lucky. (do NOT use the same password on your registrar that you use ANYWHERE else!)

People use unscrupulous registrars or registrars with unscrupulous employees ... could be lots of palm greasing if its a good domain.

Best solutions is to use a registrar with a good solid reputation and use a totally unique password.

[Manowar]

Quote:

Originally Posted by Napolean

social engineering

Seconded

[Gator]

Quote:

Originally Posted by rebel23

im more worried about rogue Registrars than anything else... I think there is trouble ahead but nothing will be done

Yup and it seems like more and more are popping up to cash in on the expired domain auctions.

[fl_prn_str]

Quote:

Originally Posted by polish_aristocrat

if it is locked and noone hacks your registrar and email account?

Thanks, and only serious replies please

very good question.......if no one knows on this board....well

[Napolean]

Quote:

Originally Posted by fl_prn_str

very good question.......if no one knows on this board....well

theres 22 answers if you scroll up...

[TheMob]

it's leet stuff that goes on

[nojob]

when you have 100's of domains i am sure that you would not check them all the time, i do not check mine. another thing to worry about.

[SmokeyTheBear]

halcyon from flashcash simply called up a registrar and had them unlock the domain without giving his name or any information whatsoever.

[Taboo]

Quote:

Originally Posted by polish_aristocrat

if it is locked and noone hacks your registrar and email account?

Thanks, and only serious replies please

keep in mind... the more you discuss this topic, the more hijackers you create.

imho, it would be wise to keep these discussions private instead of creating "how to guides" for people.

there is no simple solution to combat this problem... if a hijacker wants your domain bad enough they will KEEP trying to steal it. keep rechecking your lock status and performing daily checkups on your domains. test your registrar's security... secret shop them trying to get info... if they fail, move out of there asap or get that person FIRED/reprimanded. it pays to be paranoid.

"Just because you're paranoid doesn't mean they aren't after you"

[Ron Bennett]

Via the WDPRS, one can even steal domains that are locked down tight; registrar-lock doesn't even matter!

http://wdprs.internic.net/

For more details on WDPRS do a search for it here (I've posted more details in previous posts) and/or on Google ... in a nutshell, the doors are still wide open -and, again to reiterate, registrar-lock, passwords, etc will NOT protect one's domains from exploitation via the WDPRS.

Ron