General / IT

How to get your web-domain stolen

Have you ever left a bill unpaid for a few days? If it happens with your bill from your domain registrar – the company who manages the reservation of your internet domain – you might get in trouble.

An article published last week in Science Magazine explains how hackers can take over a journal’s Web domain. Online publishing is a huge money making industry ($10 billion according to the article). Fraudsters have been imitating journal’s webpages and hosting them on a similar sounding web domain to get people to pay for subscription or increase traffic on their site. Recently, a new method has been used: ‘Domain-thieves’ find websites whose domains are about to expire. If the bill to continue the domain registration is not paid immediately, the domain can be free to buy for anyone. You would usually follow the green path in the figure below. If you don’t pay the bill to your web registrar, a domain-thief (red path) can snatch your domain name and display his website on your previous domain.

Hijack2

With some experience in web-scraping, it is relatively easy to write a code that finds potential journal domains that one could steal. The author of the article in Science Magazine made his code to do that public (click here to access python code). He found 24 recently snatched journal domains. Ending up on the ‘fake’ webpage is not only a big problem as the domain-thief can steal passwords from people who sign in to the fake site or money from those who buy a subscription; it can also lead to a big trust problem for your company or webpage. So be aware of thieves!

 

Reference: J. Bohannon, Science, 2015, Vol 350

Picture credit: Web-domain thief (hijacker) from Charis Tsevis on Flickr

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s