Domain Hijacking - How to Hijack a Domain
In this post I will tell you about how the domain names are hacked and how they can be protected. The act of hacking domain names is commonly known as Domain Hijacking. For most of you, the term “domain hijacking” may seem to be like an alien. So let me first tell you what domain hijacking is all about.
Domain hijacking is a process by which Internet Domain Names are stolen from it’s legitimate owners. Domain hijacking is also known as domain theft. Before we can proceed to know how to hijack domain names, it is necessary to understand how the domain names operate and how they get associated with a particular web server (website).
The operation of domain name is as follows
Any website say for example gohacking.com consists of two parts. The domain name (gohacking.com) and the web hosting server where the files of the website are actually hosted. In reality, the domain name and the web hosting server (web server) are two different parts and hence they must be integrated before a website can operate successfully. The integration of domain name with the web hosting server is done as follows.
1. After registering a new domain name, we get a control panel where in we can have a full control of the domain.
2. From this domain control panel, we point our domain name to the web server where the website’s files are actually hosted.
For a clear understanding let me take up a small example.
John registers a new domain “abc.com” from an X domain registration company. He also purchases a hosting plan from Y hosting company. He uploads all of his files (.html, .php, javascripts etc.) to his web server (at Y). From the domain control panel (of X) he configures his domain name “abc.com” to point to his web server (of Y). Now whenever an Internet user types “abc.com”, the domain name “abc.com” is resolved to the target web server and the web page is displayed. This is how a website actually works.
What happens when a domain is hijacked
Now let’s see what happens when a domain name is hijacked. To hijack a domain name you just need to get access to the domain control panel and point the domain name to some other web server other than the original one. So to hijack a domain you need not gain access to the target web server.
For example, a hacker gets access to the domain control panel of “abc.com”. From here the hacker re-configures the domain name to point it to some other web server (Z). Now whenever an Internet user tries to access “abc.com” he is taken to the hacker’s website (Z) and not to John’s original site (Y).
In this case the John’s domain name (abc.com) is said to be hijacked.
How the domain names are hijacked
To hijack a domain name, it’s necessary to gain access to the domain control panel of the target domain. For this you need the following ingredients
1. The domain registrar name for the target domain.
2. The administrative email address associated with the target domain.
These information can be obtained by accessing the WHOIS data of the target domain. To get access the WHOIS data, goto whois.domaintools.com, enter the target domain name and click on Lookup. Once the whois data is loaded, scroll down and you’ll see Whois Record. Under this you’ll get the “Administrative contact email address”.
To get the domain registrar name, look for something like this under the Whois Record. “Registration Service Provided By: XYZ Company”. Here XYZ Company is the domain registrar. In case if you don’t find this, then scroll up and you’ll see ICANN Registrar under the “Registry Data”. In this case, the ICANN registrar is the actual domain registrar.
The administrative email address associated with the domain is the backdoor to hijack the domain name. It is the key to unlock the domain control panel. So to take full control of the domain, the hacker will hack the administrative email associated with it. Email hacking has been discussed in my previous post how to hack an email account.
Once the hacker take full control of this email account, he will visit the domain registrar’s website and click on forgot password in the login page. There he will be asked to enter either the domain name or the administrative email address to initiate the password reset process. Once this is done all the details to reset the password will be sent to the administrative email address. Since the hacker has the access to this email account he can easily reset the password of domain control panel. After resetting the password, he logs into the control panel with the new password and from there he can hijack the domain within minutes.
How to protect the domain name from being hijacked
The best way to protect the domain name is to protect the administrative email account associated with the domain. If you loose this email account, you loose your domain. So refer my previous post on how to protect your email account from being hacked. Another best way to protect your domain is to go for private domain registration. When you register a domain name using the private registration option, all your personal details such as your name, address, phone and administrative email address are hidden from the public. So when a hacker performs a WHOIS lookup for you domain name, he will not be able to find your name, phone and administrative email address. So the private registration provides an extra security and protects your privacy. Private domain registration costs a bit extra amount but is really worth for it’s advantages. Every domain registrar provides an option to go for private registration, so when you purchase a new domain make sure that you select the private registration option.
Popularity: 6% [?]
Visitors who read this post, also read:
By using/following this site you agree to our Legal Disclaimer
is it possible to get domain registrar name & administrative email address of sub domain like http://www.xxxxx.110mb.com by accessing the WHOIS data ???
@ rexter
No it’s not possible. Subdomains do not have a seperate domain registrar. It is same as the one for domain.
no it is not possible using WHIOS to have metacafe domain registrar name & admin email
Anyone who can help me and send me a website where i can get free hacking software.
