Home
PREVENTING “CYBER TERROR”
We deeply apologize to any of you who after clicking on our torahsofer.com link in a search engine were re-directed to a porn site during Oct, Nov and beginning of Dec. ’02. We spent these months struggling to get our torahsofer.com domain returned to us. Our registration lapsed when our registrar sent our renewal invoice to a defunct email address. Because we never received the bill, the domain name expired and became available for re-registration. It was snapped up by a company that redirected our visitors to a porn site.
In hopes that we might protect others from this ordeal, we have excerpted some articles with tips on how to protect your website from attack.
For us, the most important intervention was to make sure the email contact address given to the domain name registrar is a permanent established email account belonging to a trusted, knowledgeable person who will be responsible for paying the registration renewal fee on time. We also gave an alternative email address as a back-up. In addition, we learned that it is important to check on our own website frequently.
We consulted with excellent attorneys who specialize in the Internet and intellectual property rights. We would be happy to refer them to you.
*************************************************
Excerpt from ICANN http://www.icannwatch.org/article.pl?sid=02/10/30/094857
As was discussed…here back in September(?), porn sites are staking out domain names that are about to expire and taking over while the search engine descriptions remain the same and unsuspecting referral sites continue to link. The question is, what can be done about this? I suggest ICANN push for a "holding period" where a domain name remains listed as "occupied" for a certain time after its registration has expired. While I hate AOL, I must give credit where it is due, for they have this sort of "holding period" on screen names. If you decide to cancel your AOL account, your screen name remains reserved for a set period of time (90 days?) where you can re-claim it if you so choose. If you don't renew your account or reclaim the screen name, it goes back into the pool of eligible screen names for other users…. If you're in charge of the site, you have to know what's going on with it, which necessarily entails knowing when the domain name expires.
##############################################
Excerpted from
Domains Reregistered for Distribution of Unrelated Content: A Case Study of "Tina's Free Live Webcam"
http://cyber.law.harvard.edu/people/edelman/renewals/#motivation
In recent years, many Internet users have become aware that when domain names expire (after their original
registrants forget, fail, or otherwise decline to renew them), the domain names may be reregistered by
others. This feature of the management of the domain name system might be thought to be desirable since it
allows and facilitates a turnover of names from those uninterested in using them to those who in fact do seek
to put them to active use. But recent experience shows that this structure also allows domains to be renewed
by firms who do not seem to seek to use the domains to offer original content but rather seem to hope to
profit from the prior promotional works of others.
In particular, such firms often offer pornographic or sexually-explicit images,
advertising, or links or redirects to other commercial sites. The apparent expectation of such firms is that at least some users will request the
web pages previously (before domain expiration) hosting other content; any such users will instead be shown
this new content, likely creating profits for the firms that reregistered the expired domain names.
The domain names that redirect …many …have character strings that suggest the presence of content
quite different from the content ultimately presented after a redirect to the Tina site. For example,
americanmuseumofnaturalhistory.com, aplusparents.com, babysitters.com, bicyclebills.com,
childrens-media.org, childrenwithaids.org, familyconnection.net, freecipro.com, fraudindex.com,
harvardfootball.org, jackson-family.com, minnesotamom.com, napa-auto-parts.com, oceanicmuseum.com,
ourchildstoys.com, ridgefieldhighschool.com, and savannah-bbb.org each suggest the availability of a certain
kind of content other than sexually-explicit images.
To the extent that reregistrations by new registrants are thought to be problematic, the concern likely results
from at least three factors. First, as a result of such reregistration, the initial registrant loses the use of
the domain name at issue; the loss of the domain presents a setback to the initial registrant's prior efforts to build
a business, identity, or brand around the domain name. Second, should the subsequent registrant use the
domain to provide content that the initial registrant's customers or associates consider offensive, illegal, or
otherwise undesirable, the initial registrant risks some tarnishment of his reputation from the undesirable
content offered at his prior domain. Third, there may be privacy implications, as when sensitive materials are
sent to email addresses at domains operated by a new registrant.
