Back in 2011, the domain name for this site, css-tricks.com, was stolen. “Domain Hijacking,” they call it. It wasn’t just this site, but around 12 others in the design and development space. To this day, none of us really know how it happened and who was behind it, although I believe all the domains are back to their original owners now.
The registrants involved varied, so even that wasn’t a common thread. My best guess was that the bad guys got access to my email but deleted all trace of emails related to domain transfers. Or it was an inside job.
One odd thing about it, for me, was that they never got around to changing any DNS information even though domain name itself was stolen. So the site remained up and I had access to it the whole time. I blogged about it in real time and then again once it was safe.
No amount of backups in the world can save you from a domain name getting stolen. If the DNS, which you no longer control, is changed away from your current hosting, that’s it, it’s gone and it isn’t coming back until you reassert control over that domain name and re-point the DNS.
Another site that was affected was David Walsh’s site. David got it worse because he actually lost access for a while, and got a ransom email like I never did. David’s domain registrar was name.com, and they were the ones who fought on his behalf to get it back. They produced a cool little video about it all:
An especially vile twist to all this was the fact that the domains weren’t just transferred away from one domain registrar to another, but they made three “hops” through different registrants. The whole purpose of that is to make it especially hard to ever get back.
In my case, my domain registrant was GoDaddy, and the story is remarkably similar to David’s. They had to go to war with the situation and get the domain transferred back to them, back through all the hops. I remain grateful to GoDaddy to this day for how they were willing to fight that war, and especially grateful that they won, although I do still remain curious how it happened. These days all my domains remain on GoDaddy, and css-tricks.com especially has just about every lock you can possibly put on the dang thing.
David got his back because name.com literally called up the bad guy and apparently applied enough threats that the bad guy himself transferred it back. I believe mine was more of a company-to-company affair.
I feel especially bad for people this happens to who don’t have the ability to make as big of a stink about it as David and I did. Without using Twitter to, as David put it, “put pressure on” (he had a hashtag and everything), he might not have gotten fires that were hot enough and under the right butts to get it done. As we can see with the video above, a good outcome on something like this is good marketing; and a bad outcome is, well, exactly the opposite.
Just three years after that saga went down, my website host was compromised, and that was another whole saga. (I don’t think it was related, but who knows.) The bad guy in that story went by the name Earl Drudge and we even interviewed him on ShopTalk Show.
Any tips on protecting your domain name?
2FA all your stuff. Use a provider that supports 2FA tokens using 1Password or Authy or Google Auth (all work the same and support 2fa tokens, 1pass just does it all in one).
David Walsh case was even weirder. His registrar when the domain was stolen was Godaddy. So when Name.com get it back for David, he was not even a client! :)
This is very serious. Assuming you loose your domain name through hijacking, it’s there any law that can give you access to it again?
Probably?
But these things are often international, which I think gets far more complicated. That might be my own ignorance, but that’s my impression. If you live 3 blocks over from me and you steal my bike, I can go to the police station 6 blocks away. If you steal my domain name and you live in France, I guess I try to call the cops in France? And hope they understand me and take it seriously somehow?
An article from the icann about this topic:
https://www.icann.org/news/blog/documentation-is-key-to-recovering-hijacked-domain-names
The Quackit.com domain was hijacked on Monday. International hijack. Now the domain is redirecting all traffic to a site that impersonates Quackit. Quackit’s been on the web for 20 years. The scam domain was first registered 3 months ago.
The hacker now appears to be asking webmasters to update their existing Quackit links to go to the scam site with “formerly Quackit” in the text.
The hacker also has at least one other site that impersonates another of my sites.
I definitely agree with Anthony on the 2FA. Also, some registrars have domain protection products that prevent the domain from being transferred without 2FA and photo ID. Probably a good idea!
Social engineering can be a big problem too. I enjoyed Chris’s interview with Earl Drudge on this topic.