Wednesday, August 10, 2011

Domain Hijacking - Black Hat Hacking



In this post, I will show you how domain names are hacked. Hacking of a domain name from it's original user is known as Domain name hijacking. Let me explain what is this.

Suppose i bought a domain name. Now i need a web host for hosting my website. 
Now how it works??


When we bought a domain name, we also get a control panel for full control on this domain name. From this control panel we point our domain to the web server where our files are actually host.
For ex- I have a domain name abc.com and i bought hosting at a server webhost.com. then for working of our website we need to setup our domain to point to our web hosting server webhost.com.

Now how domain hijacked??
For hijacking a domain name, you need to get access the domain name control panel and point out it to your website server from it's original server. In above example, suppose a person Y wants to hack the domain name abc.com. He will try to get access to the control panel of the domain name abc.com. After doing this he will change it to point ywebhosting.com where Y has hosted his website. Now we can see thaty the original website was on webhost.com but now it changes to ywebhosting.com. All visitors of abc.com will see a different website now.

How to get access to the domain control panel??
To hijack a domain name it is necessary to get access to the domain name control panel. For this we need 2 infornmations.
  1. Domain name registrar

  2. Administrative email associated with this domain

This is very easy to get these information about a domain name. Use WHOIS service for this. go to http://whois.domaintools.com/ enter the target URL and lookup. You will get the whois record of the domain name. NOw see the record and find the administrative email address and registrant service provider for this domain name. Now you have both informations about this domain name.
The administrative email address of this domain name is the key to hijack this domain name. Now hack this email account. For hacking email account go and read email account hacking of this website section.
after gaining access to this email id, search in mail for emails from the registrar emails. Surely there will be an email with user name and password. If not then go to the registrar website and click on forgot password link and reset the password of your choice. Now you can login to the control panel of the domain name. Change the settings of this domain name. 
Domain name is now hijacked ......

How to protect your domain name??
 
For protecting your domain name, protect your administrative email address. Protect your email account from being hacked.
Another best way is private domain name registration. In this type of registration, your private information such as administrative address will be hidden to public in whois records.So the private registration provides an extra security and protects your privacy.Private domain registration costs a bit extra amount but is really worth for it’s advantages. Every domain registrar provides an option to go for private registration, so when you purchase a new domain make sure that you select the private registration option 

0 comments:

Post a Comment