A simple way to get the left subdomain to your project, or "fable about what happens if you do not read the license agreement"
A few days ago, they wrote to me with the message that “it looks like your server was hacked”, indicating a link to some subdomain . moyodomen.ru . At this address there was some kind of hellish garbage in the style of “driver free for free sms”, otherwise you can’t tell.
I rushed to check the logs / passwords / settings of the server, the domain registrar, but there was nothing to indicate “which subdomain”. Already understand what was the catch? If yes, I still recommend to look under the cat.
So, how did such a situation develop that some kind of left doorway resides in my native domain? It looks like a scheme like this.
What to do? So far I have made such conclusions for myself:
')
I would be grateful if you can somehow comment on this stupid situation.
Update. The comments explained that this is not a joint, but a feature, one of the central features of the project. I am ashamed that I missed it.
I rushed to check the logs / passwords / settings of the server, the domain registrar, but there was nothing to indicate “which subdomain”. Already understand what was the catch? If yes, I still recommend to look under the cat.
So, how did such a situation develop that some kind of left doorway resides in my native domain? It looks like a scheme like this.
- A long time ago, still in not very satisfying student years, the domain was registered on nic.ru
- The DNS hosting for this registrar is paid. But do not pay the same amount of rubles there, because there are free DNS-hosting! At that time, I chose FreeDNS . At nic.ru I have DNS server addresses.
- Now the attacker registers his account on FreeDNS and creates a subdomain to my domain. I later tried to repeat this trick - the domain is being created, although it is cursing, but it is still being created! And it works as it should. FreeDNS does not check if your domain actually belongs to you.
What to do? So far I have made such conclusions for myself:
')
- Use paid DNS registrar.
- Or free, but checking the domain to you. For example, Yandex (not advertising!) Requires either to specify your email in the domain properties, or to put a specific file with certain content on the hosting.
- I have no idea why the hell someone needed to make a curve subdomain to a project with an attendance of 50-60 unique visitors per day. Probably, someone botched by the bot just goes around everything.
- If I understand correctly, you can go to one of the services that display information on the domain and subdomains, and find out if you are not lucky with such “sticks”.
I would be grateful if you can somehow comment on this stupid situation.
Update. The comments explained that this is not a joint, but a feature, one of the central features of the project. I am ashamed that I missed it.
Source: https://habr.com/ru/post/200986/
All Articles