WEBSITES
* Skills-Universe
Discussing the new world of work.

* Leader.co.za
* MBA.co.za
* TVSA - The TV Authority
* Continuing Education at Huguenot College

* * Useful Links

BLOGS
* Alan's Thought Leader blog

MOBILE
* Skills Portal on your cell phone

TRAINING LINKS
* Training Course Calendar
* Training Companies
* Assessor Training
* SDF Training
* Finance for Non-Financial Managers
* Project Management short courses
* CCMA

MORE LINKS
* Scarce and Critical Skills
* Quality Council on Trades & Occupations - QCTO
* City and Guilds
* National Qualifications Framework - NQF
* Guide to HIV/AIDS
* Careers in marketing management
* Careers
* Work permits for South Africa
* Au pair jobs overseas

You are in:  Training Providers  > Sales Training & Marketing Training

Online Marketing
Make sure that your website cannot be hijacked
11-JAN-10


Domain hijack – how a listed company lost its domain name and why yours could be next

By Howard Rybko, CEO at Syncrony

If you own a website, you own a domain. If you own a domain, there is a very good chance that your domain registration details are incorrect. This erroneous information occurs as a result of administration problems that are glossed over in the rush to register the domain, to make the site live and get the email up and running.

You can be sure that if your details are wrong, it will inevitably lead to problems further down the line.

Below is a true and disturbing account of a domain-related issue experienced by a large JSE-listed company and client. It powerfully illustrates how serious this issue can be.

A large JSE-listed client spends a great deal of time and money in running its website. The site is big and busy, with tentacles that reach into all aspects of their business.

One Friday afternoon, just as things are winding down, an overactive marketing person is in the process of doing a demo of the company’s site on her iPhone - when she realizes that the site is down.

She calls our offices and consults with one of our Web specialists. It is confirmed that all servers are up and running, and there is no reason for the site to be down.

So naturally, the problem then lands on my desk - which happens to be a table in a crowded cappuccino joint somewhere downtown. Amidst the din and bustle, I fire up my notebook and determine that their trusty old website is pointing to a brand new IP address.

A quick look at the company’s Domain Registration details makes me realise that there is a bigger problem than that which is associated with the conventional ‘constipated’ web server.

Their seven-year old domain, once the property of a Billion rand organisation, now has a proud new owner. The new owner is not quite as large or as public and goes by the name of something like… AShelfCompany Pty Ltd.

A post office box address passes for the physical address of AShelfCompany and to top it all, the company proudly sports a couple of Hot Mail addresses for the admin and owner contacts.

I will spare you the details of the next six hours spent waiting on-hold for call centres and deep Google dredging to eventually uncover the name and mobile number of the new owner. (The service provider where the domain was now docked, had these details, however they would not hand them over to protect their paying customer!)

When I finally get the new owner on the line, the site has been down for 48 hours and valuable corporate email is bouncing all over the world.

At this stage my customer – who calls me from an “extraordinary” directors meeting on a Saturday afternoon, would gladly hand over a large chunk of change just to see the problem to go away.

His relief is palpable as I explain that the new owner of their domain is in fact employed by a supplier of theirs. The suspect is their in-house outsourced IT individual who - in all innocence and incompetence - updated the domain records in order to setup a new mail server.

Said suspect is clueless of the implications of taking over ownership of the domain, nor has any idea of the potentially disastrous effects of his or her actions. This IT genius had sent a COZA update that changed name servers and at the same time transferred ownership of the domain.

In this case the remedy was simple. A fresh update of the domain registration details and a few hours later, the site was up and mail began to trickle in again.

You can be sure that the new update included email addresses of the CEO and the company’s Financial Director, so all future update requests will receive the required and deserved attention.

Let’s make sure that this does not happen to you!

Imagine if the same lurk had been pulled on your company’s domain with malice. Picture the inconvenience, the embarrassment, downtime and the costs of getting yourself out of this entirely avoidable mess? How would it look if it was all “Your Fault”?

