Domain protection is easy
On Habré more than once touched on the topic of domain abstraction, for example here or here . There was even a video tutorial where the mechanism is intelligibly and detailed. This can be resisted.
There are several ways to steal domains, but for the most part they are based on the negligence and forgetfulness of administrators (for example, a mailbox was not used for a long time and it was deleted).
Thus, the problem has been described more than once, the reasons why it exists, but no one has proposed a mechanism to combat it. This was a good opportunity for our team to develop a protective mechanism aimed at protecting the domains of bona fide owners.
It has been 2 weeks since we watched a video that clearly describes the method of domain theft (which, in fact, was the impetus for starting the development of a protection method) and a mechanism was successfully implemented to protect the domains of our customers.
Protection is provided free of charge and only to those domains that are hosted by the Netfox registrar.
We make the “Domain Name Protection”
service available at Habrahabrosud: You can enable the service simply with a single click of the mouse button in your Personal Account at Netfox Registrar, but to disconnect you will need to make some efforts and this is the main protection mechanism — you need to submit an application to the company’s office to disable the service, or send a certified statement by a notary by mail. The application should be directly from the domain administrator with attached copies of the necessary documents.
By enabling the service you protect the domain from interception and block actions:
- changes to the ns-servers of the domain;
- changes to the domain’s contact information;
- Change the domain administrator;
- domain transfer to another registrar.
If an unauthorized change of information is attempted, the administrator will be notified by e-mail.
All partners use the API to access the Registrar's domain name registration system. Protection is set at 2 levels of the entire system:
1. at the API level,
requests for changing domain / administrator data are blocked instantly when protection is turned on, a notification is generated to the administrator.
2. at the Registrar's level,
any actions of the Registrar's employees in the system are also controlled by this service - at any written request of the administrator, our employees will also not be able to make changes if the service is activated. Only a responsible person who processes written applications for disabling protection can remove protection.
Information about the included protection for each domain is displayed in the User’s Personal Account if he has a direct agreement with the registrar.
Partners are gradually getting closer to providing a similar service for their customers - just add a simple function to call protection and display the status on their site.
Protection status for all domains is also displayed in the Registrar’s Whois service in the state field:
... PROTECTED - means that the domain is protected.
... NOT PROTECTED - means that the domain is not protected by the service.
From the first day of introducing the service, it is used by customers.
What is the advantage for organizations:
- the company administrator will not be able to accidentally or deliberately bring your site down (by changing the ns server);
- the administrator will also not be able to change the contact numbers or e-mail domain.
And the common advantage for everyone is that if a password is lost, an attacker gaining access to your Personal Account will not be able to do anything with the domain - all operations are simply blocked.
Perhaps this service will gain popularity with other registrars and the Coordination Center together with the Technical Center will make the status global, that is, it will be displayed in the main registry. But while in this direction a step has been taken by one registrar out of 25.
You can read more about the Service on the page:
http://www.netfox.ru/domains/protected/
We invite all interested domain owners to test the service, it is possible to find flaws and express your opinion in the comments.
Of course, the proposed measures are not the solution to all problems. Therefore, to be continued!
There are several ways to steal domains, but for the most part they are based on the negligence and forgetfulness of administrators (for example, a mailbox was not used for a long time and it was deleted).
Thus, the problem has been described more than once, the reasons why it exists, but no one has proposed a mechanism to combat it. This was a good opportunity for our team to develop a protective mechanism aimed at protecting the domains of bona fide owners.
It has been 2 weeks since we watched a video that clearly describes the method of domain theft (which, in fact, was the impetus for starting the development of a protection method) and a mechanism was successfully implemented to protect the domains of our customers.
Protection is provided free of charge and only to those domains that are hosted by the Netfox registrar.
Principle of operation
We make the “Domain Name Protection”
service available at Habrahabrosud: You can enable the service simply with a single click of the mouse button in your Personal Account at Netfox Registrar, but to disconnect you will need to make some efforts and this is the main protection mechanism — you need to submit an application to the company’s office to disable the service, or send a certified statement by a notary by mail. The application should be directly from the domain administrator with attached copies of the necessary documents.
By enabling the service you protect the domain from interception and block actions:
- changes to the ns-servers of the domain;
- changes to the domain’s contact information;
- Change the domain administrator;
- domain transfer to another registrar.
If an unauthorized change of information is attempted, the administrator will be notified by e-mail.
Technical implementation
All partners use the API to access the Registrar's domain name registration system. Protection is set at 2 levels of the entire system:
1. at the API level,
requests for changing domain / administrator data are blocked instantly when protection is turned on, a notification is generated to the administrator.
2. at the Registrar's level,
any actions of the Registrar's employees in the system are also controlled by this service - at any written request of the administrator, our employees will also not be able to make changes if the service is activated. Only a responsible person who processes written applications for disabling protection can remove protection.
Information about the included protection for each domain is displayed in the User’s Personal Account if he has a direct agreement with the registrar.
Partners are gradually getting closer to providing a similar service for their customers - just add a simple function to call protection and display the status on their site.
Protection status for all domains is also displayed in the Registrar’s Whois service in the state field:
... PROTECTED - means that the domain is protected.
... NOT PROTECTED - means that the domain is not protected by the service.
results
From the first day of introducing the service, it is used by customers.
What is the advantage for organizations:
- the company administrator will not be able to accidentally or deliberately bring your site down (by changing the ns server);
- the administrator will also not be able to change the contact numbers or e-mail domain.
And the common advantage for everyone is that if a password is lost, an attacker gaining access to your Personal Account will not be able to do anything with the domain - all operations are simply blocked.
Perhaps this service will gain popularity with other registrars and the Coordination Center together with the Technical Center will make the status global, that is, it will be displayed in the main registry. But while in this direction a step has been taken by one registrar out of 25.
You can read more about the Service on the page:
http://www.netfox.ru/domains/protected/
We invite all interested domain owners to test the service, it is possible to find flaws and express your opinion in the comments.
Of course, the proposed measures are not the solution to all problems. Therefore, to be continued!