Forums
New posts
New posts
Search forums
Market
Domains/Websites Wanted
.com Domain Market
gTLD Domain Market
ccTLD Domain Market
Web3 Domain Market
Third-Level Domain Market
Adult Domain Market
What's New
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Account Upgrade
Premium Members Directory
Log in
Register
What's New
calendar
Search
Search
Search titles only
By:
New posts
New posts
Search forums
Menu
Log in
Register
Install the app
Install
Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.
Forums
Domain Discussion
Domain Beginners and Newbies
Beware of Subdomain Takeovers
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="bhartzer" data-source="post: 2350915" data-attributes="member: 93963"><p>Through DNProtect, we were just alerted to a 'scary' type of loophole in CloudFlare's service.</p><p></p><p>So here is how this security loophole is taken advantage of by scammers:</p><p></p><p>Someone decides to use Cloudflare. They open up an account (there are free and paid accounts). They point their domain names to the CF name servers. That's a requirement. But then the person forgets to add the domain name to their CF account. So, the domain is pointed to the CF name servers but is in "limbo" because it is not added to the account at Cloudflare. Or, they delete the domain name from the CF account but forget to change the name servers at the domain registrar. Either way, the domain is pointed but not associated with an account.</p><p></p><p>So, the 'scammer' looks through publicly available lists (usually DNS checkers, etc.) of domain names pointing to the CF name servers. They grab the list, then import the list of domain names to their Cloudflare account. Domain names that are pointed to the CF name servers but not associated with an account are then added to the scammer's account. The scammer then can see which domains were added to THEIR account, and even though they have NO control over the domain, they have control over the DNS and they can point the domain anywhere they want. They steal the traffic, can get all the emails, anything they want to do with the DNS of the domain.</p><p></p><p>So, to protect yourself, if you point your domain name to a certain name server, make sure that you have control over the DNS at the name server. So, if you point your domain to Cloudflare's name servers, make sure you add that domain to your Cloudflare account; or someone else may add it to their account.</p><p></p><p>This just happened to someone recently and we were notified about it. They pointed several of their domains to Cloudflare's name servers but forgot to add the domain to their CF account. So, someone else added to THEIR account, stealing all their traffic and taking over the DNS for their domains. In this case, the 'thief' didn't even have to have access to their domain, didn't have to hack their domain registrar account, etc..</p></blockquote><p></p>
[QUOTE="bhartzer, post: 2350915, member: 93963"] Through DNProtect, we were just alerted to a 'scary' type of loophole in CloudFlare's service. So here is how this security loophole is taken advantage of by scammers: Someone decides to use Cloudflare. They open up an account (there are free and paid accounts). They point their domain names to the CF name servers. That's a requirement. But then the person forgets to add the domain name to their CF account. So, the domain is pointed to the CF name servers but is in "limbo" because it is not added to the account at Cloudflare. Or, they delete the domain name from the CF account but forget to change the name servers at the domain registrar. Either way, the domain is pointed but not associated with an account. So, the 'scammer' looks through publicly available lists (usually DNS checkers, etc.) of domain names pointing to the CF name servers. They grab the list, then import the list of domain names to their Cloudflare account. Domain names that are pointed to the CF name servers but not associated with an account are then added to the scammer's account. The scammer then can see which domains were added to THEIR account, and even though they have NO control over the domain, they have control over the DNS and they can point the domain anywhere they want. They steal the traffic, can get all the emails, anything they want to do with the DNS of the domain. So, to protect yourself, if you point your domain name to a certain name server, make sure that you have control over the DNS at the name server. So, if you point your domain to Cloudflare's name servers, make sure you add that domain to your Cloudflare account; or someone else may add it to their account. This just happened to someone recently and we were notified about it. They pointed several of their domains to Cloudflare's name servers but forgot to add the domain to their CF account. So, someone else added to THEIR account, stealing all their traffic and taking over the DNS for their domains. In this case, the 'thief' didn't even have to have access to their domain, didn't have to hack their domain registrar account, etc.. [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Domain Discussion
Domain Beginners and Newbies
Beware of Subdomain Takeovers
Top
Bottom