General, Privacy, Technology, Web Security

How To Protect Your Domains From Being Hijacked

December 13, 2017

Introduction

Everyone knows that hackers masterfully exploit web application vulnerabilities in websites. As the technological world is constantly evolving, an attack vector known as hijacking domains is increasingly proliferating.

Targeted attacks against domain name accounts and hijacking DNS records are tremendously perilous to individuals and enterprises since these attacks result in redirecting site visitors to a deceptive, malicious site. Domain hijacking does not merely have a significant impact on the website visitor’s trust but also diminishes an enterprise’s reputation.

In this article, I will provide strategies for avoiding domain hijacking attacks and offer insight on how to increase the overall security of a domain. The tips presented below are not merely useful for companies, but also individuals who are interested in protecting their domains from being hijacked by hackers.


This article goes through the following in detail:

  • Choose A Secure, Reputable, Hardened Domain Registrar
  • Enabling Registrar/Domain Locking
  • Use A Secure Email As The Domain Admin Email Address
  • Use Two-Factor Authentication (2FA) For Accessing Domain & DNS Management Portals
  • Avoid Man-in-the-Middle (MITM) Attacks
  • Applying Registry Locking
  • Enable Private Whois Service
  • Prevent Accidental Domain Loss
  • Utilize IP Address Access Restrictions
  • Constant Monitoring Of Your Domains

Choose A Secure, Reputable, Hardened Domain Registrar

A security-conscious registrar will not solely be equipped with the experience and knowledge of all possible attack vectors deployed by hackers, but also grasp on a deeper level how to overcome and defend from them.

Ensure that the registrar you choose to register and maintain your domains with is well established in the industry. Holding strong relationships with security companies, other registrars, and application developers will retain the registrar’s awareness of new potential threats arising. These sorts of connections will enable the registrar to remedy any security issues swiftly.

Choosing a registrar that provides expert insight into information security and domain security is vital in protecting the customer’s domains from potential hijacking attempts.

Your registrar ought to be always be checking the security of their systems, notably their application security. Frequent penetration testing and scrutinization of security practices assist in determining whether the website and front-facing applications are vulnerable to many threats from outsiders, notably code injections. For instance, if a site is vulnerable to SQL Injection attacks, the risk of compromise is significantly high as hackers may obtain unauthorized access to customer and admin accounts to update DNS nameservers. Furthermore, your registrar should possess a strong track record of applying patches on time and grasping the importance of being vigilant of new security vulnerabilities.

A hardened and experienced registrar also understands how complex social engineering tactics are utilized by hackers. Thus, the registrar you pick must assess how feeble their human element of culture is on an ongoing basis. Application security alone is not enough to prevent hackers from using social engineering to gain unauthorized access to a client’s domain management account.

Enabling Registrar/Domain Locking

 

There is a prominent domain locking technique, typically referred to as a ‘registrar lock’ that fundamentally suspends every domain configuration until the domain registrar unlocks them consequent to the fulfillment of client-registrar particularized security etiquettes.

Registrar locking is always provided for free by all ICANN-accredited registrars and is typically enabled by default for all domains. The Registrar lock prevents your domains from being transferred to another registrar without your consent.

Enterprises possess the level of intricacy connected with their distinguishing protocol. Thus, such domains would merely be updated through the management portal once security protocols are correctly achieved.

What Registrar Locking Looks Like:

Status: clientTransferProhibited

Status: clientUpdateProhibited

Status: clientDeleteProhibited


Benefits of Registrar Locking

Registrar Lock makes it more difficult for the hacker since they would require access to your registrar account and not merely your Auth Codes.

If you purely rely on Auth Codes, the adversary could compromise your email account, compromise your registrar, or wait for you to get on an insecure connection so they can spy on you. Therefore, registrar lock is absolutely essential.

Weaknesses Of Registrar Locking

Registrar locking may still be exploited by an adversary via applying updates to the nameservers. This malicious action results in redirecting clients to spurious websites without actually transferring control of the victim’s domain from one registrar to another. Hence, this could lead to the website appearing to be defaced and gives the wrong impression that the site’s web application security has been compromised.

Use A Secure Email As The Domain Admin Email Address

Refrain from using an email provider that you are uncertain whether they will be in the business for the long-term. If you lose access to your email address, you will lose your domain. The domain admin email address is needed to obtain Auth Codes for domain transfers to another registrar. If an attacker successfully compromises your email address, they’ll have a much higher chance to steal your domain. It is extremely important to use a secure email address when registering your domain. For instance, you could use Gmail along with the Advanced Protection program as the domain admin email address. UF2 authentication will provider an additional layer of protection against unauthorized account access into your Gmail and prevents phishing attacks completely.

