How a Domain Name is Hijacked and How to Protect it

How Domain Names are HijackedIn this post I will tell you about how the domain names are hacked and how they can be protected. The act of hacking domain names is commonly known as Domain Hijacking. For most of you, the term “domain hijacking” may seem to be like an alien. So, let me first tell you what domain hijacking is all about.

Domain hijacking is a process by which Internet Domain Names are stolen from its legitimate owners. It is also known as domain theft. Before we can proceed to know how to hijack domain names, it is necessary to understand how the domain names operate and how they get associated with a particular web server (website).

The Operation of a Domain Name is as Follows:

Any website say for example gohacking.com consists of two parts. The domain name (gohacking.com) and the web hosting server where the files of the website are actually hosted. In reality, the domain name and the web hosting server (web server) are two different parts and hence they must be integrated before a website can operate successfully. The integration of domain name with the web hosting server is done as follows:

  1. After registering a new domain name, we get a control panel where in we can have a full control of the domain.

  2. From this domain control panel, we point our domain name to the web server where the website’s data (web pages, scripts etc.) are actually hosted.

For a clear understanding let me take up a small example:

John registers a new domain called “abc.com” from an X domain registration company. He also purchases a hosting plan from Y hosting company. He uploads all of his files (.html, .php, javascripts etc.) to his web server (at Y). From the domain control panel (of X) he configures his domain name “abc.com” to point to his web server (of Y).

Now, whenever an Internet user types “abc.com”, the domain name “abc.com” is resolved to the target web server and the web page is displayed. This is how a website actually works.

What Happens When a Domain Name is Hijacked?

Now, let us see what happens when a domain name is hijacked. To hijack a domain name, you just need to gain access to the domain control panel and point the domain name to some other web server other than the original one. So, to hijack a domain you need not gain access to the target web server.

For example, a hacker gets access to the domain control panel of  “abc.com”. From here the hacker re-configures the domain name to point it to some other web server (Z). Now whenever an Internet user tries to access “abc.com” he is taken to the hacker’s website (Z) and not to John’s original site (Y).

In this case the John’s domain name (abc.com) is said to be hijacked.

How the Domain Names are Hijacked?

To hijack a domain name, it is necessary to gain access to the domain control panel of the target domain. For this you need the following ingredients:

  1. The domain registrar name for the target domain.

  2. The administrative email address associated with the target domain.

These information can be obtained by accessing the WHOIS data of the target domain. To get access to the WHOIS data, go to whois.domaintools.com, enter the target domain name and click on Lookup. Once the whois data is loaded, scroll down and you’ll see Whois Record. Under this, you’ll get the “Administrative contact email address”.

To get the domain registrar name, look for the words something like: “Registered through:: XYZ Company”. Here XYZ Company is the domain registrar. In case if you do not find this, scroll up and you’ll see ICANN Registrar under the “Registry Data”. In this case, the ICANN registrar is the actual domain registrar.

The administrative email address associated with the domain is the backdoor to hijack the domain name. It is the key to unlock the domain control panel. So, to take full control of the domain, the hacker will have to hack the administrative email associated with it. Email hacking has been discussed in my earlier post: How to hack an email account.

Once the hacker takes full control of this email account, he will visit the domain registrar’s website and click on forgot password in the login page. There, he will be asked to enter either the domain name or the administrative email address to initiate the password reset process. Once this is done, all the details to reset the password will be sent to the administrative email address.

Since the hacker has the access to this email account, he can easily reset the password of domain control panel. After resetting the password, he logs into the control panel with the new password and from there he can hijack the domain within minutes.

How to Protect the Domain Name from Getting Hijacked?

The best way to protect the domain name is to protect the administrative email account associated with the domain. If you loose this email account, you loose your domain. You can read my earlier post on how to protect your email account from being hacked. Another best way to protect your domain is to go for a private domain registration.

When you register a domain name using the private registration option, all your personal details such as your name, address, phone and administrative email address are hidden from the public.

whenever a hacker performs a WHOIS lookup for your domain name, he will not be able to find your name, phone or the administrative email address. Thus, the private registration provides an extra security and protects your privacy. Even though it costs a few extra bucks, is really is worth for its advantages.

