Domain Hijacking

How to Hijack a Domain

[only for Educational Propose] In this post I will tell you about how the domain names are hacked and how they can be protected. The act of hacking domain names is commonly known as Domain Hi jacking. For most of you, the term domain hijacking may seem to be like an alien. So let me first tell you what domain hijacking is all about. Domain hijacking is a process by which Internet Domain Names are stolen from it s legitimate owners. Domain hijacking is also known as domain theft. Before we can proceed to know how to hijack domain names, it is necessary to understand how t he domain names operate and how they get associated with a particular web server (website). The operation of domain name is as follows Any website say for example gohacking.com consists of two parts. The domain name (gohacking.com) and the web hosting server where the files of the website are a ctually hosted. In reality, the domain name and the web hosting server (web serv er) are two different parts and hence they must be integrated before a website c an operate successfully. The integration of domain name with the web hosting ser ver is done as follows. 1. After registering a new domain name, we get a control panel where in we can h ave a full control of the domain. 2. From this domain control panel, we point our domain name to the web server wh ere the website s files are actually hosted. For a clear understanding let me take up a small example. John registers a new domain abc.com from an X domain registration company. He also purchases a hosting plan from Y hosting company. He uploads all of his files (. html, .php, javascripts etc.) to his web server (at Y). From the domain control panel (of X) he configures his domain name abc.com to point to his web server (of Y). Now whenever an Internet user types abc.com , the domain name abc.com is resolved to the target web server and the web page is displayed. This is how a website a ctually works. What happens when a domain is hijacked Now let s see what happens when a domain name is hijacked. To hijack a domain name you just need to get access to the domain control panel and point the domain na me to some other web server other than the original one. So to hijack a domain y ou need not gain access to the target web server. For example, a hacker gets access to the domain control panel of abc.com . From her e the hacker re-configures the domain name to point it to some other web server (Z). Now whenever an Internet user tries to access abc.com he is taken to the hack er s website (Z) and not to John s original site (Y). In this case the John s domain name (abc.com) is said to be hijacked. How the domain names are hijacked To hijack a domain name, it s necessary to gain access to the domain control panel of the target domain. For this you need the following ingredients 1. The domain registrar name for the target domain.

2. The administrative email address associated with the target domain. These information can be obtained by accessing the WHOIS data of the target doma in. To get access the WHOIS data, goto whois.domaintools.com, enter the target d omain name and click on Lookup. Once the whois data is loaded, scroll down and y ou ll see Whois Record. Under this you ll get the Administrative contact email addres s . To get the domain registrar name, look for something like this under the Whois R ecord. Registration Service Provided By: XYZ Company . Here XYZ Company is the doma in registrar. In case if you don t find this, then scroll up and you ll see ICANN Re gistrar under the Registry Data . In this case, the ICANN registrar is the actual d omain registrar. The administrative email address associated with the domain is the backdoor to h ijack the domain name. It is the key to unlock the domain control panel. So to t ake full control of the domain, the hacker will hack the administrative email as sociated with it. Email hacking has been discussed in my previous post how to ha ck an email account. Once the hacker take full control of this email account, he will visit the domai n registrar s website and click on forgot password in the login page. There he wil l be asked to enter either the domain name or the administrative email address t o initiate the password reset process. Once this is done all the details to rese t the password will be sent to the administrative email address. Since the hacke r has the access to this email account he can easily reset the password of domai n control panel. After resetting the password, he logs into the control panel wi th the new password and from there he can hijack the domain within minutes. How to protect the domain name from being hijacked The best way to protect the domain name is to protect the administrative email a ccount associated with the domain. If you loose this email account, you loose yo ur domain. So refer my previous post on how to protect your email account from b eing hacked. Another best way to protect your domain is to go for private domain registration. When you register a domain name using the private registration op tion, all your personal details such as your name, address, phone and administra tive email address are hidden from the public. So when a hacker performs a WHOIS lookup for you domain name, he will not be able to find your name, phone and ad ministrative email address. So the private registration provides an extra securi ty and protects your privacy. Private domain registration costs a bit extra amou nt but is really worth for it s advantages. Every domain registrar provides an opt ion to go for private registration, so when you purchase a new domain make sure that you select the private registration option.