Free Business Listing

Subdomain Takeover

What is a subdomain takeover vulnerability?

The subdomain takeover vulnerability provides hacker a chance to replace your subdomain with a fake or duplicate domain name to jeopardize your integrity identity and divert a traffic at the hacker's end.

A hacker can use your unused space and replace with a fake web-page to steal Your traffic. A hacker finds your weak points to attack and this is also one of the areas that generally a management does not pay attention to protect.

How does a hacker misuse the vulnerability of your domain names that are connected with your primary domain names?

A domain name points to a DNS server by three different ways primary domain name, add-on domain name, parked domain name and a subdomain name.

The characteristics of each domain name are defined below:

Primary domain name: It is a root domain name. Primary domain name is a name of a website, same as your telephone number. A domain name connects to your DNS server. A DNS server recognizes a website with an I.P address (Internet Protocol) or a domain name, both are interfaced to each other.

Add-on domain name: Add-on domain name is a secondary domain name, but it is treated same as the primary domain name. An add-on domain name is an additional website under a primary domain name with the unique content.

Generally, an add-on domain name is bought for the important services to redirect a customer on a related subject, rather a strange page. An add-on domain name is one of a characteristics of a good navigation website. For example; a customer should be directly re-directed to a landing page of a service “sales tax registration”, rather land on an index page to waste time of a customer.

Subdomain name : It is a part of a primary domain name. A subdomain name is always used prior to a root or a primary domain name, and a subdomain is used to create an extension of an existing website, rather creating a new website.

Parked domain name: A parked domain name is derived from “parking”, it is usually reserved to use for a future use, such as, to sell or develop additional functions.

Additionally, it is also used to give the user a facility to use a shorter domain name, rather a long domain name. For example; InfoTaxSquare.com is a little long to type and remember, therefore a domain name ITS-360.com is reserved as a parked domain name that does not have an additional website or unique content. It is redirected to the index page of InfoTaxSquare.com. A user can either type InfoTaxSquare.com or ITS-360.com to reach on the same destination.

How to protect from a subdomain takeover?

  1. Make a practice to check the subdomain name connections to the primary domain name time to time. Especially, when there is any changes were made in the server's end or a migration process.
  2. Remove a link of a subdomain immediately, if it is not in use to protect from a hacking.

 

Page loaded in 0.183679 seconds