Phishing site uses subdomain that I never registered

Solution 1:

Sigh. I've had a few clients fall trap to this by using afraid.org as their DNS provider. Because they're free, they allow anyone who wants to to create subdomains off your primary domain, unless you specifically disallow it.

You can see here: https://freedns.afraid.org/domain/registry/?sort=5&q=gotgenes&submit=SEARCH that someone has created 79 subdomains off your primary domain.

Never. ever. ever. ever. use afraid.org for a website you care about.

Solution 2:

If you want the domain to be for your use only, you need to configure it as such: http://freedns.afraid.org/queue/explanation.php

FreeDNS is, as others have mentioned, primarily a service for registering a hostname in one of a large selection of available domains; by adding a domain on FreeDNS you are, by default, adding to the set of domains available for anyone to use.

Solution 3:

com.            172800  IN  NS  e.gtld-servers.net.
com.            172800  IN  NS  l.gtld-servers.net.
com.            172800  IN  NS  c.gtld-servers.net.
com.            172800  IN  NS  a.gtld-servers.net.
com.            172800  IN  NS  i.gtld-servers.net.
com.            172800  IN  NS  m.gtld-servers.net.
com.            172800  IN  NS  b.gtld-servers.net.
com.            172800  IN  NS  f.gtld-servers.net.
com.            172800  IN  NS  j.gtld-servers.net.
com.            172800  IN  NS  d.gtld-servers.net.
com.            172800  IN  NS  g.gtld-servers.net.
com.            172800  IN  NS  h.gtld-servers.net.
com.            172800  IN  NS  k.gtld-servers.net.
;; Received 509 bytes from 192.36.148.17#53(192.36.148.17) in 551 ms

gotgenes.com.       172800  IN  NS  ns1.afraid.org.
gotgenes.com.       172800  IN  NS  ns2.afraid.org.
gotgenes.com.       172800  IN  NS  ns3.afraid.org.
gotgenes.com.       172800  IN  NS  ns4.afraid.org.
;; Received 119 bytes from 2001:503:a83e::2:30#53(2001:503:a83e::2:30) in 395 ms

repair.gotgenes.com.    3600    IN  A   209.217.234.183
gotgenes.com.       3600    IN  NS  ns4.afraid.org.
gotgenes.com.       3600    IN  NS  ns1.afraid.org.
gotgenes.com.       3600    IN  NS  ns3.afraid.org.
gotgenes.com.       3600    IN  NS  ns2.afraid.org.
;; Received 227 bytes from 174.37.196.55#53(174.37.196.55) in 111 ms

I get the response from nsX.afraid.org - the same nameservers that are listed for your domain.

So I'd say that either

  • Your DNS account was hacked
  • You created a record you do not remember
  • An employee with your DNS host is corrupt
  • Your DNS host got hacked and records are created without you being able to see them.

Solution 4:

By default your domain is set to be shared. That way anyone can add a subdomain of your domain. You can change it in the domains panel and click on the value next to "Shared:" and that should change it from Public > Private. If it doesn't it probably got hacked or something.

Tags:

Phishing

Domain Name System

Recent Posts