Fog Creek Software
Discussion Board




Getting control of a domain back!

I've got a problem with some mickey-mouse outfit who registered my domain for me in 2000 and have since been providing web/email forwarding.

It all worked fine until recently when the company seem to have suffered some sort of internal problems and now their domain name servers are often down for days at a time. I've spoken to someone in the company (having tried all their numbers of many many occasions) who admitted that the atmosphere was so bad in the office that she'd spent part of that morning in tears.

I faxed through a letter instructing them to point my domain to some different domain name servers but they've simply ignored it. I cannot now get in contact with them.

The domain is registered to me but they are the administrative contact in the WHOIS listing and it seems I can do very little to get control.... or at least as far as I know...

I got the company details (from companies house online service) and have the home address of the company's sole director (and he only lives about 80 miles from me). As far as I see it I either use whatever standard procedure is available to get the administrative contact transferred away.... or, if I can't find a straightforward way to achieve this I'm going to go to his home and use a more physical approach.

Anyone know what the correct procedure is, if there is one?

Gwyn
Sunday, January 04, 2004

Is your name or email listed in *any* of the contact info (tech or billing)?

If so, then contact another domain registrar (register.com, godaddy.com, tucows, etc), explain the situation, and ask if they can help. Be sure to mention the name of your existing hosting company.

Philo

Philo
Sunday, January 04, 2004

>> The domain is registered to me but they are the administrative contact in the WHOIS listing

Philo's pretty much got it. I am looking at an admin screen at godaddy.com and what I see is that there are four official contact points defined for a domain: "registrant", "technical", "admin", and "billing info".

If you are named and have a valid email address on *any* of these fields for your domain's whois record,  you can initiate a transfer of the domain away from the current domain holder and onto your new domain registrar. The procedure generally followed by a current domain registrar is that they email each of the (up to four) points of contact to get permission for the move. If any of the points of contact agree to the transfer, you will succeed in transferring the domain away. This is the easiest option, and will only cost a domain transfer and first year's registration (usually $10 or less.)  And most important, the current holder of the registration does not have to cooperate.

If you are *not* named nor have an email address on the current whois record, then the current domain registrant has to cooperate with a transfer and initiate it to you. At worst, you will either have to initiate legal action or pay a hefty "ransom". 

The idea of confronting the turd in person sounds "interesting" but risky. I guess you do what you have to do.

The "official" recourse to taking a domain name is at:

http://www.icann.org/udrp/udrp.htm

Many times, domains in active use are allowed to lapse and a "domain squatter" company then takes over ownership. The purpose is ransom and theft, pure and simple. Although it can be argued that if someone doesn't care enough to keep a name registered, then they deserve whatever happens to  them...

Bored Bystander
Sunday, January 04, 2004

Since we're on the subject, the domain of a company I used to work for seems to have been hijacked over Xmas (was valid until 2006, so it's not a renewing issue.)

How does a hacker do this: Hack this company's e-mail server so as to be able to reply to the e-mail from the registrar's to confirm the change?

Frederic Faure
Sunday, January 04, 2004

From somebody who's had to do it:

You need to send a letter to the registrar on company letterhead (if you don't have letterhead, make some quick).  They may need some contact information to confirm it.

As to the hijacking game, that's pretty easy to pull off, because e-mail operates on the honor system.  The easiest method would be to use the method that I applied above.  They don't know if you actually own Widgets Inc. or not, you just need a legit looking letterhead.

The second method would be to register a domain through the registrar who currently holds the domain.  Learn the form of their communication.  Now transfer that new domain to the registrar where you want to have the hijacked domain registered.  Now initiate a transfer of the soon to be hijacked domain.  Wait about the same amount of time that it took your first confirmation mail to arrive, then send your return confirmation e-mail back for the hijack target, using a forged header.

This second method relys on the proper owner of the domain not being too fast in responding.  If they're on the stick they'll catch the e-mail right away and block the transfer.  I've been in the position of having to make that block before, when an outside agency was trying to strongarm a domain name away from a client.  Much depends on the speed of the response.

Clay Dowling
Sunday, January 04, 2004

Thanks for the responses guys. I've had a look at the whois and whilst I'm the 'organization' and the normail mail address is mine I am not one of the 4 email addresses.

I had thought about the subterfuge approach mentioned and I'll think about that.

In the meantime I'll probably hang round this guy's house until he arrives home and present him with another copy of my fax in person with the underlying mesage being that if he doesn't address the situation then some nastiness will be bestowed upon his person or his property. May not work but I'm hoping he'll decide not to take the risk!! I think given the time to think about it I'd probably avoid the anxiety were I in his position...

