Domain hijacking is the act of changing the domain name registration without the original Registrant’s permission, or by abuse of privileges on domain hosting and registrar software systems. It is a form of theft that takes place online, where the thief/attacker takes access of a domain without the consent of the domain registrant. It is up to you and your domain/ hosting company to prevent your domain falling prey to these kinds of attacks because they happen due to security flaws.
Domains can be hijacked for malicious use, when attackers seek to take a website/domain down. If it is inaccessible then the domain owner might be losing money, their reputation as a safe website gets affected. The attackers might extract money form you to hand back the domain or they might use it for sensitive information from unknowing visitors which is called as phishing.
Some Attackers/Hackers might transfer the domain from its rightful owner to other name. For these kinds of cases, it is difficult to get back your domain. They might impersonate you to request the registrar to transfer the domain to another account. Legal help is necessary for cases like these.
What Happens When a Domain is Hijacked:
To hijack a domain, an Attacker/Hacker needs to gain access to the targeted domain’s control panel. For domain hijacking, they need the details like
- Domain registrar name
- Administrative email ID and Password associated with the targeted domain. A Hacker can use one of the most popular password cracking methods such as brute-force attack, which involves trying all combinations of numbers, letters and special character combinations until it guesses the password correctly
A straightforward lookup in the public WHOIS database of the target domain will give away the information related to administrator record to attacker including the admin email ID associated with the domain. In effect, anyone listing their information in the WHOIS database is giving out the back-door entry to hijacking their domain name.
To unlock the domains control panel to take over full access, the hacker must hack the admin email to get full access. Once they have this access, they will reset the control panel password, login in and hijack the domain.
Protect your Domains With These Countermeasures:
Domain privacy protection –
Protect your domain cPanel (Control Panel) – don’t allow your domain to suffer from hijacking because of your negligence toward security. Once the domain is registered, the registrar will grant you access to your domain’s cPanel. From the Control Panel, you can modify your domains settings such as which server it is pointed toward.
On registration, you will have to provide an email address for access to the panel. If anyone has the access to the administrative email account, they have get access to your domains control panel and all its settings. Hackers often get this information from the WHOIS registration records. Using domain privacy will block them from access to any information. Use WHOIS privacy to block your name from the WHOIS records, swapping your details for your domain registrars in the records.
Choosing a trusted domain provider –
Another security threat comes is the result of the security failings of your domain provider. If a hacker/attacker has access to the back end of your registrar, your domain might be at risk.
To protect yourself, choose an ICANN accredited domain registrar. ICANN is the body who coordinate IP addresses for domain names across the world, and they also issue new domain extensions. If there are any disputes over ownership, administering body ICANN is the best bet to recover a domain.
Enabling domain auto-renewal –
Not all domains are easily stolen, your domain registration could expire, and someone can register the domain in the meantime. This is an entirely legal practice, so you can’t take any actions against this kind of behavior. To avoid this to happen, enable auto-renewal for your domain or register the domain for longer durations. Most registrars keep it for ten years for example.
How To Recover A Stolen Domain Name:
- Contact your domain registrar, the people you purchased your domain name from initially. Contact the support team and explain the situation and provide them with relevant details such as the account name and mail ID used to purchase the domain, any recent correspondences, and complete any paperwork required
- If the registrar can’t help if the domain has already been transferred to another registrar, then seek legal help. Documentation is the key to proving your right to ownership, for example, copies of registration records or correspondence from registrars relating to the hijacked domain, keep track of any financial transactions associated with you or your organization with the hijacked domain and any marketing material or directory such as the Yellow pages associating the hijacked domain with your organization
- And the final option is to contact ICANN. ICANN has extensive documentation relating to domain dispute resolution
Reference:
https://www.fireshadows.com/2-ways-to-identify-prevent-subdomain-takeover-vulnerability/
https://www.namecheap.com/security/domain-phishing-security-attacks-guide/