Hey there,

I need some input and a strong viewpoint on this issue.

Our domain got hijacked and the website got duplicated.

To elaborate, the domain was linked to a technical email that we stupidly didn't set up forwarding for. So, we didn't check that email for a while.

We requested the domain registration through our hosting provider.

At the start of the holidays, a colleague spotted an unfamiliar banner on the site. Turns out, we couldn't access the hosting panel, emails, admin panel, and so on.

Seems like they hacked into the email, used it to access the hosting, copied the site, and moved it to another hosting. And to top it off, they transferred the domain to another registrar without my knowledge!

We're back in control of the mail and hosting now. There are records of operations to change the domain registrar in the email.

I've been emailing the registrar for four days, and no response yet. I called them and spoke to an operator who said the application was received, and I should wait 24 hours for a response. It's been a day, and still no answer.

The domain is registered in a physical person's name, so confirming ownership with scanned dоcuments shouldn't be an issue.

So, the real question is, has anyone been through a similar situation? What steps should I take in cases like these? I need your help!

The unauthorized duplication and transfer of your website, coupled with the hijacking of your domain, are clear indicators of a targeted and sophisticated attack. To address this issue comprehensively, I recommend the following steps from a cybersecurity perspective:

1. Incident Response: Begin by initiating a thorough incident response process. This involves identifying the extent of the breach, including the specific systems and data that were compromised. Conduct a comprehensive review of server logs, email records, and any other relevant sources to trace the hacker's activities and determine the initial point of entry.

2. Security Measures: Evaluate and enhance the security measures across all your digital assets, including your domain, email accounts, and hosting services. Implementing two-factor authentication, enforcing strong password policies, and conducting security audits can help fortify your defenses and prevent future unauthorized access.

3. Legal Action: Engage legal counsel to explore avenues for legal action against the perpetrator. Collect and preserve evidence of the breach, dоcument the impact on your business operations, and collaborate with law enforcement to pursue appropriate legal recourse. Additionally, review your existing contracts and agreements with your hosting provider and registrar to understand your rights and responsibilities in such situations.

4. Domain Recovery: As you mentioned that the domain is registered in a physical person's name, it's crucial to initiate the process of confirming ownership and reclaiming control. Prepare the necessary dоcumentation, such as identification proofs and ownership records, to validate your rights to the domain. Collaborate closely with your hosting provider and domain registrar to expedite this process.

5. Collaboration and Knowledge Sharing: Consider sharing your experience and insights with industry forums, cybersecurity communities, and relevant authorities. By contributing to a collective understanding of emerging threats and attack vectors, you not only raise awareness but also foster a culture of collaboration and information sharing within the cybersecurity ecosystem.

6. Future Preparedness: Use this incident as an opportunity to reinforce your organization's cybersecurity posture. Conduct a comprehensive review of your security policies, implement additional layers of defense, and provide training to your staff on identifying and responding to potential security breaches.

The domain hijacking incident necessitates a multifaceted approach that encompasses technical measures, legal considerations, and collaborative efforts within the cybersecurity community. By taking proactive steps to address the current breach and fortify your defenses against future threats, you can mitigate the impact of the incident and emerge with a stronger and more resilient security infrastructure.

Have you ensured timely payment for the domain? And what about the email domain - has it been taken care of as well?
If so, the first step is to report this to the police. It's crucial to prioritize these matters promptly to prevent any potential issues down the line.

Explore the wisdom of others, delve into online discussions, where valuable instances with detailed explanations can be found.
Numerous cases of domain retrieval were dоcumented.