
A simple way to get a left subdomain for your project, or “a fable about what happens if you do not read the license agreement”
A few days ago they wrote to me with a message that “it looks like your server has been hacked”, indicating a link to some role subdomain . moidomen.ru . At this address there was some kind of hellish garbage in the style of "drivers for free without SMS", you can not say otherwise.
I rushed to check the logs / passwords / settings of the server, domain registrar, but nothing that would indicate the “what kind of subdomain” was not found. Already understood what was the catch? If so, I still recommend looking under the cat.
So, how was the situation that some kind of left doorway lives on my domain? It seems like a circuit like this.
What to do? So far I have drawn the following conclusions for myself:
I would be grateful if you can somehow comment on this very stupid situation.
Update In the comments, they explained that this is not a jamb, but a feature, one of the central features of the project. I am ashamed that I missed it.
I rushed to check the logs / passwords / settings of the server, domain registrar, but nothing that would indicate the “what kind of subdomain” was not found. Already understood what was the catch? If so, I still recommend looking under the cat.
So, how was the situation that some kind of left doorway lives on my domain? It seems like a circuit like this.
- Once upon a time, even in the not very satisfying student years, the domain was registered on nic.ru
- DNS hosting at this registrar is paid. But do not pay the same amount of rubles there, after all, there are free DNS hosting! At that moment, I chose FreeDNS . Nic.ru indicated the addresses of DNS servers.
- Now the attacker registers his account on FreeDNS and creates a subdomain for my domain. I later tried to repeat this feint - the domain is created, though it swears, but it is created anyway! And it works as it should. FreeDNS does not check if your domain really belongs.
What to do? So far I have drawn the following conclusions for myself:
- Use a paid DNS registrar.
- Or free, but verifying your domain. For example, Yandex (not advertising!) Requires either to indicate your email in the domain properties, or to put a specific file with certain contents on the hosting.
- I have no idea why the hell someone needed to do a crooked subdomain to the project with 50-60 unique visitors per day. Probably someone botched bot just bypasses everything.
- If I understand correctly, you can go to one of the services that display information on the domain and subdomains, and find out if you were lucky with such “sticks”.
I would be grateful if you can somehow comment on this very stupid situation.
Update In the comments, they explained that this is not a jamb, but a feature, one of the central features of the project. I am ashamed that I missed it.