Protect your website against DNS hijacking
Hackers can intercept the traffic to your website and divert it to other websites by means of DNS hijacking. How does this work, and how can you protect yourself against it?
What is DNS hijacking?
In brief, the DNS data of your domain name are changed through DNS hijacking. As a result, your visitor is no longer sent to the numeric IP address of the server to which your domain name normally refers, but to the IP address that the hacker has entered. The hacker can even request a certificate for the hijacked domain name and install it on the servers to which he redirects the traffic so that it looks legitimate.
In this way, the hacker can view the incoming traffic to your domain, and in so doing intercept e-mails, log-in data and input from users on your applications, by diverting the traffic to a specially created website which is a perfect imitation of your website. This can lead to serious damage being caused in websites of financial institutions, webshops, and so much more.
Recent cases point to the seriousness of the situation
Such DNS hijacking can take place on a small scale – an individual change made to the settings in the control panel of your host provider or domain administrator. But in recent weeks, such hijacking has occurred on a large scale. DNS settings of organisations were (temporarily) changed in various countries. ICANN and various security firms such as FireEye had already issued warnings before this large-scale attack.
The attacks themselves were directed against organisations and companies in various countries, including Lebanon, the United Arab Emirates, but also American governmental institutions. It is not yet known which data have been stolen.
How can you protect yourself against DNS hijacking?
As registrant , owner of a website, system administrator or hosting company, it is important for you to try and prevent unauthorised changes of DNS data.