How does a website get stolen?

rh1

rh1

Honorary Master
Joined
Aug 5, 2011
Messages
17,119
Reaction score
19,741
Location
Somewhere close to you
Question is more out of curiousity.

There is a thread on an It hardware supplier:

IT Workup

Red flag guys. I ordered 2 x SSD's from them (Order 63668). After weeks and weeks waiting only 1 arrives. Very well wrapped. But only one. So I contact the Timothy the owner by email day after day but he's just ducking and diving. This looks like a back room business. Avoid! We understand your...
mybroadband.co.za mybroadband.co.za

In the thread, it was noted that site is down, I tried the site and it redirected to another website, with a notice that the original site was stolen:
Screenshot_20250305_165328_Chrome.jpg
 
airborne said:
Often owners let the domain registration lapse and then someone snaps it up and holds it "ransom".
Or somehow the domain management login details are leaked and someone hijacks the website
Click to expand...
The bit in bold I can accept, but there is no way the domain lapsing can be the reason. You get notified multiple times leading up to the renewal period for your domain. I normally inform my host a few months in advance that I plan to renew the domain. And they send multiple reminders of this. There is no way an actively managed site like on online store, can fall victim to this.

Even if the domain were to lapse, that would immediately co incide with your site going offline. So you would then have to realise something is up, and contact your host. The domains aren’t immediately sold on, there is a cool down period I believe. So you would be able to repurchase the domain then.

There would have to be a dozen slip ups with no one paying attention for something like that to happen.
 
Zellephant said:
The bit in bold I can accept, but there is no way the domain lapsing can be the reason. You get notified multiple times leading up to the renewal period for your domain. I normally inform my host a few months in advance that I plan to renew the domain. And they send multiple reminders of this. There is no way an actively managed site like on online store, can fall victim to this.

Even if the domain were to lapse, that would immediately co incide with your site going offline. So you would then have to realise something is up, and contact your host. The domains aren’t immediately sold on, there is a cool down period I believe. So you would be able to repurchase the domain then.

There would have to be a dozen slip ups with no one paying attention for something like that to happen.
Click to expand...

If you continue to ignore or delay acting on those notifications, it can easily happen..
 
rh1 said:
Thanks, and for website sales, can your data or money be stolen?
Click to expand...
That would be behind (hopefully) different usernames/passwords and URL's.. stealing the domain alone is not enough to get access to the website data..
 
  • Like
Reactions: rh1
Zellephant said:
The bit in bold I can accept, but there is no way the domain lapsing can be the reason. You get notified multiple times leading up to the renewal period for your domain. I normally inform my host a few months in advance that I plan to renew the domain. And they send multiple reminders of this. There is no way an actively managed site like on online store, can fall victim to this.

Even if the domain were to lapse, that would immediately co incide with your site going offline. So you would then have to realise something is up, and contact your host. The domains aren’t immediately sold on, there is a cool down period I believe. So you would be able to repurchase the domain then.

There would have to be a dozen slip ups with no one paying attention for something like that to happen.
Click to expand...
For example the the renewal goes to an employee that left, or they change mail settings.

WAslayer said:
That would be behind (hopefully) different usernames/passwords and URL's.. stealing the domain alone is not enough to get access to the website data..
Click to expand...
And then host a copy of the website and make it so it sends it to a proxy you control that logs everything since you own the domain, you can generate a certificate for it, so man in the middle.
 
Zellephant said:
The bit in bold I can accept, but there is no way the domain lapsing can be the reason.
Click to expand...

Can easily happen. Large corporates can have hundreds of domains names registered and it's easy for one to slip through the gaps.

It's harder nowdays to grab the domain immediately after expiry as registrars hold onto it for a while just in case.

I remember years ago Google, or was it MS that let one of their domains expire and someone bought it.
 
a nice example from a few years ago.

The website address google.co.za, which many South Africans use to access the Google search engine, was unavailable on Friday – apparently because the company failed to renew the domain


techcentral.co.za

Google.co.za is down and the domain is pending deletion

The website address google.co.za, which many South Africans use to access the Google search engine, was unavailable on Friday.
techcentral.co.za techcentral.co.za



gregmcc said:
Can easily happen. Large corporates can have hundreds of domains names registered and it's easy for one to slip through the gaps.

It's harder nowdays to grab the domain immediately after expiry as registrars hold onto it for a while just in case.

I remember years ago Google, or was it MS that let one of their domains expire and someone bought it.
Click to expand...
 
Renewals are always in increments of 1 year from registration, right?

Registered 29 August 2023
1st renewal would be 29 August 2024
Next would only be 29 August 2025

That only leaves actually stolen, rather than sniped during renewal. I'm equally as curious how it works, point the domain to a different server?
 
Progenix Oj101 said:
Renewals are always in increments of 1 year from registration, right?

Registered 29 August 2023
1st renewal would be 29 August 2024
Next would only be 29 August 2025

That only leaves actually stolen, rather than sniped during renewal. I'm equally as curious how it works, point the domain to a different server?
Click to expand...

Well yes, if you control DNS you can point to your own and server and copy the site as Jon above mentioned..
 
Maybe they didn't control the original domain directly themselves. Just speculating
 
DStvNothingOn said:
a nice example from a few years ago.

The website address google.co.za, which many South Africans use to access the Google search engine, was unavailable on Friday – apparently because the company failed to renew the domain


techcentral.co.za

Google.co.za is down and the domain is pending deletion

The website address google.co.za, which many South Africans use to access the Google search engine, was unavailable on Friday.
techcentral.co.za techcentral.co.za
Click to expand...
Wow okay. I can see how it could happen, but really wouldn’t have thought it would happeb to something as big and organised as google.
 
What is even more concerning is that the redirected domain name, fenway.co.za, is registered with 1API GmbH as the registrar. 99% of scam websites in SA use that particular registrar for domain registrations.
 
  • Like
Reactions: rh1
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X