I almost wonder if this isn't some kind of bizarre marketing hoax, I'm sure many of us visited the site over the weekend and wondered who ?%$^ the fellah was anyway. ;)
Did the original poster ever explain why he thought the site was hi-jacked (again). From what I understand, the nameservers changed. Storm in a tea-cup really and certainly not a 24/7 issue in my mind. If it's costing someone thousands in lost revenue or a lot of heart-ache and tears the courts will (eventually) make the real owner a happier man. As far as I understand it, the admin has to make or authorise changes, so if a weak password was used and was guessed then that's "unfortunate", and no good reason for the chaps at tucows to work 24/7 sorting out a problem that the domain owner has inadvertently caused. If however they have given out a password or changed the admin email by mistake, then, that is an issue between the reseller and OpenSRS, and perhaps they need to monitor those requests more diligently. Personally I seriously doubt that is the case. Even so, once again that has got to be a one in a 1,000,000 situation and again no reason to set up 24/7 systems. So what can be done about resellers that want 24/7 action? An instant response charge would be fair with me. Someone demands that 24/7 service, they pay a per-event fee for it. Frankly if someone was to call me up and want action at 3 a.m. then it'd be a high charge (at least several hundred pounds) but seeing as the original action is theft I'm sure appropriate legal action would eventually pay for that and other damages. If it's an OpenSRS problem then they'd obviously be no fee. Good passwords should always be used but if we have a system whereby users can (and regrettably do) change their passwords to something easy to remember then they are open to being hacked/hijacked. It's their fault and I wouldn't like to see prices put up (or maintained at the same rate when they could drop) to cope with the very occasional demand for 24/7 action by an irate client. Can the manage system recognise multiple wrong password attempts? If so perhaps it should stop the domain being logged into or changed for "a while", or notify the administrator by email. To be honest I'm not sure if it is something I'd want, but it would stop (or at least delay) a break-in attempt. Also should the system email the "previous" admin address if that is changed. Or indeed on any changes are made to the admin details. I'd be interested in thoughts on that, but aside from that I think the issue has pretty much been done to death. Lastly, not very Christian all of this really is it? kind regards, Liam
