Quoting Doctor PC - Brian O'Donnell <[EMAIL PROTECTED]>: > Does anybody know if any of these whois-archive sites would have logged a > change that was only in place for a few hours? Our domain was hijacked last > night, but, thankfully, I got it back before any real damage was done. But > now I am wondering if there is any proof that the deed was ever done. And > if so, how to go about proving it.
The term "hijacked" is used to mean alot of different things. If the domain in question was "doctorpc.ca", then OpenSRS may be able to tell you who logged in to your domain via the management system. Note that any hijacking would most likely involve a "critical" change in CIRA's eyes, and so would require confirmation via your admin contact's email address. In my experience, the largest number of "hijacking" incidents turn out to be security problems with email addresses. On Wed, Feb 19, 2003 at 02:02:48PM -0500, Mark Hutchings wrote: > > Not off hand, but I had one of our developers make a script that runs a whois > every 10 minutes on our domains and uses sendmail to send us an email whenever > anything changes. Might check into this as a security measure for you and > your clients. There's free ones out there too. I think there's on as an add- > on for webmin. This sounds a bit excessive to me. What if everbody were doing this? How much would the registr(ar|ie)s be spending on bandwidth? Wouldn't that translate into higher costs for all of us? What I'd like to see is for OpenSRS to provide registry-style locking on TLDs that don't currently support it. CIRA is pretty safe, with the critical change confirmation process, but with a "registrar-lock" that worked the same way as the registry lock does now (i.e. it gets changed only via the RWI or client code), resellers would be able to standardize the featureset of their product offering across multiple TLDs. Hrm. Almost sounds like marketing.... -- Paul Chvostek <[EMAIL PROTECTED]> Operations / Abuse / Whatever it.canada, hosting and development http://www.it.ca/
