Your Website Could be Stolen, Legally
By Robert McMillen, Koin’s Tech Guru
Amid the many stories of hackers breaking into websites and changing the home pages to something unintended by their owners comes a different kind of problem. You could have your website stolen legally, and attempted to be sold back to you at a premium.
Whenever your website comes up for renewal, you may be surprised to know it’s not always your website host that will inform you it’s time to renew. When you purchase a domain name, you buy it from a registrar. Examples of registrars are Network Solutions, Register.com, and GoDaddy. You can opt to have your registrar also host your domain, or you could pick another website company to do it for you.
We had a case this week where one of our reader’s website was stolen legally, but not ethically, right from under them. Back in December Eileen was informed by her registrar, GoDaddy, that her company’s domain name was going to need to be renewed. One option you can choose when you register your domain is to have it auto renew when it comes up for renewal at the end of the subscription. If you buy one year at a time it will cost you more to renew each time than if you buy three years or more.
Eileen went with the discounted rate by choosing to buy for five years, but have another company host the website. If you choose to auto renew your site but don’t update your credit card expiration date, then it doesn’t matter if you have it set to auto renew. The card will be declined, and you will need to check your email to make sure you are made aware of this. Sometimes spam filters filter out the reminder, so it’s best to set a calendar entry for the future as to when the domain will expire.
Eileen was aware that the domain was going to expire because she did receive the reminders the month prior to the expiration. In December, she decided to consolidate her domains to one registrar for her company’s three websites. She wanted to transfer out the GoDaddy domain and move it to Network Solutions. She sent emails back and forth between GoDaddy and Network Solutions trying to get this done before the expiration date, but somehow got sidetracked and the domain expired.
One day last week the company’s email stopped working and they contacted me to find out if I could help. Here’s where things get technical, but I will try to make it a little less dry than beach sand (where my wife and kids would rather be right now anyway).
Registrars try to give you an extra six weeks after payment expires before they allow your website to be purchased by other companies. The day it reached six weeks after expiration, a cyber squatter bought the domain and immediately sent an email to Eileen’s company to ask them if they wanted to buy it back. They thought the email was a joke and deleted it. After their email stopped working they realized that it was no joke.
I went to their domain name in my web browser and it pulled up a “for sale” sign with an email address to reach the new owner. I tracked down the new owner and asked nicely to give it back, as he was squatting, which is illegal but almost completely unenforceable. He laughed and told me to make him an offer.
There is a governing body called ICANN that is supposed to regulate these kinds of things, but it may take months or years to get it resolved. Eileen’s company has letterhead, business cards, yellow page ads and other advertising tied to this domain which would make it expensive to try to change. They asked me to make an offer for them. I decided to start low and go from there, so I offered $100. He laughed this off and came back with a demand for $5,000 plus some other bogus fees. Now, what makes this illegal in our country is that he has no business that operates under the name of the company’s website which he stole. But in his country it was legal, and no one in either country will do anything about it. ICANN will usually force the registrar to give the website back after a very long time and lots of legal work.
The cyber squatter dared me to pursue it, knowing Eileen’s company would spend thousands on legal fees and months of wasted time. At that point I turned the case back over to Eileen and said, “If you really want this resolved right away, it’s time to call your attorney to work out a deal.”
The real way to beat these guys is, unfortunately, to give up the domain for about three to six months. He will ultimately not be able to sell the domain to anyone else and the price will likely come down to the $100 figure I originally offered. If you look at the big picture, it’s just a huge inconvenience to do so. You will hopefully be in business for many more years than that and after a period time you will get it back for a more reasonable offer. Eileen’s company will have to weigh those options and see what is worth more to them, notifying of all their customers and contacts to use new email addresses and domain name, or paying the exorbitant fee to a criminal so they don’t lose the confidence of their customers. It is a nightmare either way.
Finding the squatter was not a problem. Through a service called “Who Is Contacts” I found out he is based in Armenia. He wasn’t hiding because he wanted us to find him so he could get paid. He is just hiding behind the law of his country so he could get away with it. I did a search of his email address and I found he has been doing this with dozens of other companies for a very long time. He even admitted to this when I contacted him, and was quite proud that this was how he made his living.
About ten years ago, Microsoft forgot to re register their domain for their MSN customers. Fortunately, one of the customers found out before the bad guys did and registered it himself and gave it back to Microsoft. Many other companies didn’t realize how powerful the web would be, so squatters registered domains for America’s largest corporations and squatted on them until the big companies realized their mistake. Most of the big companies had lawyers and money to get the domains back without having to pay off the squatters, but smaller companies like Eileen’s will have a difficult time paying $5,000 to this miscreant.
Now that you know the risks and how to avoid them, make sure your website doesn’t fall into the hands of a squatter. Make calendar entries now so your domain won’t expire. Update your credit card with the registrar online and check periodically that the domain hasn’t accidentally expired.
For great tips, check back here each week and listen to me on the All Tech Radio show at 9:00 Sunday mornings on AM 1360 KUIK, or listen online at http://alltechradio.com.
To buy my latest book “How to be an IT Administrator,” go to http://howtobeanitadministrator.com/
If you would like your technical question answered here, just email rmcmillen@koin.com. Even if it doesn’t get answered in the column, I will always answer by email.