It is important to note that the second cause for concern results not only from users typing in outdated web
addresses from memory (or from fixed sources such as business cards, letterhead, or advertisements).
Instead, current testing reflects that search engines and other pages may continue to offer outdated links
and descriptions -- references that fail to properly represent the latest content available at a given web
address.
While these problems are difficult to resolve within the framework of domains registered for use for some
number of years -- rather than "owned" as real property may be owned -- several policies may help to
mitigate the problem.
Increased consumer education would help users of the Internet understand the possibility that
unexpected content may result when domains transition between registrants.
Education of domain registrants would help consumers of domain registration services better
understand the importance of promptly paying renewal fees. Such education might take place at the
time of domain registration and renewal, as well as via FAQs posted on registrar web sites. To the
extent that registrants fail to renew domains names due to difficulty differentiating between legitimate
invoices from a registrant's actual registrar versus solicitations from those soliciting new business, the
registration process would benefit from reduction in the rate of such solicitations as well as from
improvements to the labeling of such solicitations.
The structure of the domain name system could be put to use in reminding registrants of the need to
renew …
In addition to the public registrant contact information made available via WHOIS, registrars could offer
registrants the opportunity to provide a "secret" "emergency-use-only" email address to be used only
for final notification just before final deactivation of a domain after failure to renew on time. By setting
this address to some (tentatively) "permanent" address -- perhaps an address of a more knowledgeable
or experienced colleague or friend -- a registrant could add an additional check before domain
expiration. Since this address would not be included in public WHOIS records, registrants would have
no incentive to provide an invalid address.
Background information about this topic is available from articles such as the following:
Invasion of the "Porn Nappers" . Business Week. March 7, 2002.
http://www.businessweek.com/bwdaily/dnflash/mar2002/nf2002037_2837.htm?c=bwtechmar08&n=link3&t=email
Porn Sites Hijack Expired Domain Names. PC World. March 8, 2002.
http://www.pcworld.com/news/article/0,aid,87824,00.asp
WARNING to Christian Website Owners: Do not let your domain name expire or it is likely to be taken over by a porn dealer!
http://gnwda.org/alert.htm
Excerpted from:
SPECIAL REPORT: Have you protected your domain from cybersquatters?
http://www.betterwhois.com/cybersquatters.htm
Can this really happen? Is this legal?
Yes, it can and does happen everyday. Is it legal? Depending on the
situation, site owners may have legal recourse (e.g. trademark infringement lawsuits or arbitration). However, even when a
cybersquatter is breaking the law, it can be time-consuming and expensive for a site owner to win a legal judgment, especially if the
cybersquatter is located in a different country. In some circumstances, it is possible to reclaim names through domain arbitration, however this
can cost thousands and can take many months. Full blown domain related law suits can take years and cost tens of thousands of dollars.
The easiest (and cheapest) way to prevent most cybersquatting is to register a few basic variations of
your company name before the damage is done.
Which names should I register?
1. COM/NET/BIZ: Hopefully, you have already registered the .COM version of your company name. To be safe, register the .NET and .BIZ
variations. Some companies also register the .ORG and .INFO variations for additional safety.
2. Hyphenation: If your company name has more than one word in it,
register it both with and without a dash. (e.g. usair.com and us-air.com)
3. Singular/Plural: If your name lends itself to it, register its singular
and plural versions. (e.g. fordtruck.com and fordtrucks.com)
4. Common Misspellings: If your name can be easily misspelled, register common misspellings (e.g. volkswagon.com and
volkswagen.com)
5. And finally, the juvenile sounding but damaging 'sucks' variation: Many experienced internet users routinely type in the 'sucks'
variation of a company name on their browser to find complaints about a company. Most savvy companies now make it standard procedure to
register this name before a vindictive person does. (e.g. verizonsucks.com)