The other day Arnon forwarded me a blog post about the ordeal some poor guy went through with his registrar account getting hacked (not here, someplace else), and the thief transferred-out his domain name and changed the ownership of it.
His particular story had a happy ending for a number of reasons:
- The thief left his nameservers in place, so his website continued to function throughout. He chronicled the ordeal on his website.
- There exists a TDRP (Transfer Dispute Resolution Protocol) that Registrars can employ to contest a transfer they feel is fraudulent and have it rolled back.
- After some prodding, his Registrar finally used it.
But as the author of that post relates, not all of these stories end well, and he’s even listed numerous open-cases at the end of his post.
We have never had a domain theft reported here. I think we owe part of that to our size, we are miniscule compared to some of the big boys, so when cyberthieves target a registrar (for things like fake password resets, “verify your account” phishing attacks), they pick bigger fish.
But that doesn’t exempt us when thieves are targeting a specific domain that happens to be with us. Over the years, there have been attempts. One notorious domain hijacker in particular has been trying to lay his hands on a certain 2-char .com here for about a decade. (We’ve seen other 2-char .com’s sell for over 1 million dollars, so we’re talking serious cybercrime here.)
So if you haven’t already, you should make yourself acquainted with the “Security” settings in your account info:
Not a lot of people seem to be aware that every easyDNS member has the ability to set Access Control Lists (ACLs) on their user accounts here. What that means is if you set an IP address, a netblock, or (less securely) a domain name hostmask (careful, these can be spoofed) – then even if somebody else obtains the password for your account, they still cannot login into it. They need to be coming off of an IP that matches your ACL.
Additionally on the new system we’ve added Geo-based “Login Restrictions”, which means you can set countries of origin that you allow to login to your account. So if you’re a canuck, you could set .CA and then maybe add .BB if you’re headed to Barbados to escape these ungodly f-ing winters.
Account ACLs are processed first, followed by Geo-Based Login Restrictions.
Enhancements in the Pipe
In the New Year we will be adding further security enhancements to the system, such as two-factor authentication options and additional login and event notification options. As we attract more Enterprise Level users to the service we are seeing a need to layer on more security and auditing functionality for accounts, especially those with a multiple team members.