Awsome Awsome Awsome !!
Hats off to you Mr.Srikanth !!
Plz keep us uptodate … LOVE YOU !
U R awesome SRIKANTH!!! KEEP UP THE GOOD WORK and you’ll go far!!!
@ rexter
No it’s not possible. Subdomains do not have a seperate domain registrar. It is same as the one for domain.
actually one person frm my college is sending mails to every one usin college girls names in vulgur msgs and treating them as bitches in mails so cant we trace him ???? its horrible frm gals side ???? so pls help me !!!!
Actually, most domains nowadays have the option of paying to conceal their identity along with their administrative email. So this won’t work in these cases.
How can I hack a mobile wapsite?
Very Good Work.God Bless You friend.
Thanks for your information.
Good Luck
I don’t understand how i can hack website any body can help me
Srikanth,
In this one about domain hijacking is there any way by which they can track, from which computer this has been done??
Thanks for letting so much educational stuff on your site.
Hats off to you Mr.Srikanth…
At my blog http://www.tricknix.webs.com I am publishing some of your tips…
please allow me..
@ Arun Satyarth
Yes the computer can be tracked via the IP address. To hide your IP you can use a proxy.
hey srikanth u r excellent bro
could u tell me plz; is it possible to hack server database or not and how?
or
plz tell me
is it possible to create virus with java ?
plz bro!
cool stuff man!am pursuing IT n am findin it worth.thanx
adara gottesavuu..
thats quite handsome information srikant garu..
pls keep up the gud work.
Hi Shrikanth I am gr8 fan of you.
I have one problem . Can we hack the email id using the Spytech SpyAgent
how can I edit the html code on my domain.
lolz, i dnt think only domain name hijacking is only to hack any website, but there are so many way that u can hack…..!!
some method that i am working nw…!!
1.Remote File Inclusion
2.Cross Site Scripting
3.Local File Inclusion
HOw can l hack a website amd download a software?
hi Sri… you are great…
waiting for you new posts…
this is nice dude.
Hello Author. Simply I love your posts. Very very Nice. Very Nice. I love it. And please write a brief post about website hacking, the ways by which we can hack a site and …. !! Thanks in advance. waiting.
Hi Srikanth can you tell me how to hijack a computer. How can I take control of someone else’s computer?
Great stuff. Keep up with the good work!
Srikanth, Is it possible to hack into a website by SQL injection..??? Just wondering..
Hi! Srikant! I have an problem! one of the “Mr.L4iVe TeaM X-H3LL Hackers” was hacked my Blog Domain name. named http://www.rightpalace.com.
Now I couldn’t controlled this blog(wordpress). What I have to do now? Can I recover my Domain Name?
If could I then plz tell me about.
kindly respond me……..Plz-Plz-Plz
hey,i like yor site….
hey srikant, i’m a big fan of yours. I wanted to know that can I place this info. On my site as it is. Cause i’m not as talented as u, and wanna make my visitors more talented.
??
Srikanth, Is it possible to hack into a website by SQL injection..??? Just wondering.
i was successfully changed my logon screen
xellent job dude…….
but u should think of giving a warning message with articles like this
Leave your response!
EMAIL SECURITY »
What to Do When Your Email Account is Hacked?
How to Recover Hacked Email Accounts?
It can be a real nightmare if someone hacks and takes control of your email account as it may contain confidential information like bank logins, credit card details and other sensitive data. …
HOW-TO GUIDES »
How to Identify and Avoid Phishing Scams
Phishing is a form of social engineering technique used by hackers to gather sensitive information such as usernames, passwords and credit card details by posing as a trustworty person/organization. Since most online users are unaware of the …
INTERNET SECURITY »
4 Ways to Identify Safe Websites on the Internet
On the whole Internet, there are approximately more than 150 million active websites up and running. As a result, it often becomes a real challenge for the users to identify safe websites that are trustworthy …
NETWORK HACKS »
How to Hack an Ethernet ADSL Router
Almost half of the Internet users across the globe use ADSL routers/modems to connect to the Internet however, most of them are unaware of the fact that it has a serious vulnerability which can easily be exploited even by a …
VIRUS CREATION »
How to Test the Working of your Antivirus – EICAR Test
Have you ever wondered how to test your Antivirus software to ensure it’s proper working? Well here is a quick and easy way to test your antivirus. The process is called EICAR test which will …
Categories
Blogroll
Recent Comments
Most Commented
Most Popular
Log In | Entries (RSS) | Comments (RSS) | Sitemap
© 2008-2011 GoHacking.Com. This content is copyrighted to Srikanth and may not be reproduced on other websites.