How the domain name was "hijacked"

Source: Internet
Author: User
Tags mail modify domain domain name server domain registration domain name registration mail account
In late October, there was a startling news that the domain name of Adobe's website was attacked by hackers, A hacker who has not yet identified himself has changed the domain name records of the Adobe.com Web site, and hackers have shifted the domain name record of the adobe.com site to the ICANN authorized Registrar Paycenter Company in China. In addition, he modified the site's domain name contact information as well as the server name and Web site. The modification of the domain name server led to the user who visited the www.adobe.com website during this period to be directed to the homepage of the Paycenter website. This attack makes people have to believe that domain name can also be black!

Memories of 163 have also been the fate of this
The hacking attack on the Adobe.com site was one of the most recent hacking incidents involving network solutions companies. Internet.com, nike.com and exodus.net have all been subjected to similar attacks. This time the hacker attacks the domain name of the incident can not help to remind people of a period of time before the 163 electronic post Office paralysis incident. March 13 this year, Guangzhou 163 electronic Post Office of many users found unable to enter the 163 electronic post Office. When you enter a www.163.net, you are always introduced to a page with "Welcome to Www.163.net", and then you can no longer log in to the 163 email post Office. 163 electronic post offices were paralysed and users were unable to send and receive any letters. After analysis, the reason is that 163 electronic post office domain name address was tampered with a Romanian IP address, resulting in the user can not normal access to 163 electronic post office.

163 electronic Post Office belongs to the international domain name, its DNS resolution is set in the United States, because the international Domain name Management Agency has opened to support directly online to modify the domain name owner's DNS information services, 163 electronic Post Office in InterNIC records show its domain name resolution server in the United States time March 11 was changed to Ns06.gte-hosting.net,www.163.net resolution was changed to 208.55.45.195.

Analysis of why the domain name will be black
From the technical requirements of the Internet, it is necessary to modify a website's domain address to point to the password that must have the highest administrative authority on the site. The technology used by the attacker is not an intrusion Web server used in the past, changing the home page idiom, the attacker is using a domain name hijacking attack technology, the attacker by posing as the original domain name owner to e-mail to modify the network solution Company's registered domain name records, the domain name transfer to another group, By adding the domain name record to the DNS server specified in the modified registration information so that the original domain name points to the server of another IP, the two servers are usually the attackers ' prior intrusion control servers, and are not owned by the attackers. Changes to the domain name address need to be able to use the original registered administrator's mailbox to reply to its issue of the change confirmation letter, before you can complete the modification of registration information work. Thus 163 of the DNS is tampered with the most likely is that its network management mailbox is embezzled (such as password settings too simple, easy to crack).

Explore how hackers succeed.
Hackers have such a process for attacking corporate domain names:

To get the registration information of the domain name to be attacked first, Hackers will first visit network solutions companies such as NSI Company's Web site: www.networksolutions.com, through the company's homepage to provide the function, enter the company's domain name, access to the domain registration information, the admin domain name e-mail account. Then followed by an attempt to control the admin domain name of the e-mail account, hackers can pass on the e-mail account based on the tool of brute force cracking or dictionary guessing, breach admin domain name e-mail account abc.legal. Internet.registration@ABC.COM, use the Modify domain name information provided on the Networksolutions company homepage to modify the registration information of the domain name, including owner information, DNS server information, and so on. And through the management of e-mail accounts received Networksolutions company to modify the domain name registration records after the confirmation of e-mail, and the letter to confirm the revision process, two times after the confirmation, will receive a successful change of domain name registration records of the notification letter, to achieve the purpose of modifying the domain name.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.