We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

Domain name hijacking


Neil
29-10-2012, 11:35
Yeah they not mentioned about it since, two factor is a good idea, certainly you can use the IP Address tool we offer for now

Myatu
26-10-2012, 18:54
They seem to have gotten it back today. I'm wondering if it was just a case of a weak password on their end.

I really like Google's implementation of two-way authentication actually; I haven't head of incidents like Diigo's happen at OVH, but with domains (and servers) being such valuable assets, it wouldn't be a bad idea if you could do the same with two-way authentication.

Neil
26-10-2012, 11:53
Hi

Very hard to say without full details, I have been reading here http://www.diigo.net/about/domain and they do not really say what happened.

It looks like someone gained access (via Telephone) and then tried to transfer the domain name out, but changed the DNS Servers beforehand? Since DNS Servers are locked during transfer this may of been where the issue came from.

Sounds like a 'Social Engineering' case, but at OVH the transfer can only be done via the Manager and not via Telephone, So if you want to be sure, strong password and even IP Address restriction

Myatu
26-10-2012, 02:05
I know OVH has DNSSEC in place, but are there any other safeguards in place to prevent this from happening?