Date: 2005-10-31 07:23:00
Tags: web
domain hijacking
I recently transferred some domain names from register.com to namecheap.com. The way you do this is to go to the new registrar (namecheap.com), enter all the domain info, pay for one additional year, and they do all the work of transferring the domain name from the old registrar (register.com). Register.com sent me some emails during the transfer process to notify me that a requested transfer was taking place, and to go to an indicated URL if the transfer request was not correct. Not! What on earth are they thinking? I did nothing (as indicated) and the transfer request was successful. Anybody could have hijacked my domain names out from under me, if I had not seen the domain transfer emails. Now, namecheap.com supports locking the registration record so that this can't happen again.

For .org domains, transferring a domain requires a code called EPP or something that you get from your old registrar. So I had to log in to my register.com account to get that code. But .com and .net require no such thing. Remember who runs .com and .net? Verisign! They continue to be evil by default.

Comment

[info]lithiana
2005-10-31T15:36:36Z
after the panix.com domain hijacking, i think a few registrars enabled domain locking for all their customers. IIRC, this is something you can do with any registrar anyway, some of them just don't enable it by default (lord knows why not).

but, yes, it is quite silly how easy it is to transfer a domain without authorisation.
[info]bovineone
2005-10-31T16:57:12Z
register.com supports domain locking, but there just isn't any webpage with a control to do it. You have you open a support ticket and ask the tech person to enable the lock for you.
[info]decibel45
2005-11-02T01:25:54Z
Note that .org runs on PostgreSQL, too. :)
Greg Hewgill <greg@hewgill.com>