Rusty Mango Design
FacebookLinkedInYouTube
Let's get your business online  Call Now  0488 406 050

How Domain Hijacking can cripple your website

Recently a client of Rusty Mango Design went through the unfortunate experience of having their .com.au domain name “stolen” from underneath their feet. Whilst the domain hijacking was done through legitimate means, the registrant who acquired it had no right to the name itself and it caused disruption as my client’s customers could not access their website for many weeks.

Domain Hijacking sounds like a criminal activity but the actual definition can go both ways.

Wikipedia describes Domain Hijacking as “the act of changing the registration of a domain name without the permission of its original registrant, or by abuse of privileges on domain hosting and registrar software systems, a cybercrime.”

In the case of our client, their domain name had simply lapsed in payment. In Australia, lack of payment doesn’t mean that the name is immediately available for anyone to buy. Even after the due payment for renewal has passed, the business still has 14 days to “pay up” and reacquire their .com.au domain name.

During this 14-day period though, the domain name will appear on the Australian Domain Authority’s (AudA) website as pending expiry and this is where those dubious businesses can swoop it and attempt a hijack. They can set up a domain backorder account through legit means such as GoDaddy and CrazyDomains.  If the payment isn’t forthcoming from the original registrant, the backorder will immediately purchase the domain as soon as it becomes available.

What can you do?

Fortunately, in Australia, our .com.au domains are protected to a certain degree. To register a particular domain, it must have a clear or exact link to the business who is registering it. For example, Rusty Mango Design, who specialise in website design, cannot register a domain name for deckfurniture.com.au – it has nothing to do with our business and, if picked up by the AuDA, we would receive a rap over the knuckles and lose the name with no refund.

It’s important to note that this does not apply to regular .com domain names – that is why it is so important to register the Australian .com.au domains.

Domain HijackIn the case of my client, the domain name was taken and used by a business not related to anything in the domain name itself. At my suggestion, my client quickly contacted the AuDA about the hijacking issue, a brief investigation was undertaken and the domain was released for re-purchase. Rusty Mango Design purchased the domain back on behalf of our client and we were back in business.

The downside was that their business website was out of action for over a month – a long time, especially if you are an online retailer.

To prevent your domain name being taken, be sure that you have automatic payment renewal set up through your domain register and credit card details are current and not likely to expire soon. Your domain register will email you in advance when renewal is upcoming so also check that your registered email address is correct.

Rusty Mango Design registers domain names on behalf of our clients and take care of any automated payments ensuring that domains remain in the hands of their rightful owners.

Domain Hijacking is not the end of the world. If you do have a legitimate claim to the domain name – get in touch with the AuDa and they will investigate the issue on your behalf.

But as always, an ounce of prevention is worth a pound of cure.

 

Don’t get HACKED – Secure your WordPress Website!

Loading...

If your site has been built on the WordPress framework, you are in good company. With a calculated 25% of all websites built using this user-friendly CMS, WordPress is easily miles ahead of its competition. However, with this popularity comes an inherit danger – it is a regular target for hackers.

WordPress was born from an open-source project and remains free to everyone who wants to create a website. Open source means that the code that makes the whole system work is available on the internet with no restrictions. This factor is important in the whole WordPress “ecosystem” as it allows developers and coders to create the myriad of plugins and themes that make the CMS what is it.

Unfortunately, hackers can also look at the code and discover its weak spots, making it vulnerable to spamming and security breaches. For the small time user, this may never be a problem that presents itself. But if your site attracts the unwanted attention of a hacker, they can cause all kinds of problems for your small business website and its visitors.

To protect your site (big or small), there are some very simple measures that you can employ without the need for any programming knowledge (or outside help):

1. Update the WordPress Core.

To do this, access the Dashboard of your site. If a new (major) version of WordPress has been released, this information will be displayed on the main screen of the Dashboard with a UPDATE link. With the newer versions of WordPress, small incremental updates to are performed automatically

2. Update the plugins that you are using with your site.

In the main menu of the Dashboard, under the Home button, an Updates options will appear when updates for your plugins are available. Click on it to access the Updates page and select the updates that you want to apply. At the same time, visit the plugins page of the Dashboad and delete any plugins that you aren’t using. Even though they aren’t being use, these deactivated plugins can still provide backdoor access to your system.

3. Use a secure password.

A brute force attack, where the login for a site is attacked with a systematic password hack, is hard to protect against but with a secure password (one that used no common words and a mix of symbols, letters, numbers), the hacker will have to work harder to penetrate your system. Also, try to limit the number of users that have access. If someone doesn’t need access and will not be updating the site, don’t give them access.

4. Install the WordFence plugin.

This free plugin has so many features that I can’t list them all here. For a very basic explanation, Wordfence provides high-quality firewall and malware protection for your WordPress website and you must have it on your site. Setting this plugin up puts into place a huge roadblock to anyone or anything wanting to cause harm to your site. Get it here: https://wordpress.org/plugins/wordfence/

Don't get hacked - WordPress SecurityAll of the above options are accessible through the Dashboard of your WordPress site but only if you have administrator access. If you log into your site and cannot see or perform the tasks listed, contact your website developer and request an upgrade of your user access.

There is nothing worse that trying to regain control of a severely hacked website however, if it does happen to you and the above steps do not reverse the damage to a perfect state, it is not the end of the world. The server on which your site resides should be* backed up on a regular basis and can be restored by your server provider* to a previous day/week for a small charge.

As always, however, a pinch of prevention is worth a full pound of cure.

* If your web server provider does not backup at least three times a week, then it is imperative that you find a new provider. Security of your website is paramount.

* A server provider such as Digital Pacific, Netregistry, WebCentral, etc provides the space where your website lives. It is generally not the same as your Internet Service Provider (ISP) that connects your business to the internet.

 

Rusty Mango Design

Rusty Mango Design