I hope that this article has helped you. You can express your feedback through comments.

66 Comments

  1. rexter
    July 5, 2009 at 1:48 PM

    is it possible to get domain registrar name & administrative email address of sub domain like http://www.xxxxx.110mb.com by accessing the WHOIS data ???


    • Srikanth
      July 6, 2009 at 10:08 PM

      @ rexter

      No it’s not possible. Subdomains do not have a seperate domain registrar. It is same as the one for domain.


    • Thinker
      July 2, 2013 at 10:30 AM

      how to prevent if the domain registration DNS itself is compromised?


  2. Rajan
    July 13, 2009 at 8:18 PM

    no it is not possible using WHIOS to have metacafe domain registrar name & admin email


  3. mubiru charles
    July 15, 2009 at 6:24 PM

    Anyone who can help me and send me a website where i can get free hacking software.


  4. Shah
    July 29, 2009 at 10:49 AM

    Awsome Awsome Awsome !!

    Hats off to you Mr.Srikanth !!

    Plz keep us uptodate … LOVE YOU !


    • Myuresh
      September 7, 2014 at 7:50 AM

      Hijacking Domain name is one of the threat that most of the webmasters are afraid of. Here I have found blog post where there is a post about Bookmarking.com when it is attacked by china & Argentina.


  5. TETETETE
    September 24, 2009 at 12:19 AM

    U R awesome SRIKANTH!!! KEEP UP THE GOOD WORK and you’ll go far!!!


  6. CI
    October 6, 2009 at 2:58 AM

    @ rexter

    No it’s not possible. Subdomains do not have a seperate domain registrar. It is same as the one for domain.


  7. silver
    December 5, 2009 at 12:14 PM

    actually one person frm my college is sending mails to every one usin college girls names in vulgur msgs and treating them as bitches in mails so cant we trace him ???? its horrible frm gals side ???? so pls help me !!!!


  8. Me
    January 8, 2010 at 7:10 PM

    Actually, most domains nowadays have the option of paying to conceal their identity along with their administrative email. So this won’t work in these cases.


  9. King_smith
    January 16, 2010 at 5:10 AM

    How can I hack a mobile wapsite?


  10. Rajesh
    January 20, 2010 at 1:21 PM

    Very Good Work.God Bless You friend.
    Thanks for your information.
    Good Luck


  11. Cherokee
    January 26, 2010 at 5:15 PM

    I don’t understand how i can hack website any body can help me


  12. Arun Satyarth
    February 4, 2010 at 8:23 PM

    Srikanth,
    In this one about domain hijacking is there any way by which they can track, from which computer this has been done??

    Thanks for letting so much educational stuff on your site.


    • Srikanth
      February 5, 2010 at 2:28 PM

      @ Arun Satyarth

      Yes the computer can be tracked via the IP address. To hide your IP you can use a proxy.


  13. Harsh Daftary
    February 5, 2010 at 10:04 AM

    Hats off to you Mr.Srikanth…
    At my blog http://www.tricknix.webs.com I am publishing some of your tips…
    please allow me..


  14. vikas
    February 22, 2010 at 11:02 PM

    hey srikanth u r excellent bro
    could u tell me plz; is it possible to hack server database or not and how?
    or
    plz tell me
    is it possible to create virus with java ?
    plz bro!


  15. kingasty
    March 7, 2010 at 5:50 PM

    cool stuff man!am pursuing IT n am findin it worth.thanx


  16. satish
    March 8, 2010 at 2:44 PM

    adara gottesavuu..
    thats quite handsome information srikant garu..
    pls keep up the gud work.


  17. aakash30jan
    March 20, 2010 at 10:57 AM

    Hi Shrikanth I am gr8 fan of you.

    I have one problem . Can we hack the email id using the Spytech SpyAgent


  18. shibashis
    April 17, 2010 at 9:16 PM

    how can I edit the html code on my domain.


