In one of our previous web log posts, we looked at a few useful tips on how to protect your domain proper noun. As much as y'all may rely on the domain provider to keep your domain condom from unauthorized third parties, you should put some effort into that on your end also.

A few of the adept practices are to use a unique e-mail address, to ready up a strong account password, and to go on the domain active. Unfortunately, somebody may hijack your domain name nonetheless. Although this is not a very likely scenario, you lot should be prepared should it happen.

In that location are dissimilar reasons how this tin can happen – the registrar may suffer a data leak, you lot may open up a phishing site and somebody may steal your login credentials, etc. In this article, we will have a look at the steps you tin can take to get your domain dorsum and minimize the damage.

  • Check if your domain proper name was really hijacked
  • Make sure your domain did non expire
  • Check if your website got hacked, not the domain
  • Somebody really hijacked my domain!
  • Scan your computer for malware and update your login credentials
  • Contact your registrar company
  • Regain access to your domain account
  • If the domain is there, merely its DNS records are inverse
  • If the domain has been transferred abroad
  • Contact ICANN
  • Check popular marketplaces and domain forums
  • Contact a dispute resolution provider
  • Continue consummate documentation for your domain proper noun
  • In determination

Check if your domain name was really hijacked

If you open your domain proper name in a browser and it does non open up your website anymore, information technology is natural to think that somebody stole it. This may not be the case, though. Before you lot panic, you should double-check what may accept happened. If y'all have any doubts, you can e'er contact your registrar visitor and cheque whether your website does non open due to some trivial reason and not due to a domain theft.

Make sure your domain did not expire

When a domain name expires, its name servers (DNS records) are changed automatically by the registrar visitor. As a consequence, the domain no longer points to the business relationship where it is hosted and no longer opens the website it used to. Instead, information technology opens a page from the registrar'due south system and it is upwardly to the registrar if they will display ads or some other content. In nearly cases, you will encounter a note that the domain has expired, only sometimes such a note may not be that visible.

All information technology will take to become your website back online volition be to renew your domain through the registrar company (or their reseller, depending on where you lot bought the domain from). Once the original DNS records propagate, everything volition exist back to normal.

If y'all fail to renew the domain for more than a couple of months, though, it will exist deleted from the public infinite. Once this happens, anybody tin register the domain name and no matter how long you may take used it for, information technology will no longer be "your" domain. Unless you have some legal correct over that domain, there won't exist much y'all can exercise to go it dorsum. You can requite it a endeavor, though, and you can check our commodity on how to learn an already registered domain for a few hints on how you tin continue.

An example of a page that an expired domain opens

Check if your website got hacked, not the domain

If y'all use any outdated themes or plugins, or y'all have not updated your website for a while, in that location is a chance that the site can get hacked. Sometimes hacked websites are left intact and malicious content is added to them, other times their content is replaced entirely.

If such a thing happens, you should contact your web hosting provider right away and y'all should restore your website if you have a clean fill-in. As the hosting and the domain are unlike services, 1 may get compromised, merely the other one may non exist afflicted. Thus, if you notice that your domain name no longer opens your website, this does not necessarily hateful that somebody hijacked your domain.

If you have any doubts about your domain proper name, the best course of action will be to check the account yous have with the registrar company and see if your domain is yet listed there. Yous volition conspicuously run into whether the domain has expired, or whether its proper noun servers still signal to your spider web hosting service or to some tertiary-political party server.

Of form, there are some edge cases – if you take a .DE domain, for example, and you lot allow it expire, the top-level registry DENIC will pull the domain from the registrar visitor the twenty-four hours the domain expires, and then you will not see it in your domain business relationship. If you have any doubts regarding your domain name, you should contact your registrar company for more than information.

Somebody really hijacked my domain!

Unfortunately, it is possible that somebody really stole your domain name. If this is the example, yous should act fast. We have prepared a list of steps you tin can take to get the domain back.

Scan your computer for malware and update your login credentials

This is something y'all should do immediately afterward you find out about the security breach. If your domain name was hijacked, at least one of your accounts has been compromised. Whether it was your email address or the domain account, it would be better to update all of your passwords. If possible, you should do this from a reckoner you do not ordinarily utilize.

