RTM
Domain Hijacked by
Hong Kong Company
by Courtney Caldwell
The
first question everyone asks is "How can they do that?" We were
taken by surprise too, not from a second hand story of some poor company's
misfortune, but rather through first hand experience. This happened to
us, ROAD & TRAVEL Magazine, in the flash of an eye. If the following
information can help prevent this from happening to you or your company,
then we gladly share it.
On Friday,
August 9, I returned to my Michigan headquarters after a weeklong business
trip to L.A. Coincidently, that was the same week that our ROAD &
TRAVEL Magazine website address (URL) registration expired. However,
the company with whom the domain name was registered failed to notify
us that it was about to expire. We are still trying to find out why
this happened but so far to no avail.
Like most
companies today who have multiple online accounts for technology-related
services, we rely heavily on these IT partners to send reminder notices
via email that accounts are due for renewal. For the most part the majority
are excellent at fulfilling this responsibility, however, this leaves
business owners with a false sense of security, as was the case with
our domain. We put too much faith in the system and we paid the price.
As it turns
out RTM's domain registration expired on August 7 while I was out of
town. The Hong Kong company picked it up on August 8 and by Monday August
12, all traffic to our website and all emails stopped. Essentially,
we were out of business, albeit temporarily. By August 15, the perpetrator
launched a link farm website with our address sucking up all RTM traffic
and links. Hence, the week from hell began.
We've done
a great deal of research about this phenomenon and have learned that
this Hong Kong hijacker has done a lot of URL stealing from companies
around the world. And, they don't just pick on the little guys. Some
of the law suits against them have come from such powerhouses as Price
Waterhouse Coopers, Edmunds.com, and the Poetry Society, to name a few.
The problem,
called site squatting, has become so pervasive that Congress passed
a bill last year to make it illegal -- but there are international companies
that still do it. You can fight them, and according to the World Intellectual
Property Organization (WIPO), you have a good chance of winning. But
it will cost you time and money.
What
do they do with stolen URLs?
The primary goal of domain hijackers is to steal your traffic and link
popularity. They then use your URL on a new site, link farm or porn
site to take advantage of the traffic and links. The sooner you can
disable your PPC search engines, the better, since PPCs will continue
to charge you for traffic that goes to the perp's new site.
Steps
you can take to report them
The first step is to report them to www.domainregistrate.com,
www.icann.org - the
governing body of the Internet, and to the World Intellectual Property
Organization (WIPO). The cost to pursue them with WIPO starts at $1500,
which can quickly escalate depending on the size of the fight. Then
there are your own lawyer fees. If you're an American company, you're
looking at an international lawsuit. In the meantime, your site is down
and business is lost, not to mention all the personal time invested.
Some of the companies with whom we spoke said it took about two months
from beginning to end to get their domain back, but at what cost?
In our
case, the cost to fight them outweighed the cost to register the new
URL and make all the changes necessary to have RTM up and running again.
While we are consistently growing every month having recently surpassed
100,000 unique visitors, we're not so big yet that we can't handle this
challenge in-house. If anything, it will likely make us bigger, better,
faster, stronger. Anger is a great motivator.
One of
the most satisfying things to emerge from this challenge has been the
support of our web hosting company, Radiant Communications, who has
rallied to the challenge with swift and immediate action. So, have our
many search engine partners such as Google, Yahoo, Overture, Inktomi
and Looksmart. They, too, despise companies that rape and pillage website
domains so they are eager to be supportive and cooperative in helping
you fight back and win. It has been their team support that has gotten
us through one very tough week.
Do It
Yourself: Steps to get back online quickly!
Should you decide not to take legal action, but instead just replace
the URL, you must first register a new domain and notify your hosting
company immediately of what has happened so they can help you through
the process. The next thing you must do is contact all the search engines
your site is registered with to cancel your old URL to prevent the hijackers
from having access to your traffic. Once your new domain is live, you
must then give that to all the search engines. Contact those directories
or search engines with which you have pay-per-click accounts immediately.
Have them suspend your account as soon as this happens to prevent paying
for clicks that go the thief's new website.
Some search
engines index sites daily or every 48 hours. Others take 4-6 weeks.
You must be patient while this process happens. There's just no way
to speed it up so expect your traffic to resume its last count within
a month or two.
The most
daunting challenge is contacting all the companies that link to your
site. In our case it is several thousand link partners. Each one must
be contacted to ensure they change their link to you immediately. Otherwise,
every time someone goes on their site and clicks on your old link, they'll
get the link farm or perhaps even a porn site. It's bad for both you
and your link partner. One way to make this less daunting is to keep
a file on all incoming link partners' names and emails in the event
you ever have to contact them all at once for any reason.
Prevention
is the best defense
The best thing you can do to prevent this from happening to you is to
keep a registration and renewal file on your computer that defines all
your IT partners with your sign up date, renewal dates, contact name,
email and phone number, and the last 4 digits of the credit card you
used. Either you or your bookkeeper should then check it monthly as
part of your standard accounting procedures.
This was
a hard lesson but I hope by sharing this story it will help prevent
it from happening to others. Like many, we had never heard of this until
it happened to us. We were quite surprised to see how prevalent it was
once we started researching it.
In fact,
so pervasive is the problem by this Hong Kong company that an Asian
office has been set up to handle the overflow of international complaints
and problems.
Asian Domain Name Dispute Resolution Centre (Hong Kong Office)
Attention: Domain Name Case Administrator
38/F Two Exchange Square
8 Connaught Place Central
Hong Kong
Tel : (852) 2525 2381
Fax : (852) 2199 5999
Email : hkiac@adndrc.org
This kind
of thievery hurts all of us whether you're a small or big company. It
takes time away from not only your staff to get everything reinstated,
which increases costs to your company, but it also takes time away from
all your partners who have to make changes as well. While most are very
compassionate and sympathetic to your plight, it's still disruptive
leaving you feeling bad on top of everything else.
So be aware,
be prepared, and consider yourself warned. Pass this story onto your
colleagues. No doubt you'll hear what we've heard, "I've never
heard of such a thing!" Now you have.
For more
information on site hijacking, go to:
http://news.zdnet.co.uk/story/0,,t269-s2101752,00.html
To contact
author: http://www.roadandtravel.com/company/companylanding/contact-us.htm
News
& Views
| RTM
Main Page
|