What's new

.AULockdown Domain Security Initiative

chris

Top Contributor
AusRegistry have rolled out .AULockdown, an enhanced security service for registrars of .au domains.

Companies with valuable websites can now pay up to $1000 a year to opt-out of Australia's automated domain registry system, closing a hacker's doorway in the process.

AusRegistry, the company that operates the registry for all domain names in the .au space, has launched a new service called .AULockdown that allows domain owners to bar automated changes to their domain at registrar level.

The move comes after an attack on Ireland's equivalent to AusRegistry's system last year, which forced the .ie domains for Google and Yahoo to point to fraudulent sites. It is aimed at high-profile sites attractive to hackers.

http://www.theage.com.au/it-pro/sec...moves-to-lock-out-hackers-20130605-2npdh.html

For those interested in .AULockdown you can get more information from the AusRegistry website:

There has been a number of international incidents of unauthorised domain access occurring at Registries and Registrars of TLD’s other than .au recently. This has led to unauthorised changes to delegation details of some high profile Domain Names. Google.ie and yahoo.ie are such examples of high profile names that have been subject to unauthorised delegation detail changes resulting from unauthorised access.

The same threats are regularly levelled at Australia, and rather than be reactive we are taking the proactive step of guarding the key digital assets of .au Domain Name holders who are looking for complete peace of mind.

http://www.ausregistry.com.au/tools/aulockdown

http://www.ausregistry.com.au/help/aulockdown-frequently-asked-questions

It won't be for everyone, but personally I think it's a good initiative for those that want an extra layer of security - but interested in what others think.

Cheers,
Chris
 

findtim

Top Contributor
thanks for the info chris, peter go try to sell $1000 a YEAR guarentee to your small clients, Coopers it might be good for your clients but australia really runs on small business so now for my rant.

as usual i will take the hit ! why do we need to pay $1000?

whats a valuable domain? dubbodentist to the dubbodentist (DD) is a VALUEABLE domain just like telstra.

i can NOT go to my clients and say "hi mate, you need to pay another $1000 or else i wipe my hands of anything that goes wrong with your website/domain " because someone......... god knows who? thinks "DD" isn't valuable.

where is the LINE of "high profile sites" ? the hackers will just go down the chain to the sites they know won't pay $1000 PER YEAR.

i think its stupid, auda and .ie get hacked and then their solution is to charge domain owners $1000 PER YEAR to solve their problems?

why is petrol cheaper on tuesdays ???? this is bullsh^T to me. the average guy in the street that has a domain name, an SMB, needs the EQUAL protection as everyone else, DD doesn't want to build a website and print business cards and letterheads and do newspaper and radio/tv ads and find his site has gone missing, DD deserves the same rights as telstra.com.au and charging DD $1000 a year is just wrong.

whats next? madatory protection so thus every domain costs $1020 ?

rubbish rubbish rubbish, it is not the responsibilty of the domain owner it is the responsibilty of the auda.

IMAGINE if ASIC came out tomorrow and said that every business name holder had to pay a $1000 PER YEAR EXTRA otherwise there could be a risk of their business name taken away from them ! what would happen?

my client a plumber in ballina isn't going to pay 1000 bucks but to him he's invested thousands in promotional material.

will some nigerian-ish attack a plumber in ballina nsw ? most likely not but i know an equally small business in ballina that has been by some spanish dudes so i think its an auda issue to solve and not 1000 bucks a year per business issue.

tim
 

chris

Top Contributor
thanks for the info chris, peter go try to sell $1000 a YEAR guarentee to your small clients, Coopers it might be good for your clients but australia really runs on small business so now for my rant.

as usual i will take the hit ! why do we need to pay $1000?

whats a valuable domain? dubbodentist to the dubbodentist (DD) is a VALUEABLE domain just like telstra.

