information Check Your DNS - Fraud Alert

[mr-x]

I developed a domain and used the hosting providers DNS. The project wasn't successful but when I shut it down, I neglected to change the DNS.

Another person created a website on the hosting company and used it to send spam / phishing attacks with my domain name.

Make sure you remember to check the DNS servers for your domain are current.

 

[Gube]

And to add on that, adding a SPF record can also be quite helpful.
It can help to prevent spam as, depending on the configuration, it can block entirely non mentionned senders (hard fail)

 

[twiki]

Or, get a VPS and have your own hosting.

 

[mr-x]

When the project is over and the VPS shuts down, update your DNS records. Few reasons to have a domain with incorrect DNS.

 

[ecomslice]

Novice here. So I leave some as you say " stagnent " projects. Some have Dns forwarded via MX records just for email to CRM providers. Some run for SSL via cloudfare to wordpress sites.

What is the risk ? At what stage ? By what method do they use and what is the area in dns to check if they hijacked for spam .

Thank you in advance

 

[Michael M]

I developed a domain and used the hosting providers DNS. The project wasn't successful but when I shut it down, I neglected to change the DNS.

Another person created a website on the hosting company and used it to send spam / phishing attacks with my domain name.

Make sure you remember to check the DNS servers for your domain are current.

Hey Mr X, been a while since we ran across each other. I hope all is well.

Of course it is important you stay on top of your domains and in control of the nameservers, but I am trying to process what exactly happened to you? (for the sake of education of others which I believe is the point of your post.)

Let's break this out to an example scenario so I can try to understand.

Lets say:
#1: Your domain is hosted and uses GD name servers.
#2: You build a site and setup email on GD
#3: You abandon the site and take it down and cancel your email account with GD.

How can someone legitimately in the GD system "takeover" your domain to host a site and send email without possession of your account?

Any reputable (even decent or subpar) hosting company will not allow someone to publish a site or setup email on a domain they do not own. (in this scenario they have control of your DNS records - but protect them at account level.)

I have my suspicions that your actual domain was not compromised in any way - but someone spoofed your domain to send emails. This is extremely common. There is nothing you can do with your nameservers (specifically) that will stop this. The actions you can take are on the records within those nameservers.

The way to prevent spoofing of your domain in emails is to setup SPF and DKIM DNS records (DKIM setup at email server as well).

But no one should ever be able to point your domain to their website or email without hijacking your account at the hosting provider and actually changing the DNS records in their nameservers.

 

[DuDD]

thanks for sharing