Subdomain Hijacking
- Categories:
- notes
My dormant subdomain was recently hijacked, redirecting it to a online gamble registration page. Subdomain hijacking or subdomain takeover refers to redirecting unused subdomains to the attacker’s chosen location.
So when opening my subdomain, for example blog.example.com, it shows content from the attacker, which is online gambling registration.
To address this, I must update my DNS settings. The original setting had my subdomain pointing to a broken Github Pages, so I needed to point it to a valid target.
Before:
CNAME: blog.example.com
Target: <github pages url>After:
CNAME: blog.example.com
Target: <other valid URL>DNS Mapping Tool
To prevent subdomain hijacking, in addition to checking the DNS from your registrar, you can use a tool called DNS Dumpster. DNS Dumpster is a free domain research tool that can discover hosts related to a domain. Finding visible hosts from the attacker’s perspective is an important part of the security assessment process.
Remember to monitor your subdomain targets or delete unused ones.
Recent Posts
How to Defend Against Brute-Force and DoS Attacks with Fail2ban, Nginx limit_req, and iptables
In this tutorial, I’ll explain how to protect your public-facing Linux server and Nginx web server from common threats, including brute-force and DoS attacks.
Is Getting AWS Solutions Architect Associate Certification Worth It?
If you are a full-time Software Engineer, there's no strong need to pursue this certification.
DevSecOps
My Notes about DevSecOps
AWS Secrets Manager
Explanation about AWS Secrets Manager with example code.
Envelope Encryption
Envelope encryption is the practice of encrypting plaintext data with a data key, and then encrypting the data key under another key.