Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Domain host hijacking
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Domain host hijacking

DStroutDStrout Member
edited February 2013 in General

I've come up with a form of domain hijacking that it somewhat different than the "normal" type. Here's how it works:

  • Joe Chump registers a nice domain, let's say nicedomain.com
  • He adds some NS records for the name servers of a host he's found: ns1.somehost.com, ns2.somehost.com
  • He then - does nothing more. The domain is active and pointing to a host, but the host doesn't "know" about it.

That's when I come along. Who.is has a nice tool that can tell you all the domains that are pointed to a given registrar (the data is cached from when people look up their domains, it obviously can't actually tell every domain that's pointed to a name server). For instance, here's the page for DreamHost. I can go through that list and go to each of those domain names and see if the host has "recognized" them and created hosting accounts. If not, I can get access to that domain by opening a hosting account with that host using that domain. Now I have a domain I didn't pay for.

Anyway, I say all this because I got access to the domain dontforget.com with this method by opening a two-week trial account with DreamHost, where the domain is currently pointing. I find it very odd, though, that a (very good) domain that's been registered for 14.5 years is just aimlessly pointing at that host, waiting for it to happen.

So, I guess all this to say: am I on to something new/interesting? Or is this something folks have been doing for a while?

Comments

  • what are u talking about

  • So whats the point? You've just found someone lame to set their domain NS to a hosting provider they don't host with.
    But you don't own/control the domain itself. Shall they notice someone are using them, they just change the NS and you're done.
    Of course if the domain still has some weight/backlinks left you can use it as a temporary traffic/weight transfer to your sites. But it is highly doubtful somebody will leave a non-zero domain like that.

  • well this has happened to me before (it was 3 letter word .com).Someone from china jacked it with the same way butbitvwasbquickly recovered.

  • Yeah, I know there's no real "control" here, but it can actually be a good way to get a spare domain to play around with, if nothing else.

  • DalCompDalComp Member
    edited February 2013

    @DStrout said: am I on to something new/interesting?

    Oh yeah, you're a genius. I could (ab)use the trick for some project. ;)

  • Mahfuz_SS_EHLMahfuz_SS_EHL Host Rep, Veteran

    It's very general and this can happen if anyone has pointed his domain to an unknown hosting company. But, you won't gain access over the domain by this. The domain owner anytime can change the NameServer :P

  • shovenoseshovenose Member, Host Rep

    Interesting.
    But useless.
    But interesting nontheless.

  • put a task list app on it lol

  • @shovenose said: Interesting.

    But useless.
    But interesting nontheless.

    2nd.

  • DalCompDalComp Member
    edited February 2013

    @shovenose said: Interesting.

    But useless.
    But interesting nontheless.


    Nah, it could be useful in proper hands.

  • Maybe this is how people Spam?

  • DewlanceVPSDewlanceVPS Member, Patron Provider

    What is your point?

  • @DewlanceVPS said: What is your point?

    Who you asking? the OP or me?

  • NickkNickk Member
    edited February 2013

    @DStrout said: it can actually be a good way to get a spare domain to play around with, if nothing else.

    Or just buy your own and don't be a dickhead with other people's stuff. Come on now.

  • Now, if the email for their registrar account was on the same domain, this is potential for trouble.

  • @DStrout gives us lesson in human stupidity, to a greater extent than myself...just don't hack a bank across state lines you'll get nailed by the fbi, where are your brains in your ass?

  • @Nick said: Or just buy your own and don't be a dickhead with other people's stuff. Come on now.

    Exactly my thoughts. Can't afford one? Get a .tk or .co.cc or whatever. Free domains exist. Seems easier than being an asshole and also spending money on hosting to wherever the random domain is being pointed to.

  • someone didn't renew hosting but still holds the domain

  • @natestamm said: just don't hack a bank across state lines you'll get nailed by the fbi, where are your brains in your ass?

    +1 ROFL Nice Hackers quote!

Sign In or Register to comment.