[SWLUG] Domain abuse any examples?
Telsa Gwynne
hobbit at aloss.ukuu.org.uk
Mon Jul 10 06:42:39 UTC 2006
Ar Sat, Jul 08, 2006 at 05:01:58PM +0100, ysgrifennodd Neil Jones:
> I am attempting to warn a charity for whom I volunteer about the
> dangers of letting their web hosting company hold the registration of
> their web domain. The dangers are obvious and I already have an example
> where an organisation has lost their domains as a result of company
> bankruptcy.
There are supposed to be procedures for getting (some) domains back
(in some circumstances at least). If you have a trademark (and its the
name in the domain), for example, you're in a good position. Poking
around for information, I also found this:
My host has gone bust
Gone are the days when a host would wield terrifying power over a
lowly webmaster. If your host goes under, you can rescue your domain
and get it up and running again without the host's cooperation.
"The first thing is that you must do something," urges Nominet MD
Lesley Cowley. "If you do nothing, you'll possibly lose your domain
name and the whole website. Find out what's happening, whether it's
a technical problem or your ISP has gone into liquidation. If it's
gone into liquidation, find a new ISP and move your business there."
If you have a .co.uk domain and it's registered in your name, Nominet
can transfer it if the old host refuses or is unavailable. Expect to
pay £15+VAT for this service.
..at http://www.sean.co.uk/a/webdesign/disasterrecovery/disaster1.shtm
Now, whether a voluntary organisation or a charity will be a .co.uk,
I don't know.
I thought it would be easy to find examples, but all the examples of
domain name hijack I can find turn out to be either "someone let the
registration lapse, and someone else grabbed it" (and only rarely is
the someone a web hosting company); or "a deliberate attack was made
by someone".
I haven't found an example of the web hosting company itself losing
the domain. Set against all the other things which can happen online,
I am not sure how serious an issue it is.
ICANN did a report called "Domain name hijacking: incidents, threats,
risks and remedial actions" last year. It covers a bunch of high-
profile examples (remember Panix, the New York ISP, and the Australian
"but someone told us it was theirs now!" registrar?) and has an
interesting list of how some were achieved. One of them (not Panix) was
straight social engineering on the telephone.
The PDF is at www.icann.org/announcements/hijacking-report-12jul05.pdf
Google has an HTML cache: feed it the title and it's the first hit.
Telsa
More information about the Swlug
mailing list