Gwyn
Sunday, January 04, 2004

Gwyn,

That approach has restraining order written all over it. My first outlined approach by no means involves subterfuge, and will keep the local constabulary from taking an interest.

Clay Dowling
Sunday, January 04, 2004

Restraining order? nah! Not in the UK. Things don't really work like that over here. You can get away with bloody murder! (actually that's a bit of an exaggeration if taken literally! - but certainly you can get away with a lot in terms of intimidation).

I'm more concerned in the ehics than the legality of these things. I'll post back to let you know how it worked out!

Gwyn
Sunday, January 04, 2004

DEFINITELY post back, with photos if you can manage it.
This is exciting.

Tony Chang
Sunday, January 04, 2004

If you're listed as the organization (ie owner) there should be no problem getting control of your domain without having to go to anybody's house. Who is the registrar?

James Ussher-Smith
Monday, January 05, 2004

Gwynn,

Albeit that you are in the UK, I would seriously avoid physical intimidation of your hapless ISP. By all means deliver a copy of your demands in person including, by preference, chapter and verse from their contract and giving the poor b*****d a short period to comply, but steer clear of the baseball bats.

If nothing gets done, go to the local court and seek implementation under small claims procedure. I don't know whether you're in England or Scotland, but North of the Border you simply go to the local Sheriff Court and ask for the paperwork (a pro forma summons). It is fairly self explanatory and doesn't need a solicitor to fill it in. The Clerk to the Court should help you anyway.

Simply explain that you have a contract with the ISP for services, that they've failed to satisfy their obligations under the contract and that, having served them a notice to comply (the fax and the personally 'delivered' letter), they have failed to do so. Be sure to attach copies of the fax and the letter.

State clearly that losses have incurred and continue to incur and exactly what needs to be done (i.e. their co-operation in transferring the domain name to a more reputable ISP) - and by when - to resolve the situation. Ask for a remedy of 'specific implement' (which I think is called 'specific performance' if you're in England). Get the order made against the company _and_ all its Directors jointly and severally.

Explain that, as you are subject to continuing losses, you need the Court urgently to order at least interim relief. Don't be surprised if the Sheriff (Magistrate) asks you to cross-indemnify the ISP against damages before ordering interim relief. This is fairly standard in contract disputes and the Court is only trying to be fair to the ISP should they decide to contest the case (which they won't because it's not worth the candle and they haven't suffered any damages and I doubt that the revenue from your contract is very great).

You should walk out with a shiny new court order which you can then deliver personally to the hapless Director who will then face the alternative of dragging some benighted admin from bed to perform the transfer under your steely gaze, or prosecution for contempt of court (which IIRC, is a common law crime and thus punishable by a maximum of an unlimited fine or life imprisonment).

If the ISP fails to comply, not only will the Courts start getting really ratty, but you can happily go off and find a reputable ISP in the confidence that you can then pursue the Directors for the costs incurred as damages (which is why you want their names on the specific implement, not just the company's).

I know that the sound of a well aimed baseball bat can be pleasant to the ear, but it is CRIMINAL. Anyway, true vindictiveness comes from the fact that all the costs of recovering debts fall to the debtor and, boy, is debt recovery expensive. Ahhhh, the sweet sound of the warrant sale, the ruined credit status, the DTI declaration of unfitness to hold company directorships, the foreclosure on the house ...

Revenge, after all, is a dish best eaten cold.

Have fun.

Bringer of Cautionary Tidings
Monday, January 05, 2004

I go with the last suggestion.  Personally serving a court order  is a lot safer than just turning up and thumping the bloke.  Either he'd call for the law or for some lads to return the favour.  Either way not good. 

Whereas if you're serving a court order you're on safe ground.
Whether you choose to bring a mate along (it always seems to be "Big Dave" for some reason) is another matter.  Might be safer.

A cynic writes
Monday, January 05, 2004

"The Clerk to the Court should help you anyway."

Wow! England is SO cool.

Here in the US if you go to the court and ask for a form, they point to a sign that says "The Clerk is not allowed to offer legal advise. If you do not know which form you need by number, you should consult with an attorney."

I've had to pay an attorney $150 each time I need to do something in court just so he tells me the name of the form to get and I then go get it and fill it out myself.

Tony Chang
Monday, January 05, 2004

*  Recent Topics

*  Fog Creek Home