Beware of Subdomain Takeovers

Visit nameliquidate.com
ebook DomainGraduate.com

bhartzer

Level 4
DNProtect Staff
Joined
Aug 24, 2007
Messages
220
Reaction score
51
Feedback: 3 / 0 / 0
Through DNProtect, we were just alerted to a 'scary' type of loophole in CloudFlare's service.

So here is how this security loophole is taken advantage of by scammers:

Someone decides to use Cloudflare. They open up an account (there are free and paid accounts). They point their domain names to the CF name servers. That's a requirement. But then the person forgets to add the domain name to their CF account. So, the domain is pointed to the CF name servers but is in "limbo" because it is not added to the account at Cloudflare. Or, they delete the domain name from the CF account but forget to change the name servers at the domain registrar. Either way, the domain is pointed but not associated with an account.

So, the 'scammer' looks through publicly available lists (usually DNS checkers, etc.) of domain names pointing to the CF name servers. They grab the list, then import the list of domain names to their Cloudflare account. Domain names that are pointed to the CF name servers but not associated with an account are then added to the scammer's account. The scammer then can see which domains were added to THEIR account, and even though they have NO control over the domain, they have control over the DNS and they can point the domain anywhere they want. They steal the traffic, can get all the emails, anything they want to do with the DNS of the domain.

So, to protect yourself, if you point your domain name to a certain name server, make sure that you have control over the DNS at the name server. So, if you point your domain to Cloudflare's name servers, make sure you add that domain to your Cloudflare account; or someone else may add it to their account.

This just happened to someone recently and we were notified about it. They pointed several of their domains to Cloudflare's name servers but forgot to add the domain to their CF account. So, someone else added to THEIR account, stealing all their traffic and taking over the DNS for their domains. In this case, the 'thief' didn't even have to have access to their domain, didn't have to hack their domain registrar account, etc..
 
Visit Epik

FSNet

Level 5
Joined
Aug 21, 2002
Messages
279
Reaction score
1
Feedback: 9 / 2 / 1
Great advice. This happened to me a few years ago. I couldn't figure out how it was happening back then. lol.
 

amplify

DNForum Moderator
DNF Staff
Joined
Sep 15, 2009
Messages
3,407
Reaction score
1,142
Feedback: 68 / 0 / 0
This advice is also applicable to parking.

If you're buying a domain name because of its parking income, or not, it may be parked and in the precious owner's account. Update the name servers to your preferred parking company or ensure that you add it to your account at the present company or you will not make money from that domain.
 
Visit nameinvestors.com
Top Bottom