Domain Hijacking – How to Hijack a Domain
10/29/2012 09:08:00 pm
Unknown
In this post I will tell you about how the domain names are hacked and how they can be protected. The act of hacking domain names is commonly known as Domain Hijacking. For most of you, the term “domain hijacking” may seem to be like an alien. So let me first tell you what domain hijacking is all about.
Domain hijacking is a process by which Internet Domain Names are stolen from it’s legitimate owners. Domain
hijacking is also known as domain theft. Before we can proceed to know how to
hijack domain names, it is necessary to understand how the domain names operate
and how they get associated with a particular web server (website).
The operation of domain name is as follows
Any website say for example
gohacking.com consists of two parts. The domain name (gohacking.com) and
the web hosting server where the files of the website are actually
hosted. In reality, the domain name and the web hosting server
(web server) are two different parts and hence they must be integrated
before a website can operate successfully. The integration of domain name with
the web hosting server is done as follows.
1. After registering a new domain
name, we get a control panel where in we can have a full control of the
domain.
2. From this domain control panel,
we point our domain name to the web server where the website’s files are
actually hosted.
For a clear understanding let me
take up a small example.
John registers a new domain “abc.com”
from an X domain registration company. He also purchases a hosting plan
from Y hosting company. He uploads all of his files (.html, .php,
javascripts etc.) to his web server (at Y). From the domain control panel (of
X) he configures his domain name “abc.com” to point to his web server
(of Y). Now whenever an Internet user types “abc.com”, the domain name
“abc.com” is resolved to the target web server and the web page is displayed.
This is how a website actually works.
What happens when a domain is hijacked
Now let’s see what happens
when a domain name is hijacked. To hijack a domain name you just need to
get access to the domain control panel and point the domain name to some other
web server other than the original one. So to hijack a domain you need not gain
access to the target web server.
For example, a hacker gets access to
the domain control panel of “abc.com”. From here the hacker re-configures
the domain name to point it to some other web server (Z). Now
whenever an Internet user tries to access “abc.com” he is taken to the hacker’s
website (Z) and not to John’s original site (Y).
In this case the John’s domain name
(abc.com) is said to be hijacked.
How the domain names are hijacked
To hijack a domain
name, it’s necessary to gain access to the domain control panel of the
target domain. For this you need the following ingredients
1. The domain registrar name for
the target domain.
2. The administrative email
address associated with the target domain.
These information can
be obtained by accessing the WHOIS data
of the target domain. To get access the WHOIS data, goto whois.domaintools.com,
enter the target domain name and click on Lookup. Once the whois data is
loaded, scroll down and you’ll see Whois Record. Under this you’ll
get the “Administrative contact email address”.
To get the domain registrar name,
look for something like this under the Whois Record. “Registration Service Provided By:
XYZ Company”. Here XYZ Company is the domain registrar. In case if you don’t
find this, then scroll up and you’ll see ICANN Registrar under the
“Registry Data”. In this case, the ICANN registrar is the actual domain
registrar.
The administrative email address
associated with the domain is the backdoor to hijack the domain name. It
is the key to unlock the domain control panel. So to take full control of the
domain, the hacker will hack the administrative email associated with it. Email
hacking has been discussed in my previous post how to hack an email
account.
Once the hacker take full control of
this email account, he will visit the domain registrar’s website and
click on forgot password in the login page. There he will be
asked to enter either the domain name or the administrative email
address to initiate the password reset process. Once this is
done all the details to reset the password will be sent to the
administrative email address. Since the hacker has
the access to this email account he can easily reset the password
of domain control panel. After resetting the password, he logs into
the control panel with the new password and from there he can hijack
the domain within minutes.
How to protect the domain name from being hijacked
The best way to protect the domain
name is to protect the administrative email account associated with the
domain. If you loose this email account, you loose your domain. So refer my
previous post on how to protect your email account from being hacked. Another best way to protect your domain is to go for private domain registration. When you register a domain name using the private
registration option, all your personal details such as your name, address,
phone and administrative email address are hidden from the public. So when a
hacker performs a WHOIS lookup for you domain name, he will not be able to find
your name, phone and administrative email address. So the private registration
provides an extra security and protects your privacy. Private domain
registration costs a bit extra amount but is really worth for it’s
advantages. Every domain registrar provides an option to go for private
registration, so when you purchase a new domain make sure that you select the
private registration option.
0 Response to "Domain Hijacking – How to Hijack a Domain"
Post a Comment