The 60-second domain check:

(Note: This explanation is targeted at South African domains registered with COZA, however the principles can be used for checking the ownership and registration details of any domain.) A) Getting There 1) Go to the COZA home page – type in co.za in your browser. You can even skip the HTTP://. 2) Click on the Who Is (Registration Details) link midway down the left had side of the page 3) When the Who Is screen comes up, enter the name of your domain (skip the .co.za) and then click the Enter button. 4) You should get a geeky registration page. 5) Now you are ready to perform the 60 second check that will ensure your peace of mind. B) Two Simple Checks There are two vital items that you need to check. Get these two right and any other erroneous details can be sorted at your leisure. COZA domain registration docs are numbered from 0a, 0b ... 1a, 1b and so on. Look for these numbers down the left side of the form. They start about halfway down the screen, so scroll down past the initial tech and historical info. Check 1 - Registrant Details Look for: 2a. Registrant This should reflect be your business name or your name. The registrant is the legal owner of the domain. If it has the name of your service provider or your IT person then they OWN the domain. Check 2 - Email Addresses - there will usually be four of these. Look for: 2g. billingemail, 2l. registrantemail 4g. adminemail 5g. tecemail Email addresses that appear on the form are ABSOLUTELY VITAL. All conversations about the domain are directed to these addresses. At least one of the email addresses above must belong to you or your organisation. Best practice is to have two or more addresses pointing to mail boxes that you control. Avoid using a person’s name like john@xxx.ca.za , rather use domains@xxx.co.za. This is because John can leave and then mail sent to him from COZA may go into a black hole. Also if you can manage it, try use another domain for one of the mail addresses – consider using a Gmail or similar public service mailbox as a backup. It is perfectly acceptable to have the mail address of service provider or IT company listed as the Tech contact. If your email address does not appear on the form then you will be excluded from any form of control of the domain. If, for example, all email addresses point to your service provider, then only the service provider will be able to change and adjust the domain details. This effectively eliminates your ability to control your own domain. Annual billing pitfalls Another important benefit to making sure your email addresses are correct and accurate relates to the annual billing invoices that COZA sends to the email address list. What often happens is that payment reminder e-mails end up with the wrong recipients, those that are uninterested and the domain gets suspended. This causes your site and your email to go down until payment is made and the domain is reinstated. If your email addresses are correct then you will get the payment reminders and can act on them before this happens. The Voting Process Changes to a domain are approved and acted upon by COZA using a simple voting process. Any change made to the registration details is vetted using a simple round robin voting process. A voting email is sent to each email address on the form. The voting email allows the recipient to vote yes or no by presenting two words [Accept] [Decline] to the recipient, who votes by deleting one of these words and sending the other back to COZA and their vote. Each mail address on the form represents a single vote. Voting rules are: • Any update will be refused by COZA if zero responses (votes) are received • A single No vote will prevent an update from going through • A yes vote with no declines (no votes) will allow the update to go through It is crucial to understand that some forms can have a single mail address, because each of the mail address fields have been filled in with the same email address. In conclusion, performing the quick 60 second domain check, as suggested above, will ensure that you know enough about the registration process to maintain control of your assets. For more information, go to http://www.syncrony.co.za


Print this page Send this article to a friend Bookmark and Share
   Digg
Submit to del.icio.us de.li.cious Submit to facebook facebook







E-Learning
Soft Skills: Online Learning
* Skills for the Administrative Assistant
* Teamwork: Building Better Teams * Telemarketing: Using the Telephone as a Sales Tool
* Mastering the Interview
* Customer Service: Critical Elements of Customer Service
Microsoft Courses: Online Learning
* Microsoft Certified Systems Engineer (MCSE 2003)
* Microsoft Certified Systems Administrator (MCSA)
* Microsoft Certified Application Developers (MCAD)
* Microsoft Certified Application Specialist (MCAS)
Safety Training: Online Learning
* Hazard Identification
* Conducting Effective Accident Investigations
* Defensive Driving


University of Stellenbosch Business School

Cape Business News





Visit Skills-Universe