More than 85% of Top 500 Most Highly-Trafficked Websites Vulnerable

Over the last 5 years, hacktivists have continued the practice of redirecting well-known domain names to politically motivated websites utilizing tactics such as SQL injection attacks and social engineering schemes to gain access to domain management accounts – and that, in and of itself, is not surprising.

But what IS surprising is the fact that less than 15% of the 500 most highly trafficked domains in the world are not utilizing Registry Locking. Granted, Registry Locking is only available across 356 of the top 500 most highly trafficked domains, as not all Registries offer this service.

Registry Locking provides an additional level of security which virtually renders domains impervious to hacktivists, disgruntled employees and erroneous updates. Registry Locked domains are only edit-able when a unique security protocol is completed between the Registry and the Registrar.

Back in 2010 when I first reviewed the security settings for the top 300 most highly trafficked domains, less than 10% had implemented Registry Locking. So by now, I would have expected that the percentage Registry Locked domains would have increased significantly, but alas it has not.

I am still uncertain as to why the owners of such highly trafficked domains have not taken advantage of this additional layer of security. And as I  stated back in 2010, I cannot imagine that the additional fees associated with employing this level of service are the deterrent.

I can only assume that the relatively low adoption rates are attributed to the fact that Registry Locking is still not widely available, and that most domain name owners are unaware of the existence of this service.


Editors Note:  Correction for accuracy made to paragraph 2 on 9/11/13 at 12:12 pm pacific time.