How my website was hаcked

Started by sutherland, Nov 23, 2022, 03:07 AM

Previous topic - Next topic

sutherlandTopic starter

2 months ago, I registered one domain on one of the registrar sites and immediately delegated the DNS domain addresses to the addresses of one of the hosting companies (well, as usual).
BUT! After delegating, I did not bind the domain to my account on this hosting. I was waiting for the right moment. So, after 3 months, I go to this domain and instead of the expected error about a non-existent page, I saw someone else's website working. What the fuck was I thinking? My first version of what was happening was the thought that most likely someone on the hosting tied the domain to his account faster than me.

To check this, I went to web hosting to link the domain and was surprised when I was able to do it, I linked the domain without any problems, although I expected an error like "Ala domain is already linked to another account". Dammit I thought. My second version was the idea that unscrupulous hosting uses domains delegated to hosting, but not linked to accounts, in their needs until the domain is linked to the account. Soon there was a conversation with the hosting support service.
The operator on the line at first could not explain the reason for what was happening, but later was able to assume the following (operator's response):
"It looks like a doorway, sometimes these comrades register with us - with domains that link to us at the dns level (visible in the public whois), but they do not have full support yet."


most hosting providers have automatic DNS zone configuration (resource records). In order for the domain to be linked to the hosting, it needs to:
1. Specify the DNS of web hosting.
2. Link the domain in the hosting panel. After binding the domain in the hosting, a zone file with records from the control panel on the DNS hosting is automatically created.

If you do not fulfill the second point, the guys (scammers, bad people, xs who else) will help and link your domain to their hosting.
Here the domain name owner should be careful and if he specifies DNS, it is better to specify not hosting DNS, where there is an auto-tuning zone, but for example free. The same DNS of Yandex or registrar or a third-party service where there is no zone auto-tuning.

I'll tell you honestly, guys (scammers, bad people) who use other people's domains quite a lot in this way. And they probably have bots or checkers constantly scouring for domain names that have DNS but no zone.