I've only read what I've posted, but Dubbo Dentist won't need it. It's aimed at high value services and targets. What is currently automated can now allow for customers to opt in for extra verification.


i can NOT go to my clients and say "hi mate, you need to pay another $1000 or else i wipe my hands of anything that goes wrong with your website/domain " because someone......... god knows who? thinks "DD" isn't valuable.

where is the LINE of "high profile sites" ? the hackers will just go down the chain to the sites they know won't pay $1000 PER YEAR.

i think its stupid, auda and .ie get hacked and then their solution is to charge domain owners $1000 PER YEAR to solve their problems?

why is petrol cheaper on tuesdays ???? this is bullsh^T to me. the average guy in the street that has a domain name, an SMB, needs the EQUAL protection as everyone else, DD doesn't want to build a website and print business cards and letterheads and do newspaper and radio/tv ads and find his site has gone missing, DD deserves the same rights as telstra.com.au and charging DD $1000 a year is just wrong.

whats next? madatory protection so thus every domain costs $1020 ?

I don't think anyone is suggesting Dubbo Dentist is going to need or care about this service.


rubbish rubbish rubbish, it is not the responsibilty of the domain owner it is the responsibilty of the auda.

IMAGINE if ASIC came out tomorrow and said that every business name holder had to pay a $1000 PER YEAR EXTRA otherwise there could be a risk of their business name taken away from them ! what would happen?

my client a plumber in ballina isn't going to pay 1000 bucks but to him he's invested thousands in promotional material.

will some nigerian-ish attack a plumber in ballina nsw ? most likely not but i know an equally small business in ballina that has been by some spanish dudes so i think its an auda issue to solve and not 1000 bucks a year per business issue.

tim

I hear what you're saying but it's $200-$1000 and if it actually does help reduce certain risks then it's money well spent in my opinion.

This will only protect against certain types of attacks and even though they might be unlikely, the severity if you're google.com.au, nab.com.au, ato.gov.au etc. would be devastating. I'm guessing they'll be using it.

Cheers,
Chris
 

enjoi

Top Contributor
Youre screwed if you cannot get in touch with your registrar at midnight to update your NS
 

chris

Top Contributor
Youre screwed if you cannot get in touch with your registrar at midnight to update your NS

Agree, I think it will be interesting to see how it's implemented and if anyone provides 24 hour service. I'm guessing some will?

Cheers,
Chris
 

findtim

Top Contributor
This will only protect against certain types of attacks and even though they might be unlikely, the severity if you're google.com.au, nab.com.au, ato.gov.au etc. would be devastating. I'm guessing they'll be using it.

isn't that like saying only the NAB gets spam ? but DD doesn't, some numbnut from god knows where takes control of your domain and holds you to ransom then its a BIG ISSUE.

as i said earlier this is should not be an "added extra" it should be a standard.

its logical, it NAB, westpac, TNT, etccccccccccc implement then the hackers will just go down the tree until they they get an apple... dubbodentist

we already get letteres from around the world to renew our domains for $145 a year, threats that the .com of you .com.au will be taken by some chinese company, i really don't have to detail the rest.

bottom line again: ring davidjones and say "i'm from asic and if you don't pay $1000 extra per year we can't guarantee your trading name won't be stolen" and see what happens.

tim
 

chris

Top Contributor
I know what you're saying, in an ideal world we wouldn't have to worry about it but these attacks do happen.

Not everyone will want or need human verification to make changes to domain records, this is for those that do.

as i said earlier this is should not be an "added extra" it should be a standard.

Manual verification for every domain change? It's not practical.

its logical, it NAB, westpac, TNT, etccccccccccc implement then the hackers will just go down the tree until they they get an apple... dubbodentist

Not really. There's not much value someone hijacking dubbodentist.com.au so it's unlikely they'll be a target of these type of attacks.

Cheers,
Chris
 

Community sponsors

Domain Parking Manager

AddMe Reputation Management

Digital Marketing Experts

Catch Expired Domains

Web Hosting

Members online

Forum statistics

Threads
11,098
Messages
92,044
Members
2,394
Latest member
Spacemo
Top