In this post you will
know how domain names are hacked and how they can be protected. The act of
hacking domain names is known as ‘Domain Hijacking’. Here’s what domain
hijacking is all about.
Domain hijacking is a
process by which Internet Domain Names are stolen from its legitimate owners. This
is also known as domain theft. Below you’ll see how the domain names operate
and how they get associated with a particular website.
The operation of
domain name is as follows
Any website let’s say
hiptv.com has two parts – 1.The domain name(hiptv.com) and the web hosting
server where the files of the website are actually hosted and stored. In reality,
the domain name and the web server are two different parts and they must be
integrated before a website can operate successfully. The integration of a
domain name with the web hosting server is done like this:
1. After registering
a new domain name, we get a control panel(cPanel) where we can have full
control of the domain.
2. From this domain
cPanel, we point our domain name to the web server where the website’s files
are actually hosted.
An example:
Michael registers a
new domain ‘xyz.com’ from ‘X domain Registration Company’. He also buys a
hosting plan from ‘Y hosting company’. He uploads all of his files (.HTML, .PHP,
CSS etc.) to his web server (at Y). From the domain control panel (of X) he
configures his domain name “xyz.com” to point to his web server (of Y). Now
whenever an Internet user types “xyz.com”, the domain name “xyz.com” is
resolved to the target web server and the website is displayed - This is how a
website actually works.
What happens when a
domain is hijacked?
Now let’s see what
happens when a domain name is hijacked. To hijack a domain name you just need
to get access to the domain cPanel and point the domain name to another web
server other than the legitimate one. So to hijack a domain you need not gain
access to the target web server.
For example, a hacker
gets access to the domain cPanel of “xyz.com”. The hacker re-configures the
domain name to point it to some other web server (Z). Now whenever an Internet
user tries to access “xyz.com” he is taken to the hacker’s website (Z) and not
to Michael’s original website (Y).
In this case the domain
name (xyz.com) is said to be hijacked.
How the domain names
are hijacked
To hijack a domain
name, it’s necessary to gain access to the domain control panel of the target
domain. To do this you need the following;
1. The domain
registrar name for the target domain.
2. The administrative
email address associated with the target domain.
All these information
can be gotten by accessing the WHOIS data of the target domain. To get access
the WHOIS data, go to whois.domaintools.com, enter the target domain name and
click on Lookup. Once the WHOIS data is loaded scroll down and you’ll see WHOIS
Record. Under this you’ll get the ‘Administrative contact email address’.
To get the domain
registrar name, search for something that looks like this under the WHOIS
Record. ‘Registration Service Provided By ABC Company’. Here ABC Company is the
domain registrar. In case if you don’t find this, then scroll up and you’ll see
ICANN Registrar under the “Registry Data”. In this case, the ICANN registrar is
the actual domain registrar.
The administrative
email address associated with the domain is the backdoor to hijack the domain
name. It is the key to unlock the domain control panel. So to take full control
of the domain, the hacker will hack the administrative email associated with it.
Once the hacker has
full control of this email account, he will visit the domain registrar’s
website and click on forgot password in the login page. There he will be asked
to enter either the domain name or the administrative email address to initiate
the password reset process. Once this is done all the details to reset the
password will be sent to the administrative email address. Since the hacker has
the access to this email account he can easily reset the password of domain
control panel. After resetting the password, he logs into the control panel
with the new password and from there he can hijack the domain within minutes.
How to protect the
domain name from being hijacked
The best way to
protect the domain name is to protect the administrative email account
associated with the domain. If you loose control of this email account, you
loose control of your domain.
Another best way to
protect your domain is to go for private domain registration. When you register
a domain name using the private registration option, all your personal details
such as your name, address, phone and administrative email address are hidden
from the public. So when a hacker performs a WHOIS lookup for you domain name,
he will not be able to find your name, phone and administrative email address.
So the private registration provides an extra security and protects your
privacy.
Private domain
registration costs a bit extra but is really worth for its advantages. Every
domain registrar provides an option to go for private registration, so when you
purchase a new domain make sure that you select the private registration
option.
From my experience the
best email service provider you should use is Google Mail. This is because
Google has double protection for its users accounts and it alerts you every
time someone tries to access your account from a foreign location. Also Google
lets you use your phone to get back access to your phone if it’s been hijacked.