  19. matermind
    May 12, 2010 at 5:25 PM

    lolz, i dnt think only domain name hijacking is only to hack any website, but there are so many way that u can hack…..!!
    some method that i am working nw…!!

    1.Remote File Inclusion
    2.Cross Site Scripting
    3.Local File Inclusion


  20. Edidiong
    May 25, 2010 at 10:01 PM

    HOw can l hack a website amd download a software?


  21. John Paul Praveen
    August 30, 2010 at 8:08 AM

    hi Sri… you are great…

    waiting for you new posts…


  22. tausy
    September 7, 2010 at 3:23 PM

    this is nice dude.


  23. Nasruminallah zeeshan
    September 11, 2010 at 12:56 AM

    Hello Author. Simply I love your posts. Very very Nice. Very Nice. I love it. And please write a brief post about website hacking, the ways by which we can hack a site and …. !! Thanks in advance. waiting.


  24. Ikki
    October 15, 2010 at 8:02 PM

    Hi Srikanth can you tell me how to hijack a computer. How can I take control of someone else’s computer?


  25. hooshmand
    December 15, 2010 at 2:08 PM

    Great stuff. Keep up with the good work!


  26. Nitish Raj
    January 30, 2011 at 8:13 PM

    Srikanth, Is it possible to hack into a website by SQL injection..??? Just wondering..


  27. Subash
    February 18, 2011 at 7:10 AM

    Hi! Srikant! I have an problem! one of the “Mr.L4iVe TeaM X-H3LL Hackers” was hacked my Blog Domain name. named http://www.rightpalace.com.
    Now I couldn’t controlled this blog(wordpress). What I have to do now? Can I recover my Domain Name?
    If could I then plz tell me about.

    kindly respond me……..Plz-Plz-Plz


  28. john
    February 22, 2011 at 1:26 PM

    hey,i like yor site….


  29. rupam
    March 8, 2011 at 6:30 PM

    hey srikant, i’m a big fan of yours. I wanted to know that can I place this info. On my site as it is. Cause i’m not as talented as u, and wanna make my visitors more talented.
    ??


  30. suraj
    March 27, 2011 at 9:18 PM

    Srikanth, Is it possible to hack into a website by SQL injection..??? Just wondering.


  31. RAJASEKAR
    March 28, 2011 at 8:13 PM

    i was successfully changed my logon screen


  32. shazin
    April 2, 2011 at 4:42 PM

    xellent job dude…….
    but u should think of giving a warning message with articles like this


  33. Sachin
    May 27, 2011 at 3:11 AM

    Amazing…Fantastic work !!!!


  34. olabodex
    June 14, 2011 at 4:12 AM

    u ar d best. I wanna study IT but i dnt av d cash. Any1 wanna help? Saucekid2001@yahoo.com


  35. ??????? ?????? ?????
    August 10, 2011 at 9:02 PM

    gohacking.com is a must read hacking site!


  36. anonymous
    August 22, 2011 at 9:00 PM

    “If you lose this email account, you lose your domain.”
    i don’t think it’s possible to loose your email account or domain…however people LOSE their emails all the time


  37. samninder
    September 16, 2011 at 4:05 PM

    excellent job …….
    but u should think of giving a warning message with articles like this


  38. www.mocua.com
    January 11, 2012 at 3:05 AM

    thanks very much


  39. parshant
    June 4, 2012 at 11:18 PM

    hey shrikant my website http://www.universaltadka.com is hacked please help me please


  40. Ishan
    December 12, 2012 at 7:01 PM

    @ SRIKANT SIR,

    Some days ago when i was surfing my internet my avast internet security detected “DNS CHACHE POISONING ATTACK”
    I mean i am the victim of this attack. Please tell me what is this attack and how to protect my network from this attack!


  41. Hexmate
    December 30, 2012 at 12:38 AM

    Dude , is there anyway to deface a site just by registering on a free webhost , and then put the target domain as my hosted domain , change the dns setting as the one in the current target ? Are’net there?


  42. Anjali
    January 21, 2013 at 3:27 PM

    Really great article, its helpful for me.
    Domain Registration


  43. Balkrishna
    February 27, 2013 at 12:41 PM

    That is very good . but it is very difficute to make this …….