Amid the many stories of hackers breaking into websites and changing the home pages to something unintended by their owners comes a different kind of problem. You could have your website stolen legally, and attempted to be sold back to you at a premium.
Whenever your website comes up for renewal, you may be surprised to know it’s not always your website host that will inform you it’s time to renew. When you purchase a domain name, you buy it from a registrar. Examples of registrars are Network Solutions, Register.com, and GoDaddy. You can opt to have your registrar also host your domain, or you could pick another website company to do it for you.
We had a case this week where one of our reader’s website was stolen legally, but not ethically, right from under them. Back in December Eileen was informed by her registrar, GoDaddy, that her company’s domain name was going to need to be renewed. One option you can choose when you register your domain is to have it auto renew when it comes up for renewal at the end of the subscription. If you buy one year at a time it will cost you more to renew each time than if you buy three years or more.
Eileen went with the discounted rate by choosing to buy for five years, but have another company host the website. If you choose to auto renew your site but don’t update your credit card expiration date, then it doesn’t matter if you have it set to auto renew. The card will be declined, and you will need to check your email to make sure you are made aware of this. Sometimes spam filters filter out the reminder, so it’s best to set a calendar entry for the future as to when the domain will expire.
Eileen was aware that the domain was going to expire because she did receive the reminders the month prior to the expiration. In December, she decided to consolidate her domains to one registrar for her company’s three websites. She wanted to transfer out the GoDaddy domain and move it to Network Solutions. She sent emails back and forth between GoDaddy and Network Solutions trying to get this done before the expiration date, but somehow got sidetracked and the domain expired.
One day last week the company’s email stopped working and they contacted me to find out if I could help. Here’s where things get technical, but I will try to make it a little less dry than beach sand (where my wife and kids would rather be right now anyway).
Registrars try to give you an extra six weeks after payment expires before they allow your website to be purchased by other companies. The day it reached six weeks after expiration, a cyber squatter bought the domain and immediately sent an email to Eileen’s company to ask them if they wanted to buy it back. They thought the email was a joke and deleted it. After their email stopped working they realized that it was no joke.
I went to their domain name in my web browser and it pulled up a “for sale” sign with an email address to reach the new owner. I tracked down the new owner and asked nicely to give it back, as he was squatting, which is illegal but almost completely unenforceable. He laughed and told me to make him an offer.
There is a governing body called ICANN that is supposed to regulate these kinds of things, but it may take months or years to get it resolved. Eileen’s company has letterhead, business cards, yellow page ads and other advertising tied to this domain which would make it expensive to try to change. They asked me to make an offer for them. I decided to start low and go from there, so I offered $100. He laughed this off and came back with a demand for $5,000 plus some other bogus fees. Now, what makes this illegal in our country is that he has no business that operates under the name of the company’s website which he stole. But in his country it was legal, and no one in either country will do anything about it. ICANN will usually force the registrar to give the website back after a very long time and lots of legal work.
The cyber squatter dared me to pursue it, knowing Eileen’s company would spend thousands on legal fees and months of wasted time. At that point I turned the case back over to Eileen and said, “If you really want this resolved right away, it’s time to call your attorney to work out a deal.”
The real way to beat these guys is, unfortunately, to give up the domain for about three to six months. He will ultimately not be able to sell the domain to anyone else and the price will likely come down to the $100 figure I originally offered. If you look at the big picture, it’s just a huge inconvenience to do so. You will hopefully be in business for many more years than that and after a period time you will get it back for a more reasonable offer. Eileen’s company will have to weigh those options and see what is worth more to them, notifying of all their customers and contacts to use new email addresses and domain name, or paying the exorbitant fee to a criminal so they don’t lose the confidence of their customers. It is a nightmare either way.
Finding the squatter was not a problem. Through a service called “Who Is Contacts” I found out he is based in Armenia. He wasn’t hiding because he wanted us to find him so he could get paid. He is just hiding behind the law of his country so he could get away with it. I did a search of his email address and I found he has been doing this with dozens of other companies for a very long time. He even admitted to this when I contacted him, and was quite proud that this was how he made his living.
About ten years ago, Microsoft forgot to re register their domain for their MSN customers. Fortunately, one of the customers found out before the bad guys did and registered it himself and gave it back to Microsoft. Many other companies didn’t realize how powerful the web would be, so squatters registered domains for America’s largest corporations and squatted on them until the big companies realized their mistake. Most of the big companies had lawyers and money to get the domains back without having to pay off the squatters, but smaller companies like Eileen’s will have a difficult time paying $5,000 to this miscreant.
Now that you know the risks and how to avoid them, make sure your website doesn’t fall into the hands of a squatter. Make calendar entries now so your domain won’t expire. Update your credit card with the registrar online and check periodically that the domain hasn’t accidentally expired.
For great tips, check back here each week and listen to me on the All Tech Radio show at 9:00 Sunday mornings on AM 1360 KUIK, or listen online at http://alltechradio.com.
To buy my latest book “How to be an IT Administrator,” go to http://howtobeanitadministrator.com/
If you would like your technical question answered here, just email rmcmillen@koin.com. Even if it doesn’t get answered in the column, I will always answer by email.
No comments:
Post a Comment