Websites that handle financial transactions should add Registry Lock to their domains.
Brian Krebs wrote this weekend about a recent attack on cryptocurrency services via the domain name registrar GoDaddy.
In at least two cases, it appears that attackers were able to either transfer a domain to another account and modify its nameservers or otherwise modify nameservers on the domain names.
Social engineering attacks on tech company employees are likely to become more common as people work from home. Registrars must remain vigilant.
Site owners also need to take precautions. Websites that handle financial transactions (including cryptocurrency transactions) should use Registry Lock.
Registry Lock is different from typical domain locking offered by registrars. Domain locking merely prevents a domain from being transferred unless someone logs in to the account and unlocks it.
Registry Lock is much more sophisticated. It’s a service offered by the domain name registries through the registrars. Most Registry Lock products prevent people from transferring a domain or changing its nameservers without going through a multi-step process that involves both the registrar and registry.
In the case of Verisign, which operates .com, a domain owner who wants to change their nameservers would first contact their registrar. This would trigger a process in which the registry manually verifies the request.
It’s not foolproof and could be overcome with social engineering. But it’s a good second layer of protection. And while the service is much more expensive than a domain name, it’s a minimal expense as part of a business’ security budget.
Not all registrars offer Registry Lock. GoDaddy does not currently offer the service.
Anyone have a list of registrars that offer this?
we use it with Gandi.net cause they offer it on many TLD’s
Some registrars who offer it probably don’t advertise it, as it’s a manual process.
I imagine it’s not a money maker…more of a service to customers
https://www.cloudflare.com/products/registrar/custom-domain-protection/
At NameSilo, we are currently working to integrate this product. We’ll announce on our social media once launched.
How much will you charge?
This feature is now live at NameSilo. The price is $12 per month.
To clarify, our Registry Lock feature currently extends to Verisign TLDs (.COM, .NET, .CC & .TV).
HEXONET.NET is offering it !
https://www.hexonet.net/products/registry-lock
Fabulous.com offers this; Executive Lock (E-Lock).
Yup — been happily utilizing Fab’s Executive Lock for many years. Have never had a domain stolen.
Mike and his colleagues are great.
We offer registry lock for any TLD (ccTLD or gTLD) that we are accredited for. The list on our side might not be 100% so just ask if there’s one you want https://www.blacknight.com/registry-lock/
Registry locks start at 300 USD at Realtime Register and go up from there depending on your threat/risk level (can be very expensive).
https://realtimeregister.com/blog/riskreact-on-domain-name-security-domain-locks/