Welcome

You have reached the blog of Keith Elder. Thank you for visiting! Feel free to click the twitter icon to the right and follow me on twitter.

My Worst Electronic Fear Almost A Reality

Posted by Keith Elder | Posted in Internet | Posted on 11-08-2008

What’s the worst thing that could happen to you electronically speaking?  Maybe someone could steal your bank account information?  How about get your credit card information?  Someone stealing your identity?  Those are all the standard things we think of when we think about electronic security.  Or at least the first ones that come to mind.  Sunday morning I woke up and was drinking coffee at the computer.  I saw a tweet from someone on Twitter who asked a question that I had a perfect answer for on my blog.  I typed in my blog address in my web browser to find it and when I did I saw this:

image

First Reaction

My first reaction was I typed in my domain name incorrectly.  I was shocked but not worried or concerned.  Checking the domain name again I realized I had typed in the correct response.  Ok, not cool.  Freak out meter 10% at this point.

Second Reaction

My second reaction was my site had been hacked.  I opened up an FTP connection to the server and checked files.  Everything was in place.  Things were fine.  Not freaking out yet, but fearing the worst at this point.  Freak out meter 15%.

Third Reaction

My third reaction was Comcast messed up DNS and or cached some wrong information.  I opened up a command prompt and typed in:

ping keithelder.net

I got back an IP address that I didn’t recall.  Ok, what’s going on.  Freaking out meter was now at 65.43%.  Thinking quickly I asked myself, how could someone change my IP address of my domain.  Answer, they are in control of my DNS!  Ok, freak out meter just went to 85%.

Fourth Reaction

I pulled up http://samspade.org which is an online site that allows a WHOIS query to be run.  I checked my DNS records and everything appeared to be fine.  But then I noticed something at the bottom of the page that sent chills down my spine:

image

Today was August 10th!  For reasons I still cannot explain, my domain had expired!  Ok, freak out meter was now at 100%.

My Worse Fear

The worst fear imaginable hit me.  Do you remember the things I brought up at the beginning about bank information, identity etc?  Every bit of that could be very well underway if someone took over my domain.  There are people or companies out there that make a living buying domains after they expire.  To get a domain back from these people is almost virtually impossible without hiring a lawyer and taking action or spending a large sum of money.  For the domain snatcher, these domains can be a gold mine because of previous page rankings and previous built traffic.

Think about it, if someone controls the domain, they control the email accounts.   If they control the email accounts they can reset passwords to accounts you use online (which is why I hate systems that verify identity via email).  This is about the point I started to freak out and hit 100%.

Restoring Logical Order

I pulled up my registrar and logged in.  I didn’t see my domain.  Thinking under immense pressure I thought I had completely screwed up.  I quickly picked up the phone and made a call to tech support and got someone.  I explained the situation in just a few words and the representative pulled up my account.  He then gave me a HUGE sign of relief and said, “Your domain is listed under the expired section.  If you go there, you can renew it.”

Whew, no one had taken control over it (my worst fear).  I started to verbally abuse myself for letting my domain expire.  I thought the domain was set on auto renew but it wasn’t.  After getting over my worst fear of someone hijacking my domain, logical order started to return to my brain. 

How Domain Expirations Work

After logical order was restored to my brain I realized that technically it takes longer than one day to snatch a domain after it expires.  As a matter of fact it takes about 75 days after a domain expires to be fully removed from the ICANN database.  For those that don’t know there is 40 days after a domain expires that is considered a grace period.  Then there is a redemption period and then there are 5 days of a deletion period.  Thus technically I had about 74 days left to re-buy my domain.  But for those days my web site would be showing the web site you saw above, NOT COOL.

I’m Not The Only One

Before you start pointing fingers and laughing at my situation note that I’m not the only one that’s had this happen.  Probably the most famous story I remember is a story from 1999 when Microsoft forgot to re-register their Hotmail.Com domain.  You read the correctly, Hotmail!  A Hotmail subscriber re-registered the domain to restore their email services just so he could get his email.

http://news.cnet.com/Good-Samaritan-squashes-Hotmail-lapse/2100-1023_3-234907.html

There are others, and probably a lot we don’t even know about.

Lessons Learned

If you own your own domain(s) there are some huge lessons that can be learned from this.

  1. Make sure you can get emails from your registrar.  Double and triple check spam filters and email inbox rules to make sure if they send you something it gets into your Inbox.
  2. If your registrar offers the option to set your domains to auto renew, do it.  The registrar I use has this option.  For some reason I forgot to set it though.
  3. Use a credit card like American Express that you pay off every month and don’t have to worry about being over balance on.  AMEX is great for re-occurring charges and bills you pay off at the end of the month.  This will ensure when it comes time for the domain to be renewed it will be.  Or at least give you a better shot at it. 
  4. Schedule the expiration date of your domain(s) in your calendars.  Notice I said plural.  Put this everywhere you can.  In most cases registrars email the owner of a domain when it is about to expire, but just in case their email gets trapped by a spam filter or something and there is a problem you’ll be reminded to double check it. 

Everything turned out fine in the end but the feeling I had of potentially having my main domain taken away is a feeling I do not wish to repeat for the foreseeable future.  If you own a personal domain (as I know many of you do) you maybe should think twice about letting that domain expire if you have email accounts tied to that domain, even if you don’t use that domain anymore.  At least make sure you have no ties to it whatsoever before letting it expire.  Whatever you are doing right now, stop and check if your domain is about to expire and follow my tips above.  Don’t be like me and suddenly start selling real estate on a Sunday morning.  🙂

Write a comment