The domain name is the malicious universal resolution is one of the most common problems of domain name security, service providers often play a decisive role, then as the site itself to do what work? Share some experience for everyone below.
First, the domain name pan-analytic origin
1, the site itself problems
1) site in the Domain Name Service provider website registered account password is too simple, account password stolen, resulting in the domain name information was maliciously tampered with.
2) Domain name registration uses the same account number and password, hackers cracked a password after the successful hijacking of the domain name.
3) Now many domain name resolution platform to support the pan-resolution settings, 1, when adding a record, the host record if fill in "*", the implementation of Pan-resolution, once the domain name is hijacked, will quickly under the domain name of the generation of many two-level domain names, three-level domain names.
2. Domain Name Service provider issues
1) The website is attacked and hackers steal information from many registered users.
2) The domain Name Service provider's security vulnerability causes the domain name to be maliciously tampered with, even has appeared the domain name service provider to set up the domain name lock, the domain name holder cannot modify the information, the hacker but may through the flaw Domain name resolution modification.
Second, reduce the domain name malicious pan-resolution, starting from itself
1, many from the security point of view, choose Professional and reliable, strong technical ability of the domain name registrar, even if his charges will be more expensive.
2, select the domain name registrar, the details of customer service registrar on the domain name is hijacked security issues such as whether there is a solution, the previous security issues are how to deal with.
3, the domain name associated with the account password as complex as possible, must not use the weak password (123456), and the domain name related to multiple account password do not use the same combination.
4, in the Domain name resolution settings, if there is no special needs, do not use the pan-resolution function, you can decide which level of two domain name to use when a single two-level domain name resolution operation.
5, the proposed use of Baidu cloud acceleration, enjoy high anti-intelligent DNS, free of charge. Baidu Cloud Acceleration can hide the site of the real ip,ping site is the IP address is through the Baidu cloud accelerated DNS resolution IP address, that is, Baidu IP address, hidden site real IP address, improve site safety factor.
The biggest problem of domain name security of enterprise website