You should scan your ain reckoner for malware as this is the well-nigh likely reason why an unauthorized party gained access to your account. Utilize long and complex passwords. Enable 2-factor authentication for your email and domain accounts, if available.

Contact your registrar company

You should contact the registrar visitor for aid and for guidance on how to proceed depending on the specific example. If you lot are non sure whether y'all bought the domain directly from a registrar or from a reseller, you can do a WHOIS lookup using https://tickets.suresupport.com/whois or https://whois.com, for example. Y'all will see the pinnacle-level registrar company for your domain name.

Whether somebody gained access to your account and is at present in control of the domain, or they transferred the domain to a new registrar, the only visitor that can aid you is the registrar that you lot pay to for the domain registration. Many registrar companies accept a dedicated transfer dispute department that handles cases of unauthorized domain transfers.

Regain access to your domain account

One time y'all have established what registrar visitor you lot should contact, you should regain access to your account. No thing if your domain has been transferred to another provider or non, you should be able to admission your account. This mode, you can communicate more effectively with your registrar, y'all will protect whatever other domains you may have, and you lot will prevent everyone else from accessing your account.

You may have to ship a copy of your ID to the registrar to bear witness your identity. Every bit long every bit you lot had valid contact information in the business relationship, they will be able to validate who y'all are then you tin log in and take back the control of your domain. In one case you are able to log in, you lot tin can confirm whether your domain name is there or not and whether its DNS records accept been changed. You can besides inquire your registrar if they have some logs when the breach may have happened and where the unauthorized person accessed your account from.

If the domain is at that place, but its DNS records are changed

The lesser of two evils will exist for an unauthorized 3rd party to access your domain account and to point your domain name to some hosting provider without transferring information technology. The reason why somebody would do that is to utilise your domain for malicious purposes. They may non be able to transfer the domain for various reasons, or they may simply not want to heighten suspicion as a transfer oftentimes involves notifying the domain possessor.

Y'all can hands see if this is the case if you open your domain proper noun and yous don't see your site or a default page from your registrar (this excludes the aforementioned case of your website beingness hacked). If this happens, you can log in to your domain business relationship and restore the previous DNS settings.

If the domain has been transferred away

In case that your domain has been transferred away, you should take steps to become it back. It is important to know that you should still contact the original registrar and y'all should not waste time contacting the new one. As far equally the new company is concerned, whoever stole your domain is a legitimate customer who owns the name, while you tin can exist the one trying to trick them. They will not have whatever tape of you owning the domain, then you should non waste material precious time trying to convince them that their customer stole your domain.

Your registrar, on the other paw, tin verify who you are. They will have records when the domain was transferred away, whether its contact information was modified, who was listed as the owner before the transfer took place, etc. They can besides initiate a process of transferring your domain back from the new registrar in case that they have enough evidence that the initial transfer was fraudulent. This tin happen at any time, no thing when the fraudulent transfer took place, as long equally the domain has non been transferred to a 3rd registrar meanwhile. In the general case, a domain can be transferred only if 60 days have passed afterwards a previous transfer. This policy will guarantee that whoever stole your domain, won't be able to move it to a third company for a couple of months. It will also requite y'all enough time to work with your registrar to get the domain back.
The process of getting the domain back involves a formal complaint past the former registrar in accordance with ICANN'southward Transfer Dispute Resolution Policy. Y'all, being the registrant/owner, will not exist involved in this process, only if y'all are interested, you can see the policy at https://world wide web.icann.org/resource/pages/tdrp-2012-02-25-en.

Contact ICANN

Another option is to contact the Internet Company of Assigned Names and Numbers (ICANN). They accept, adopt, and enforce the policies every bit to how the domain proper name organization works, and supervise the superlative-level domain registries and registrars.

If your registrar visitor is non helpful in giving you access to your domain or in transferring the domain back from another company, you can contact ICANN directly using https://forms.icann.org/en/resources/compliance/complaints/transfer/course. They volition in plough contact the registrar and enquire them to investigate the case and take the necessary measures to resolve it.