    • RAJIV SARKAR
      March 29, 2013 at 11:45 PM

      srikant i cant access whois domain tools. it is showing problem loading page. pls help


  44. Golden
    April 12, 2013 at 4:03 PM

    I think am a victim of DNS hijacking. Every time i receive pop ups telling me that my IP address is blacklisted. Please Srikanth help me


  45. Amit
    April 20, 2013 at 10:24 PM

    great article………….


  46. electrician job
    May 12, 2013 at 11:12 PM

    Asking questions are in fact good thing if you are not understanding something entirely,
    except this piece of writing gives pleasant understanding yet.


  47. baju online murah
    October 25, 2013 at 10:09 AM

    It’s hard to find knowledgeable people on this topic, however, you sound like you know what you’re talking about!
    Thanks


  48. amit
    February 4, 2014 at 10:02 PM

    the site http://www.whois.domaintools.com isn’t working!!!please help!!!


  49. Bill ever
    February 6, 2014 at 8:47 PM

    Is anyone know how I can get my wife’s password on gmail ?
    Please help


  50. Hacker-9023XXX54X
    March 13, 2014 at 6:03 AM

    hello ol.

    wnt infrm u.

    security is just our thinking we just thought we had secured our all accounts.

    but the every hacker track your all positions already before taking your decisions.

    there is now way 2 secure your web site or domain name.

    so be just chill…………………


  51. My Blog
    March 27, 2014 at 7:49 AM

    The best way to protect the domain name is to protect the administrative email account associated with the domain.


  52. Candy Crush Saga app
    May 13, 2014 at 8:43 PM

    Hey exceptional website! Does running a blog llike this take a lot of work?
    I’ve absolutely noo expertise in programming buut I wass hoping to
    start my owwn blopg in the nnear future. Anyways, should you
    have any recommendations or techniques ffor new blog owners please share.
    I know this iss off subject however I simply had too
    ask. Cheers!


  53. Kiera
    May 20, 2014 at 6:10 AM

    Good day I am so grateful I found your blog, I really found you by error, while I was browsing on Digg for something else, Anyhow I am here
    now and would just like to say cheers for a remarkable post and a all
    round exciting blog (I also love the theme/design), I
    don’t have time to read through it all at the minute
    but I have bookmarked it and also included your RSS feeds,
    so when I have time I will be back to read a lot more, Please
    do keep up the great job.


  54. Christin
    May 23, 2014 at 4:19 AM

    Nice post. I was checking constantly this blog and I’m impressed!
    Extremely helpful information particularly the last part :) I care for such info
    much. I was looking for this particular information for a very long time.

    Thank you and good luck.


  55. Linto
    June 1, 2014 at 3:09 PM

    Thanks for the great article…..


  56. Brenton
    June 23, 2014 at 7:17 AM

    I was suggested this web site by my cousin. I am not sure whether this post is
    written by him as no one else know such detailed about my difficulty.
    You’re incredible! Thanks!


  57. sup
    June 29, 2014 at 5:33 PM

    What about MYSQL injection? Wich onr is worst.
    1. Using a DDoS attack to overload the servers and gain a login.

    2. Injecting MYSQL to gain login info and acsess the hard drive of the site.

    What is XXL?


  58. Kumar
    July 18, 2014 at 1:08 AM

    Very Important info ,thank you and after reading i am worried that i have 40 plus web sites and all are given contact no and email id and it displays .All the domains that are booked are good ones ,what to do now ,Can you help me please


  59. travail
    September 1, 2014 at 2:13 AM

    Hello! I just wanted to ask if you ever have any trouble with hackers?
    My last blog (wordpress) was hacked and I ended up losing a few months of hard work due to no data backup.
    Do you have any solutions to protect against hackers?


  60. ajay
    September 12, 2014 at 7:04 PM

    great info, sharing is caring, please go on writing


  61. Emelia R. Kourt
    September 21, 2014 at 1:20 AM

    Hi there to every one, because I am genuinely eager of reading this web
    site’s post to be updated regularly. It includes fastidious
    information.