So your domain name was hijacked, what do you do now? Panic and curl up in a ball in the corner of the room hoping your manager doesn’t find you?
Well, you can do that…but that won’t help you solve the matter at all!
Instead, here are some steps you can take first to double check your Domain Name was really Hijacked:
#1: Check if your domain name was really hijacked
If you open your domain name in a browser and it does not open your website anymore, it is natural to think that somebody stole it. This may not be the case, though. Before you panic, you should double-check what may have happened. If you have any doubts, you can always contact your registrar company and check whether your website does not open due to some trivial reason and not due to a domain theft.
#2: Make sure your domain did not expire
Just like how sometimes we forget to pay our credit card bill, we might also forget to renew our domain name.
And when a domain name expires, its name servers (DNS records) are changed automatically by the registrar company. As a result, the domain no longer points to the account where it is hosted and no longer opens the website it used to. Instead, it opens a page from the registrar’s system and it is up to the registrar if they will display ads or some other content. In most cases, you will see a note that the domain has expired, but sometimes such a note may not be that visible.
All it will take to get your website back online will be to renew your domain through the registrar company (or their reseller, depending on where you bought the domain from). Once the original DNS records propagate, everything will be back to normal.
If you fail to renew the domain for more than a couple of months, though, it will be deleted from the public space. Once this happens, anybody can register the domain name and no matter how long you may have used it for, it will no longer be “your” domain. Unless you have some legal right over that domain, there won't be much you can do to get it back. You can give it a try, though, and you can check our article on how to acquire an already registered domain for a few hints on how you can proceed.
#3: Check if your website got hacked, not the domain
If you use any outdated themes or plugins, or you have not updated your website for a while, there is a chance that the site can get hacked. Sometimes hacked websites are left intact and malicious content is added to them, other times their content is replaced entirely.
If such a thing happens, you should contact your web hosting provider right away and you should restore your website if you have a clean backup. As the hosting and the domain are different services, one may get compromised, but the other one may not be affected. Thus, if you notice that your domain name no longer opens your website, this does not necessarily mean that somebody hijacked your domain.
If you have any doubts about your domain name, the best course of action will be to check the account you have with the registrar company and see if your domain is still listed there. You will clearly see whether the domain has expired, or whether its name servers still point to your web hosting service or to some third-party server.
Of course, there are some edge cases – if you have a .DE domain, for example, and you let it expire, the top-level registry DENIC will pull the domain from the registrar company the day the domain expires, so you will not see it in your domain account. If you have any doubts regarding your domain name, you should contact your registrar company for more information.
Somebody really hijacked my domain! So now what?
Unfortunately, it is possible that somebody really stole your domain name. If this is the case, you should act fast. We have prepared a list of steps you can take to get the domain back.
Scan your computer for malware and update your login credentials
This is something you should do immediately after you find out about the security breach. If your domain name was hijacked, at least one of your accounts has been compromised. Whether it was your email address or the domain account, it would be better to update all of your passwords. If possible, you should do this from a computer you do not usually use.
You should scan your own computer for malware as this is the most likely reason why an unauthorized party gained access to your account. Use long and complex passwords. Enable two-factor authentication for your email and domain accounts, if available.
Check popular marketplaces and domain forums
Whoever stole your domain name may try to make some quick money by selling it. They cannot make money by using it themselves in the long term as you will most likely get it back soon.
If they transferred the domain away from your registrar, you will have the aforementioned 60 days to act before another transfer can take place. While you work with your registrar and possibly a lawyer and the authorities, you can check popular marketplaces and forums where domain names are being sold. It is likely that the person who stole your domain will try to sell it there, so if you notice it, inform the site operators right away.
You may also publish a post on domain discussion boards so as to make the hijacking public. The more people are aware of the theft, the less likely it will be for an unsuspecting third party to buy the domain from the thief.
Contact your registrar company
You should contact the registrar company for assistance and for guidance on how to proceed depending on the specific case. If you are not sure whether you bought the domain directly from a registrar or from a reseller, you can do a WHOIS lookup using https://tickets.suresupport.com/whois or https://whois.com, for example. You will see the top-level registrar company for your domain name.
Whether somebody gained access to your account and is now in control of the domain, or they transferred the domain to a new registrar, the only company that can help you is the registrar that you pay to for the domain registration. Many registrar companies have a dedicated transfer dispute department that handles cases of unauthorized domain transfers.
Regain access to your domain account
Once you have established what registrar company you should contact, you should regain access to your account. No matter if your domain has been transferred to another provider or not, you should be able to access your account. This way, you can communicate more effectively with your registrar, you will protect any other domains you may have, and you will prevent anybody else from accessing your account.
You may have to send a copy of your ID to the registrar to prove your identity. As long as you had valid contact information in the account, they will be able to validate who you are so you can log in and take back the control of your domain. Once you are able to log in, you can confirm whether your domain name is there or not and whether its DNS records have been changed. You can also ask your registrar if they have some logs when the breach may have happened and where the unauthorized person accessed your account from.
Contact a dispute resolution provider
If your domain name includes a trademark, you can file a complaint to a dispute resolution provider. These organizations offer services under ICANN’s Uniform Domain Name Dispute Resolution Policy (UDRP), which applies to all generic top-level domains.
You will have to pay a fee for the complaint to be reviewed, but this can save you a lot of time and efforts as you may not have to seek legal advice or to contact the local authorities. The latter is important as online matters are regulated in different ways worldwide, so it is very likely that the authorities in your country will not have jurisdiction to deal with your case.
Once you file a complaint, an independent and impartial domain name panelist will be assigned to handle your case. They will contact the current registrar to request information about the domain, including the current WHOIS information and the contact details the domain was registered with.
During this formal proceeding, the registrar will lock the domain name, so the thief will not be able to use it, sell it, or transfer it to a different company. If the panel finds out that the domain is being used in bad faith, the registrar company will have to grant you access to manage the domain or to transfer it to another registrar of your choice.
Keep complete documentation for your domain name
No matter if you contact your registrar, ICANN, or a dispute resolution provider, having complete documentation is very important to prove your rights over the domain. You can present any communication you may have had with the registrar or with other providers, invoices and payment confirmations, renewal reminders, and other domain-related service emails. The more documents you have, the easier it will be to prove that you are the rightful owner of the domain. If you do not have such documents at the moment, it may be time to start collecting them just to be on the safe side.
There are some useful tools that can also help you to prove your ownership over a given domain name. If you were listed as the registrant/owner, you can use a WHOIS history record to prove it. Most such tools ask for a small fee to provide the complete record, which is something insignificant compared to the usefulness of the information you can get.