When you use UF2, 2FA is automatically disabled. 2FA is ineffective in protecting when an adversary manages to hack your phone, whereas the adversary would need to obtain access to your physical keys with UF2. UF2 is recommended. If you do decide to use Google’s Advanced Protection program, you will need to sacrifice convenience and will require buying two physical keys before activating the program. But this all increases the overall security of your email account and also your domain too.

Use Two-Factor Authentication (2FA) For Accessing Domain & DNS Management Portals.

If you can’t deploy UF2 then utilize 2FA instead which is widely available for implementation. Many domain hijacks can be thwarted by applying two-factor authentication. 2FA assists in protecting your account from malicious actors who are attempting to gain unauthorized access to it.

2FA compels the customer to enter a one-time security code along with their username and password. Hence, accounts are protected if the login credentials are ever compromised.

Avoid Man-in-the-Middle (MITM) Attacks

You may make it difficult for adversaries to spy on your network traffic by deploying encryption supplied by HTTPS and VPNs.

If you ever see that your web browser is unable to identify the certificate’s authority transmitted from a server, it will show a message illustrating that the server’s certificate is not trusted. This indicates that a Man-in-the-Middle attack may be in progress. Refrain from proceeding with the HTTPS sessions since a MITM attacker may be present and attempting to trick you into entering important login credentials. You should only proceed if you are 100% certain that the server in question may be trusted.

If you are ever in a public setting, refrain from using any public WiFi networks to reduce the chances of a Man-in-the-Middle attack. An alternative solution would be to setup your own personal mobile hotspot using your cellphone’s internet connection. This way, your laptop will obtain internet access through your cellphone which is considered safer.

Applying Registry Locking

The solution to the issue above pertains to using a ‘registry lock’ which means that your domain will be locked at the registry level, preventing any unauthorized updates to it:

  • Prevents updates to the domain.
  • Prevents transfer of the domain to a new owner.
  • Prevents the domain from being transferred to another registrar.
  • Prevents deregistration/deleting of the domain when requested by the owner.

If a hacker possesses access to the domain admin email account and has the target’s 2-factor authentication codes, registry lock hinders that malicious individual from hijacking the domain.

Registry Lock is excellent for large enterprises, high traffic websites, and high-value domains.

Keep in mind that the registry lock is typically an enterprise offering and will likely not be provided by consumer-focused registrars.

Every enterprise-grade registrar that emphasizes domain security offers this feature, such as MarkMonitor, Corporate Service Company, and Cloudflare.

Registry Lock is currently available only for .com, .net, and a couple of other top-level domains and ccTLDs.

What Registry Locking Looks Like:

Status: serverDeleteProhibited

Status: serverTransferProhibited

Status: serverUpdateProhibited


Enable Private Whois Service

By enabling a private whois service, you may keep your private information private. If you do not use a private whois service, your information will be made available publicly to anyone who conducts a WHOIS check on your domain. Information that is made available in the WHOIS directory such as your domain’s admin email address will be exposed if a private whois service is not enabled. This could potentially enable an attacker to attempt to hack into your email account whether by phishing or social engineering. The attacker could also attempt to impersonate you with the names listed in the WHOIS directory or target a specific employee in an enterprise based on the names listed.

Prevent Accidental Domain Loss

If you are purchasing a domain, it’s likely a good idea to buy it for many numbers of years at once. Even though there is a relatively short grace period where you can renew the domain without any penalty, don’t put yourself in the avoidable situation where the registrar will place your domain for sale again.

There are automated tools that are always designed to monitor the Whois database once a domain is made available. Hence, preventing accidental domain loss is crucial regarding domain security.

Utilize IP Address Access Restrictions

Using IP Address Restrictions will limit account access to particular IP addresses only which are determined by you. Thus, any unauthorized logins are stopped, and compromised login information will have no impact.

Constant Monitoring Of Your Domains

Whether you decide to pick a registrar that is enterprise-focused or consumer-focused, it’s imperative to continuously monitor your domains for any signs of unauthorized DNS updates and cache poisoning.

It’s also essential to monitor your websites and front-facing web applications for any unauthorized attempts of uploading or modification to the site’s content. Hence, examining the server logs will assist in determining the current level of malicious activities being carried out by adversaries.

You Might Also Like

Back to top
%d bloggers like this: