Domain hijacking is a process by which Internet Domain Names
are stolen from it’s legitimate owners. Domain hijacking is also known
as domain theft. Before we can proceed to know how to hijack domain
names, it is necessary to understand how the domain names operate and
how they get associated with a particular web server (website).
The operation of domain name is as follows
Any website say for example gohacking.com consists of two parts. The domain name (gohacking.com) and the web hosting server
where the files of the website are actually hosted. In reality, the
domain name and the web hosting server (web server) are two different
parts and hence they must be integrated before a website can operate
successfully. The integration of domain name with the web hosting server
is done as follows.
1. After registering a new domain name, we get a control panel where in we can have a full control of the domain.
2. From this domain control panel, we point our domain name to the web server where the website’s files are actually hosted.
For a clear understanding let me take up a small example.
John registers a new domain “abc.com” from an X domain registration company. He also purchases a hosting plan from Y
hosting company. He uploads all of his files (.html, .php, javascripts
etc.) to his web server (at Y). From the domain control panel (of
X) he configures his domain name “abc.com” to point to his web server
(of Y). Now whenever an Internet user types “abc.com”, the domain name
“abc.com” is resolved to the target web server and the web page is
displayed. This is how a website actually works.
What happens when a domain is hijacked
Now
let’s see what happens when a domain name is hijacked. To hijack a
domain name you just need to get access to the domain control panel and
point the domain name to some other web server other than the original
one. So to hijack a domain you need not gain access to the target web
server.
For example, a hacker gets
access to the domain control panel of “abc.com”. From here the hacker
re-configures the domain name to point it to some other web server (Z).
Now whenever an Internet user tries to access “abc.com” he is taken to
the hacker’s website (Z) and not to John’s original site (Y).
In this case the John’s domain name (abc.com) is said to be hijacked.
How the domain names are hijacked
To
hijack a domain name, it’s necessary to gain access to the domain
control panel of the target domain. For this you need the following
ingredients
1. The domain registrar name for the target domain.
2. The administrative email address associated with the target domain.
These information can be obtained by accessing the WHOIS data of the target domain. To get access the WHOIS data, goto whois.domaintools.com, enter the target domain name and click on Lookup. Once the whois data is loaded, scroll down and you’ll see Whois Record. Under this you’ll get the “Administrative contact email address”.
To get the domain registrar name, look for something like this under the Whois Record.
“Registration Service Provided By: XYZ Company”. Here XYZ Company is
the domain registrar. In case if you don’t find this, then scroll up and
you’ll see ICANN Registrar under the “Registry Data”. In this case, the ICANN registrar is the actual domain registrar.
The administrative email address
associated with the domain is the backdoor to hijack the domain name.
It is the key to unlock the domain control panel. So to take full
control of the domain, the hacker will hack the administrative email
associated with it.
Once the hacker take full control of this email account, he will visit the domain registrar’s website and click on forgot password in the login page. There he will be asked to enter either the domain name or the administrative email address
to initiate the password reset process. Once this is done all the
details to reset the password will be sent to the administrative email
address. Since the hacker has the access to this email account he can
easily reset the password of domain control panel. After resetting the
password, he logs into the control panel with the new password and from
there he can hijack the domain within minutes.
How to protect the domain name from being hijacked
The
best way to protect the domain name is to protect the administrative
email account associated with the domain. If you loose this email
account, you loose your domain. Another best way to protect your domain is to go for private domain registration.
When you register a domain name using the private registration option,
all your personal details such as your name, address, phone and
administrative email address are hidden from the public. So when a
hacker performs a WHOIS lookup for you domain name, he will not be able
to find your name, phone and administrative email address. So the
private registration provides an extra security and protects your
privacy. Private domain registration costs a bit extra amount but is
really worth for it’s advantages. Every domain registrar provides an
option to go for private registration, so when you purchase a new domain
make sure that you select the private registration option.
Hi,
ReplyDeleteDomain hijacking is now common so you should always go with secured domain names means you should purchase ssl certificate for your website to make it secure.