Posted in:

Hosting company stole my website, and my domain name – what should I do?

If you own a domain name read on, there’s a good chance you or your friend might need this advice.

Here’s how the nightmare story goes.

My friend, let’s call her Nicole, calls me last night at 9 pm. The problem is, she doesn’t want to renew her domain or hosting for another year and pay $100. However, she wants to save her website because she paid some $800 for it, naturally, she wants to protect the investment. Now some of you are thinking, well that’s a piece of cake, just copy the files with an FTP program, or just download the tar.gz file with cPanel. The problem is, my friend Nicole isn’t tech savvy, she’s an artist. Now that wouldn’t be such a problem if the guy who developed her website, and pretends to be a “hosting company” isn’t looking to take advantage of her, her ignorance, and extort money out of her. He tells her, you can’t get the website unless you renew everything for a whole year.

So, I tell Nicole to ask for the username and the password, so we can save the website, and for the EPP code to transfer the domain. I managed to convince her that it would be smart to save the domain, and that I have several hosting accounts, and that she could host her website for free on one of my accounts. There’s only 1 more day left according to the WHOIS, so I am thinking, OK, there’s still enough time. She first told me that today was the last day. I also checked her website, and it was still functioning, it had a cart for ordering paintings, about me page, etc.

Hosting company turns into Darth Sidious
The web hosting company turns into Darth Sidious

Nicole calls hers… I still have trouble calling that extorter a hosting company, because that would be putting a dark shadow over the good guys. So from now own, I will call him, Sidious. The thing is, hosting companies are holding the entire Internet up and running. Those tabs you have opened up there in your browser, you couldn’t see any of that if there were no hosting companies. People in the hosting industry are some of the most hardworking people I know. They have to deal with 24-7 support, hackers, updates, upgrades, business, lawyers, blacklists, spams, etc… I am telling you, it’s a war zone out there. Trust me, you do not want to run a hosting company when 200 of your clients get hacked on Christmas morning, and you have a hangover.

So anyway, Nicole calls Sidious, and asks for what’s rightfully hers. And she doesn’t understand what she is asking (just repeating what I told her). To give her the username and password, and the domain name EPP code. What happens next? Sidious suspends her website, and tells her it’s too late, and that she should press CTRL + F5 to see the change. Adding again she needs to pay the $100 for another year if she wants her website. I confirm the website is now down.


The awful thing is, when I was a hosting provider, I had a similar experience with my new hosting clients. They wanted to jump boat, and Sidious guy was giving them a hard time. So Nicole asks me, WHAT NOW? You could hear the despair in her voice, thinking she was robbed, lost her website, her domain, gone. Thinking, a website was a bad idea. At this point, I am thinking, how can I cause damage to this guy. However, I know better than that. I want to teach as many people as possible that this can happen. Users should check with their hosting provider, and the domain registrar right from the start, an exit strategy.

Hosting company works hard to protect you
Hosting company works hard to protect you

In case a thing like this does happen, feel free to call the police, lawyers, threaten with legal actions and try to find a friend who understands the language and protect your rights. I wish I could say something down the lines of “if you can’t afford a lawyer one will be appointed to you”, but it won’t. You have to get someone from the hosting industry to protect you. There are ways of hurting a hosting company, but that’s far to powerful weapon that I can just blog about (I don’t mean any illegal activities). The thing is, I know there are more than few cases when a client is wrongfully accusing a hosting company, and I wouldn’t want them with this weapon in hands, again, the good hosting guys might get hurt.

Oh and another thing. Always check the WHOIS if you and your email address are there as your main point of contact, and ask your provider how and where you can unlock the domain and get the EPP code. It is alternatively called an auth code, a transfer key, a transfer secret, EPP authentication code, or EPP authorization code. EPP stands for Extensible Provisioning Protocol.

We made a website years ago where you can check whois for free, check where your website is hosted (nameservers), if you are blacklisted, and the exact date of domain name expiration – signup here. Where do you host your website and where do you register your domains, and have you tried leaving them?

Here are a few more pieces of advice that people on Hacker News commented.

1. Always register your domain name with a company other than your hosting provider. Don’t even allow the domain registrar to be owned by the same corporation.

2. Always maintain a complete, separate copy of the website’s content. Never allow the only copy of a Website to be in the hands of an ISP.

Written by Goran Duskic

I am the founder and CEO at WhoAPI. Entrepreneur for more than a decade in the hosting and domain industry. Sold my previous company. 500 Startups and StartLabs alumni. Author of a white paper "Domain Disclosure: Dirty Dozen" and eBook "26 Fundraising Questions for Startups".

98 posts