While I normally don’t speak about security issues I have seen nasty things happen to a few bloggers in this niche, so when I was contacted by Cassie Phillips to write this guest post I thought this might be interesting for everybody having properties online generating income. I remember once a friend who had a blog and a forum lost everything because of a small security whole in his Godaddy account, so check Cassie’s recommendations and keep your blog/website safe!
Is your domain name exposed to be hacked?
To answer the question succinctly, a hacker would absolutely want your domain name, and there are in fact certain hackers who make it their modus operandi to acquire as many domain names as possible to use for later. They are a digital resource, and as such, you must make every effort to protect them. Measures are put in place by providers and other organizations, but they cannot be wholly relied on in the tug of war that is the current state of cybersecurity.
Yet there is more to this topic than meets the eye. Let’s explore some of the possibilities and reasoning behind why the current environment is so dangerous for domain name owners and then think about what we can do to protect ourselves:
Why would a hacker want it?
A hacker is primarily motivated by money and challenge, in no particular order. It isn’t particularly challenging to scoop the domain name out of someone’s unsuspecting hands (more on that later), but it is rather profitable for the hacker if they’re any good (and most are).
If your domain name is particularly valuable whether through direct or speculative value (future scenarios and companies are planned and people will absolutely get a name years in advance if they think it’ll be profitable), then you absolutely need to be on the lookout for people who want to steal it away from you or scam you out of it. An attack on you that takes a few hours could net them hundreds or even thousands of dollars once they resell it. Take a look at the following search for “security” from Domain Name Sales:
If your domain name is attached to a specific website you own and produce content for, your name could be targeted for completely different reasons. Some hackers will form botnets out of zombie computers and websites formed from targets infected with malware. A hacker who has taken over your website can infect a large portion of your audience before they catch on and abandon ship (also not a great effect). These botnets are for hire and can earn the hacker some relatively decent passive income. They could also just attempt to sell your website for some quick cash.
How Easy Would It Be to Get it?
It wouldn’t be as difficult as you’d like it to be. All it would take is a breach of your hosting account(s) and depending on the security measures you have in place a sale (at fire sale rates) or transfer can be initiated by the hacker to a throwaway account of their choosing. After a few transfers or a second purchase, it would be extremely difficult for you to get your website back, and it would often require a mountain of red tape and online paperwork.
Getting into your account is an easy thing for advanced hackers and scammers. They actually won’t try to brute force their way into the account (try every possible password with your username) all that often but instead try a phishing scheme or see if you have an automatic log in from another account or device that is easier to infiltrate. It might be entirely possible that on attacking your email account, the gateway to all of your other accounts online, a hacker discovers emails from your host and works their opportunistic magic from there.
It takes no more than 15 minutes, during which you probably won’t notice something going on. Even if you do, there will be little you can do to keep up in the moment, so preventative measures are your best bet for keeping your domain names.
Most defensive preparations are something you can set in place today. Most of them won’t cost you a dime. All of them will help you in one way or another. You are going to want to do the following as soon as possible if you aren’t already:
- Take a look at this list of the most commonly used passwords. To have a password so simple is unacceptable and the bane of many a website and domain name, as hackers will simply try some of these before trying a harder method. Make sure you use an excellent password with multiple types of characters and tell no one. The same idea goes into any other verification methods you might have.
- See if you can lock down your domain names in any manner. Depending on your host, additional security measures such as non-transferability can be available for purchase. These might be worth the investment if you have especially valuable domain names.
- Make sure to protect all accounts that could lead to your hosting account with as much vigor as possible. Additionally, try to remove unnecessary gateways and links between your accounts so that things are too easy for hackers.
- If you have a website that’s in use, make sure that you are taking the appropriate steps to protect it. Thousands of websites are hacked each day simply because of the fact that they are there.
- You are going to want to use a Virtual Private Network (VPN) if you ever deal with your domain names outside of your home (and you probably do, even if you don’t realize it). This is to protect you from hackers on public networks who can intercept your data (including your account info) and keep you anonymous online so no one can track you. Hackers have a harder time hacking what they can’t see.
- Beware of scams online. Nothing on the internet is free, and there are plenty of things that are in fact too good to be true. Trust no one, and only make deals if they seem absolutely legitimate.
You can never be 100 percent protected against attacks on your domain name. You can never know what is coming around the corner. You can, however, be well prepared against the types of attacks and strategies that are known to be used by hackers today. Basic measures can be the difference between months of work lost and a few hours spent resetting your defenses. The investment of time is the absolute best one you can make.
Do you feel confident in the security of your own domain names? Do you think that hosts should be doing more to protect you and your property? Any interesting stories to tell or opinions to share regarding this important security issue?
Please continue the conversation in the comments section below and share this with your friends and colleagues.