When good domains are hijacked by bad people

One of my web sites was hijacked this week. No I don't mean the home page was simply hacked by a 12 year old posting porn. The domain itself was stolen by some aggressive hosting company who was using it to redirect traffic to their Google AdSense ads.

Luckily, the PR5 domain in question was an old one of mine: High Search Engine Ranking. If you view the Google cache for that page, you can still see the hacker's site. So how did this happen? I'm still not entirely sure, but I can narrow it down to a few possibilities:

1) A trojan virus made it's way past my firewall and anti-virus software onto my PC and grabbed my (encrypted!) registrar login details.

2) The server of my registrar, a reseller for TUCOWS, was hacked and my login data stolen.

3) The TUCOWS server was hacked and the domain registrant and login details were stolen.

4) Somebody posed as me and was able to use my personal details to gain access from the registrar to the domain control panel - a case of identity theft.

5) Somebody used brute force password hacking software to crack my login password.

I'm fairly sure it was 4) or 5) but who knows? Sadly, my registrar didn't have a clue. Of course I made it easier for the domain hijacker by leaving my domain account unlocked. A tough lesson. Make sure you always keep your domain locked in the registrar system and don't forget to lock it again if you ever need to unlock it and change your DNS details.

Regardless, I was able to reverse the damage by changing my DNS details back to what they were and changing my login password. It didn't take long for the change to propagate back to my real site but I'm yet to see if any damage has been done to my Google rankings. Make sure you learn from my mistake and go lock up those domains!


Subscribe via: Yahoo Feeds | Feedburner | Technorati | Bloglines