Marketplaces are a popular place to sell a stolen domain

Whoever stole your domain name may attempt to make some quick money by selling it. They cannot make money by using information technology themselves in the long term as yous will well-nigh likely get it back soon.

If they transferred the domain away from your registrar, you lot will accept the aforementioned 60 days to act before another transfer tin take place. While you work with your registrar and mayhap a lawyer and the authorities, you lot can check popular marketplaces and forums where domain names are beingness sold. It is likely that the person who stole your domain will attempt to sell information technology there, and then if you discover it, inform the site operators right away.

You may also publish a mail on domain give-and-take boards and then as to make the hijacking public. The more people are enlightened of the theft, the less likely it volition be for an unsuspecting third political party to buy the domain from the thief.

Contact a dispute resolution provider

If your domain name includes a trademark, y'all tin file a complaint to a dispute resolution provider such as the Arbitration and Mediation Center of the World Intellectual Property Organization (WIPO). These organizations offer services under ICANN'southward Uniform Domain Name Dispute Resolution Policy (UDRP), which applies to all generic height-level domains.

Y'all will take to pay a fee for the complaint to exist reviewed, just this can save y'all a lot of fourth dimension and efforts as you may not have to seek legal advice or to contact the local regime. The latter is of import as online matters are regulated in different means worldwide, then it is very probable that the government in your country will non take jurisdiction to deal with your case.

Once you file a complaint, an contained and impartial domain name panelist volition be assigned to handle your case. They will contact the electric current registrar to request information about the domain, including the current WHOIS information and the contact details the domain was registered with.

During this formal proceeding, the registrar will lock the domain name, so the thief will non be able to use it, sell it, or transfer it to a different company. If the panel finds out that the domain is beingness used in bad faith, the registrar visitor will accept to grant you lot access to manage the domain or to transfer it to another registrar of your choice.

Yous tin can see the full list of the ICANN-approved dispute resolution service providers at https://www.icann.org/resources/pages/providers-6d-2012-02-25-en.

Go on consummate documentation for your domain name

No thing if you contact your registrar, ICANN, or a dispute resolution provider, having consummate documentation is very important to prove your rights over the domain. You can present whatever communication you may accept had with the registrar or with other providers, invoices and payment confirmations, renewal reminders, and other domain-related service emails. The more documents y'all have, the easier it will be to prove that yous are the rightful owner of the domain. If yous exercise not have such documents at the moment, it may be time to beginning collecting them simply to exist on the safe side.

There are some useful tools that tin as well assist you to bear witness your buying over a given domain proper noun. If you were listed equally the registrant/owner, you lot can use a WHOIS history record to prove it. Most such tools enquire for a minor fee to provide the consummate record, which is something insignificant compared to the usefulness of the information you can get. As we practise not desire to promote ane paid service over another, yous can look upwards "WHOIS history" in your favorite search engine and pick a provider.

It can as well help if you can testify that the domain was opening your personal or business website. For this purpose, you lot can use the Wayback Car at http://web.annal.org/ . This is a non-turn a profit digital library that keeps snapshots of billions of websites. Yous can find and present a few snapshots of your site from dissimilar points in time.

In this low-cal, you can also use https://whoisrequest.com/history/ to see how the DNS records of your domain have changed through the years. This tool is useful if you want to prove that the domain was pointed to your hosting provider before it was hijacked.

The Wayback Machine allows y'all to see about any website through the years

In conclusion

Losing your domain name tin have a detrimental effect on your online presence. This is why preemptive measures are of utmost importance. Should something happen, though, you should know what to do in order to get your domain proper noun back every bit soon as possible.

The two most of import things are to alter your passwords and to contact your registrar. This will prevent further damage, and you lot tin can start working with the registrar on getting your account and your domain dorsum.

The more vocal y'all are on forums and marketplaces in the meantime, the less likely information technology will be for the hijacker to sell your domain. Of course, y'all should e'er follow the good practices on how to keep your domain name safe so as to make sure you never lose it in the offset identify.