If someone modifies the whois info on a domain names and makes a succesful transfer request (hijack attempt).. will the transfer fail if the domain is immediately locked? What I want to say is: is the lock domain feature a good security option?
yes, the locked domain is secured but if someone is able to modify your whois info would inevitably have your login details at your domain name registrar and would thus have the ability to unlock the domain. So the lock would probably not be much of a protection here. When a transfer is made, it would check if the domain is locked and also both parties, the one making the move and the one whose email address is listed in the domain name whois would be informed of the move attempt and can rebut it. However, if a person can modify the whois details can just do a Domain Name Push to himself and it would not matter if it is locked or not.
I understand what you say. I was saying what if the attempt was discovered and the hijacker has no more access to the account - but he already made the transfer request..is the lock a good option to stop the transfer?
Why did you ask this question?you are afraid that your domains will be stolen? If the domain has been transferred successfully,lock or unlock makes no sense.
Well, from what I understand, when someone makes the transfer, an email would be sent by the incoming registrar to account holder to confirm the transfer and if consent is provided the transfer process would begin. I believe you will need to do the lock before that consent is provided and before the outgoing registrar sent the email requesting consent. If it is done after that time, you will lose the domain. Those couple of hours would be vital timeframe to go about stopping the transfer. I noticed that when I transferred some domains from GoDaddy to Namecheap, everything moved and shifted within 2 hours.
Aren't you guys forgetting about something? Auth codes. Anyway, if the thief: 1. Successfully compromised your account. 2. Changed all details to yours. 3. Obtained the auth code. 4. Started the process with the gaining registrar. 5. Gave the auth code and verified the request with them. 6. Confirmed the request with the losing registrar. And: 7. The name was never locked by the current registrar that time. Then yes, the domain name will be hijacked. FYI, auth codes are now required for transferring .com and .net domain names to another registrar since Oct. 28.
I thought if the name was unlocked, the transfer proceeded by default after 5 days, but if the name was locked, authorisation was required to complete the transfer.
Authorization is required by the gaining registrar. But if the name is locked the whole time, it won't go through even if it was already confirmed with them. Nowadays .com domain registrar transfers require auth codes, just like those for .org, .info, and .biz at the very least. There is actually another way around that locking thing but I won't state it in this board...for very obvious reasons.