Domain hijacking or theft, can be defined as a security breach in which the hacker steals the target organization’s domain name and transfers its ownership to himself. Once successful, the hacker gains access to the control panel from where he points the domain name to another web server. Thus, whenever a user visits the website, he gets redirected to the hacker’s website. In most instances, the attack is carried out by falsifying a domain transfer authorization code or by using phishing techniques.
Given below are a few common methods that the hackers use for domain hijacking:
This is one of the easiest ways to steal the login details of the target website’s admin account. The hacker may send a fake email, claiming be to be from a genuine source, to extract information. The email may also contain a link that redirects the user to a phishing website that looks similar to the original one. When the user logs in to the admin account, the credentials are recorded by the hacker.
Domain Registrar Vulnerabilities
The hacker may also look for unidentified vulnerabilities in the domain name registration system. For instance, in the absence of any restriction on the number of invalid login attempts, the hacker may initiate a brute force attack. Through this, he may employ the trial and error method to use multiple password combinations till the login is successful.
Web Server Vulnerabilities
Security flaws in the target organization’s web server can also be exploited to gain access to the website admin account credentials. In the absence of proper security measures, there are high chances that vulnerabilities in the hosting server provide a backdoor for the hacker to gain access to your website.
Tips To Prevent Domain Hijacking
- Use Two Factor Authentication: Many domain registrars provide an additional security layer to the users by allowing two factor authentication. With this, each time you log in to the admin account, you will have to enter your user name and password, along with a numeric code sent through a text message.
- Request DNSSEC From Your Domain Registrar: Domain Name System Security Extensions (DNSSEC) is a technology that can prevent a domain hijacking attack. It allows the website admin to monitor traffic and use digital signatures to verify the legitimacy of the DNS responses.
- Change Default Password: Make sure you change the default password of your admin account. If you retain the same login credentials provided by your registrar, your domain security may be at risk.
For more information about domain hijacking, contact Centex Technologies at (972) 375 – 9654.