The Case of the Stolen Domain Names

In 2011, css-tricks.com, along with approximately twelve other design and development websites, fell victim to domain hijacking. The perpetrators remain unidentified, though all domains were eventually returned to their rightful owners. The incident lacked a clear pattern, as the affected registrants varied. My suspicion is unauthorized access to my email account, with subsequent deletion of all domain transfer-related correspondence, or possibly an inside job.

Curiously, the attackers never altered the DNS information, meaning the site remained accessible throughout the ordeal. I documented the event in real-time blog posts. This highlights the vulnerability: domain backups are useless against a stolen domain; without DNS control, the site is lost until control is regained and DNS repointed.

David Walsh experienced a more severe incident. He lost access temporarily and received a ransom demand. His registrar, name.com, actively intervened, even creating a video detailing their efforts. The attackers employed a particularly malicious tactic: transferring the domains through three different registrants to hinder recovery.

My registrar, GoDaddy, similarly fought to reclaim css-tricks.com, navigating the multiple transfers. I remain deeply appreciative of their efforts. All my domains now reside with GoDaddy, with maximum security measures in place. David's recovery involved name.com directly confronting the attacker, while mine was likely a company-to-company resolution.

This experience underscores the plight of smaller website owners lacking the resources to publicly pressure those responsible. David's effective use of Twitter highlights the importance of public awareness in such situations. Successful resolution can be good publicity; failure, the opposite.

Three years later, my web host suffered a separate compromise (possibly unrelated). The perpetrator, Earl Drudge, was even interviewed on the ShopTalk Show.

The above is the detailed content of The Case of the Stolen Domain Names. For more information, please follow other related articles on the PHP Chinese website!