How a Domain Name is Hijacked. In this post I will tell you about how the domain names are hacked. The act of hacking domain names is commonly known as Domain Hijacking. For most of you, the term “domain hijacking” may seem to be like an alien. So, let me first tell you what domain hijacking is all about. Domain hijacking is a processby which Internet Domain Names are stolen from its legitimate owners. It is also known as domain theft. Before we can proceed to know how to hijack domain names, it is necessary to understand how the domain names operate and how they get associated with a particular web server (website). The Operation of a Domain Name is as Follows: Any website say for example gohacking consists of two parts. The domain name ( gohacking) and the web hosting server where the files of the website are actually hosted. In reality, thedomain name and the web hosting server (web server) are two different parts and hence they must be integrated before a website can operate successfully. The integration of domain name with the web hosting server is done as follows: 1. After registering a new domain name, we get a control panel where in we canhave a full control of the domain. 2. From this domain control panel, we point our domain name to the web server where the website’s data (web pages, scripts etc.) are actually hosted. For a clear understanding letme take up a small example: John registers a new domain called “ abc” from an X domain registration company. He also purchases a hosting plan from Y hosting company.He uploads all of his files (.html, .php, javascripts etc.) to his web server (at Y). From the domain control panel (of X) he configures hisdomain name “ abc” to point to his web server (of Y). Now, whenever an Internet user types “ abc”, the domain name “ abc” is resolved to the target web server and the web page is displayed. This is how a website actually works. What Happens When a Domain Name is Hijacked? Now, let us see what happens when a domain nameis hijacked. To hijack a domain name, you just need to gain access to the domain control panel and point the domain name to some other web server other than the original one. So, to hijack a domain you need not gain access to the target web server. For example, a hacker gets access to the domain control panel of “ abc”. From here the hacker re-configures the domain name to point it to some other web server (Z). Now whenever an Internet user tries to access “ abc” he is taken to the hacker’s website (Z) and not to John’soriginal site. In this case the John’s domain name ( abc) is saidto be hijacked. How the Domain Names are Hijacked? To hijack a domain name, it isnecessary to gain access to the domain control panel of the target domain. For this you need the following ingredients: 1. The domain registrar name for the target domain. 2. The administrative email address associated with the target domain. These information can be obtained by accessing the WHOIS data of the target domain. To get access to the WHOIS data, go to whois.domaintools, enter the target domain nameand click on Lookup. Once thewhois data is loaded, scroll down and you’ll see Whois Record. Under this, you’ll get the “Administrative contact email address”. To get the domain registrar name, look for the words something like: “Registered through:: XYZ Company”. Here XYZ Company is the domain registrar. In case if you do not find this, scroll upand you’ll see ICANN Registrar under the “Registry Data”. In this case,the ICANN registrar is the actual domain registrar. The administrative email address associated with the domain is the backdoor to hijack the domain name. It is the key to unlock the domain control panel. So, to take full control of the domain, the hacker will have to hack the administrative email associated with it. Email hacking has been discussed in my earlier post: How to hack an email account. Once the hacker takes full control of this email account, he will visit the domain registrar’s website and click on forgot password in the login page. There, he will be asked to enter either the domain name or the administrative email address to initiate the password resetprocess. Once this is done, all the details to reset the password will be sent to the administrative email address. Since the hacker has the access to this email account, he can easily reset the password of domain control panel. After resetting the password, he logs into the control panel with the new password and from there he can hijack the domain within minutes.. . ~>JJ
Posted on: Sat, 13 Jul 2013 07:25:11 +0000