Hacker News new | past | comments | ask | show | jobs | submit login

How could my domain be stolen? :O



- does you registrar have physical office? is it in a country with legislation friendly towards the country you're based in?

- does your registrar send Auth-Info code over email in plain text?

- did you enter real contact and residence data when registering the domain including public WHOIS database?

This is only a fraction of the attack vector.


> does you registrar have physical office?

Yes.

> is it in a country with legislation friendly towards the country you're based in?

It's in the same country.

> does your registrar send Auth-Info code over email in plain text?

Of course not, that would be a big red-flag.

> did you enter real contact and residence data when registering the domain including public WHOIS database?

I have no idea what a public WHOIS database is, never registered anything there. For the registrar I've entered my real contact and residence data, should I've not?


I mean the contact details specified at the registrar and returned over the WHOIS protocol. Depending on the nature of a conflict the entity returned by the WHOIS requests might be considered the owner of the domain.

Unfortunate phrasing on my side:) Actually there exist scammers reaching out to well known mailbox names and requesting a fee for an entry in "WHOIS database".


Your real world mailing address is published in WHOIS ("who is") by default, often you have to pay the registrar extra to keep it private, which is admittedly a total scam. You could use a fake one, but then it eliminates a way to verify you own the domain.

The WHOIS client is in most distros, try it out.


Thanks :) I've tried it out and it only showed my registrars contact details.


So many different ways domains are stolen. Or you lose your domain: UDRP, social engineering at the registrar, hack into the account at registrar, the email you use on whois record isn’t valid anymore, you have auto renew turned off and it doesn’t renew.


Phishing or bribing an employee at a domain registrar. Phishing you to get your password and then bribing or social-engineering someone at the phone company to forward your SMS-based 2FA codes to them. Waiting for you to forget to renew your domain and then registering it.


> Phishing or bribing an employee at a domain registrar.

Okay? I don't think anyone would go to that trouble.

> Phishing you to get your password and then bribing or social-engineering someone at the phone company to forward your SMS-based 2FA codes to them.

Seems unlikely, I never log into my registrar's website. I do often have to enter my Google password though!

> Waiting for you to forget to renew your domain and then registering it.

It's auto-renewing.


It often surprises people what effort someone will go to to steal their identity.

Consider that you have a github account. You might be in the supply chain for a bit of code someone needs to read or backdoor to attack a company that you've never heard of. Github is a harder target though.

The scary ones are the real estate funds redirectors. They just need to be in your inbox for a little bit and boom, hundreds of thousands of $ gone because people don't take the time to re-verify bank account details by in person.


Social engineering attack on your domain registrar, court order, choosing a domain controlled by a dodgy registar.

There's actually quite a few ways.


> court order

I don't think that's a "real possibility". It isn't impossible, yes, but very unlikely.


If anything happens to you which prevents you from renewing your domain, e.g. you are detained or in a coma, then it's probably gone as well unless you have a lot of credit on your registrar account.


Most domain registrars support autorenew with a credit card.


Most credit cards have an expiry date


It's auto-renewing.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: