Internet domain and hosting conundrums – by Erez Benari

Internet domain and hosting conundrums – by Erez Benari

The availability of cheap domain and website hosting services like Wix, HostGator and GoDaddy have made website ownership as common as cellphones. However, if not managed carefully, owning a domain or website can make you a target for hackers, and in some cases, things can get ugly.

The main challenge with domain ownership is that it’s managed by companies which employ regular people like you and me. Some of these companies are well-managed and secure, while others are more susceptible to various types of attacks. Using different techniques, from cracking a user’s email through advanced social-engineering attacks, crackers have been hijacking domains for years, often causing huge damages to the original domain owners. For example, this story describes the battle Diigo had to go through when their domains was hijacked for ransom.

Even when a domain registrar has strict and secure policies regarding domain transfers, this doesn’t guarantee our safety. For example, in the case of one of CreateHive’s own customers (who shall remain anonymous), a Canadian company used a legal loophole to forcefully and secretly take over an American domain named owned by a former-partner.

The big question, of course, is what can we do to prevent this from happening. Well, ultimately, if the hijacker is willing to go to any length, not all attacks can be prevented, and that is a risk we need to learn to live-with (similar techniques can and have been used to hijack phone numbers, and even mailing addresses). However, there are a few best-practices we should all follow to make us lesser-desirable targets.

First, for any account that supports it (especially email), enable two-factor authentication (2FA), as well as any other security features that are available. For example, Gmail supports two-factor authentication, so that’s a no-brainer, even if it does make life a little more complicated. When setting up accounts, make sure you use long and complex passwords that can’t be easily guessed. Try to avoid using similar or identical passwords across multiple services, and avoid setting your account-recovery questions to something that’s easy to find (that’s how the Fappening happened!).

Another thing to avoid is using your domain for your email, or at least, use an external email (like gmail) for the primary and administrative accounts. The reason for this is because if someone hijacks your domain, that gives them control over your email as well, which would allow them to harvest sensitive business data, block major operational work, and even use the account to crack other services.

When buying domains and setting up hosting, make sure you use a well-known and large provider which is in your own country, and prefer one that has a good reputation for customer support. I know that it’s tempting to choose a 10$/year hosting instead of $100/year, but those 90 bucks could be the difference between sleeping well at night and losing thousands of dollars while your domain is pawned. Also, try to avoid sub-registrars and hosters (those are companies that pretend to be a hoster or registrar, but actually just re-sell a service by someone else). Yahoo does this, for example, as well as 1dollar-webhosting.com. Another thing that could help is buying a domain-privacy, if the registrar allows it (most do, and it’s not expensive). This isn’t a real blocker for any serious attacker, but it will deter many who are looking for easy prey.

Finally, one thing that may be harder, but worth considering, is trying to design your business in a way that doesn’t make you too dependent on your digital assets. It’s the classic idea of not putting all your eggs in one basket. One step could be using multiple email addresses and making sure customers know them all (as well as your phone number). If you sell online, offer your products through multiple venues like eBay and Amazon, instead of only via your site. Also, if you do have multiple online presence points, make sure you monitor them all routinely (for example, if you are listed on google maps, check the listing at least twice a month).

In closing, it becomes apparent that in today’s world of cyber crime, owning a domain and website is not as simple and trivial as it may seem. However, the answer is not to shy away from the internet, but to realize that security planning needs to be part of our routine. Just like we install locks on our doors and alarm systems in our offices and stores, so must we invest thought, time and money in securing our digital assets. With some clear thinking and planning, most of us will never fall victim to cyber hijackers.

Copyrights Common Sense

Copyrights Common Sense

First I must admit, this blog post, in particular, is being written not only from my professional designer’s point of view but from a very personal place as well. Copyright matters affect me on both levels and evoke strong feelings about honor and courtesy, even before consideration of the legal aspects.

In the follow, I won’t get into the laws and formal regulations, as there are enough articles written about that. Instead, I will try to appeal to your common sense.

Copyright Concept:

To simplify the concept of copyright into a few words is very simple: “I create it, therefore it is mine.

Most of us are very familiar with the concept of ownership:

  • If someone takes something from us without our consent, we consider it theft.
  • If we want something that belongs to someone else, either we buy it or we will ask for permission to borrow it, take good care of it, and return it to the owner as agreed.

So why when it comes to copyright, do so many people disregard these basic rules?

The problem:

Copyright infringements have increased along with internet growth. The internet brought us closer to endless resources, textually and visually. With so much data and material within reach, the lines of ownership become blurry. Adding to the problem, is the sense of anonymity users have, that in some cases translate to a lack of responsibility of how they act over the web.

More and more I see a shift of how people perceive “ownership”. What once was “I create it, therefore it is mine,” has become “I could copy it, therefore it is mine to use.” Well, not really.

As a designer I have been asked many times to integrate images or other artwork (provided by a client) into my designs. When I ask the origin of the material I often get the answer, “From Google or Bing image search.” My reply is always, “Sorry but I can’t use it, unless you purchase the license of usage.” Then, I have found myself with very disappointed and often angry clients who have a hard time understanding why they need to pay for something that they can just copy and paste to their own computer. After all, it was there for all to see.

Copyright common sense:

After years trying to simplify a good and short answer to explain what is wrong with that scenario, I came up with this analogy:

While browsing the web you like one of their images/articles, so you decide to take it and use it in yours;

Is the same as:

While eating in a restaurant you like their chairs, so you decide to take one to use in your home.

Even then, some people can’t shake the idea of paying for something that they could so easily copy and reapply to their use for free, thinking that after all it is the internet, who will know? But ask yourself, is it committing a crime suddenly ok, because your chances of getting caught are low?

Summery:

Photographers, designers, writers, marketers… we all work very hard and put a lot of effort into what you see as a final product. Some materials may have been published independently while others may have been commissioned by clients. We are all happy that you like what we did, so much so that you would like to use it for your stuff too. What now? Ask us for permission. You may be requested to pay a one-time fee, or a licensing fee for repeat usage, or simply credit the maker. There will be times you may not receive permission to use the material at all. But there may also be times you are able to at no cost.

If you can’t locate the author, too bad. That does not mean you can use the material, it just means you need to keep looking till you do. Or try creating your own original material. In summary, I hope people will apply the same common sense on ownership ideals on the web as they do in real life.

Show Buttons
Hide Buttons