Lately there has been several incidents internationally where registrar systems have been abused in order to change DNS information for domains.
For all the incidents it looks like a registrar's or reseller's login information has been picked up and abused. This is a type of attack that could also be used against Norid's registry system.
It can be difficult to protect yourselves against this kind of attack, but we recommend that you are extra cautious when it comes to opening attachments and clicking on links. It is also important to guard your passwords, and change passwords regularly.
We also recommend that you have updated web browsers, java. PDF readers and OS.
Please note that the registrar is responsible to make sure passwords are not compromised.
If you discover or suspect that changes have been made by intruders, we recommend that you:
- reverse any changes as soon as possible
- contact Norid (info@norid.no) with as much information as possible
- change your password, both for Norid's systems and your own
Norid cannot help with internal investigations, but we will hand over necessary logs and history to the police if a report has been filed. As a registrar you may also get history for domains that your are registrar for, in the period you have been the registrar.
Shortly we will also launch a new solution for IP filtration for the EPP service. We recommend that all registrars check that correct IP-addresses have been registered on the registrar web. You can find registered IP-addresses under the tab 'Registry Access'. Please also remember to add the addresses for your own EPP systems.