Domain Hijacking: How to Avoid This Problem

What is domain hijacking

We can say that domain hijacking is basically when an external user, someone totally alien to that site, takes over the page . It removes the domain from the legitimate user and he loses control over it, he could not change hosting or even access it.

How can a domain hijack occur? We can say that there are two fundamental reasons: through a domain transfer authorization forgery or when someone external, a company for example, has been responsible for the creation of the website or maintenance.

Transfer authorization forgery

A common cause is through a domain transfer authorization forgery. We have seen on occasion that we can easily transfer a domain from one provider to another. This is common, since we can find an improvement in the service conditions, a lower price or any reason for which we are interested in doing so.

It is something legitimate, something that we can do in our domain regardless of the extension we have. Now, what if someone does that on our behalf, but without actually being us? What would happen is that it will take control without any permission.

There are certain requirements to be able to transfer a domain. One of them is not having done it in the last 60 days in the case of extensions such as .com, .net or .org. Also that it has not changed ownership in the same period. But without a doubt two fundamental requirements are that that domain is unlocked and that it has a transfer authorization.

If the first three points are met, an attacker would only need transfer authorization. That is where the counterfeiting of it comes into play, with which you could illegally transfer that domain.

Cybersquatting by a third-party developer

It is very common for a web page to have been made by an external developer . For example, a company that hires a third party to provide services in the configuration and start-up of a website for its business.

This means that you will probably register it in your name. It does not mean that this is illegitimate and that we will have problems in the future. However, the fact that we do not really have total control over that domain could lead to a hijacking of it.

It could happen that in the future we want to make a transfer or make any changes and we need to put the domain in our name . The person or company that created the site, something that can be last a long time, could refuse or put difficulties. There have been cases of this type.

How to avoid domain hijacking

We have seen what domain hijacking is. It basically means that someone is going to get hold of it without our permission. There are a couple of clear cases where this could occur. Now we will also give some solutions to avoid this problem.

Block the domain

To prevent someone from falsifying a transfer authorization, the best defense is to have the domain blocked . We already saw that in order to transfer it, one of the requirements is that it be unlocked.

Therefore, as long as we keep the domain blocked, this transfer could not be carried out. In the event that in the future we would like to transfer it, we would simply have to unlock it. It is an interesting tip to avoid domain hijacking.

To block the domain we have to access the hosting that we have contracted, go to the domain section, choose the one that interests us, enter Settings and there go to the Block domain section. This may vary depending on the service we have contracted, but the steps are similar.

Not having the domain registered with third parties

On the other hand, if we want to avoid problems at some point with those who developed that site, something we can do is simply not have the domain registered with third parties . If an external company is going to create the page and manage it, it is best from the beginning to put it in our name.

In this way we can ensure we always have the ability to make decisions about a page and not get unpleasant surprises at some point. Domain hijacking is a major problem, as we have seen.