see this is why I own like 30 domains and do not get rid of them ;)
The excuse that, somewhere there is a hacker group, who has a list of all social media accounts from various leaks aggregated, realises that my domain expires and executes automatic hacking attempts against my accounts, is now my new favourite bedtime story to scare kids ;)
But really what would the alternative be? Sell them only to people "I trust"? That can't be healthy.
I guess the only right thing to do here is to extend your domain, host a page which clearly states "this page will be unavailable in the future" and when google traffic has dropped to 0, lets say a year later you can set it free?
as for account claiming with expired domains: there are so many reason why that account should have a new email by then or be closed entirely.
Companies should really stop collecting domains as Pokémon-cards. Not only are abandoned domains risking to be hijacked, either by the fact that the whole domain expires or that you have records pointing at servers no longer in your control. But also you are teaching your customers to click on phishing-links, because apparently the e-mails you send out to customers contain a new domain every time.
Also, a general tip is to treat all domains and subdomains as information assets within your ISMS. Meaning they should have an explicitly assigned responsible owner within the organization.
> But also you are teaching your customers to click on phishing-links, because apparently the e-mails you send out to customers contain a new domain every time.
I've noticed government departments have become bad for this in Canada. It's crazy. Who runs these sites?
A long time ago everything used to be split provincially and you could register private domains under the `.on.ca` namespace [1], so there's not a guarantee a `.on.ca` site is a government website AFAIK.
I don't understand the aversion to subdomains. Assuming the government owns `canada.ca`, I'd rather see things like:
ehealth.on.canada.ca
ehealth.bc.canada.ca
That makes it easier to determine if a website is government run or not by looking at the URL.
Also, all the government websites use super expensive OV TLS certificates. I don't get that either.
This was a very popular concept in the early days of public DNS, and standardized to a degree in RFC 1480. E.g. in the US there were extensive "designated structures" under the .us ccTLD. For example, Portland's Franklin High School had been franklin.pps.k12.or.us, but now it's pps.net/franklin. Less common were the designated structure for state governments and agencies---it has always been newmexico.gov, not state.nm.us as Postel had once dictated, but more annoyingly santafecountynm.gov rather than co.santafe.nm.us (it is unclear, bureaucratically, how exactly this would interact with ci.santafe.nm.us which is also designated).
Ultimately everyone hated those k12.<state>.us domains though. I've heard many people describe them as annoying, ugly, old fashioned, etc. The simple reality is that the massive dominance of the .com gTLD basically established second-level domains as a prestige point if not a basic requirement for a modern website. This is the same effect that lead to a police department using the wonderfully '90s domain name "apdonline.com". You know a website's good when it tells you it's on the internet, in the name.
The situation would perhaps be different if the federal government had ever made any serious moves towards using the proposed .fed.us instead of .gov. And perhaps also if "bare" second-level names had been less problematic and not lead to universal use of www, which lead many consumers to view "www" as some sort of universal prefix like http:// and not as an actual particle of the name which could adopt other values. A common practical problem with subdomains today is a tendency of users to stick www. on the beginning, even if it's a third or lower level name, which people with a deeper understanding of the system usually don't expect or account for. Both of these factors sort of discouraged any real understanding of DNS as hierarchical.
But as is, consumers seem to strongly associate third-level and lower domain names as being some combination of sketchy and inconvenient.
Probably part of it too is that as much as John Postel loved the two-letter abbreviations, I don't think anyone else really did... "ci" instead of "city" does not really seem like that worthwhile of an economy.
One time I created a virtual machine on some cloud platform and after checking the traffic logs, found out that Coke had some random disused subdomain pointing to my new IP that was still getting traffic daily.
Does anyone here have an idea of how common this kind of mistake is? Would it be a viable strategy for an attacker to just iterate through VMs on a common service like AWS until one happens to get traffic on an interesting domain?
I and many other bug bounty researchers have tools that allocate AWS elastic IPs on a loop, looking for domains that point to them. (You don't get to pick what IP you get, so you just have to pray for a good one!) It is a very profitable way to find vulnerabilities, but AWS detects and bans researchers for this activity.
It's very, very easy to find random domains pointing to AWS IPs, although harder to find ones where the company has a bug bounty program. :)
An interesting one. Before I went (unexpectedly) to jail, I ran a successful mortgage web site.
While I was in jail the domain lapsed. I browsed to the domain the other day to see who bought it (I'd been offered $80K for it just before I got locked up) and was shocked to find the site exactly as I'd left it.
Whoever bought the domain also fished the whole site out of archive.org and carefully reconstructed it, leaving only one small error in the HTML.
I haven't been able to trace them so far. Emails to the domain go unanswered and the WHOIS is obfuscated. It's not even clear what their plan is with the domain, other than to hold the existing PageRank since they didn't monetize it and left all my contact info on it. They didn't even install their own outbound links to try to divert some of the PageRank away.
One of the details of iSCSI is that the iSCSI Qualified Name (IQN) has date stamp. So if you own the domain example.com, in your connection string you would have:
* "iqn"
* date (yyyy-mm) that the naming authority took ownership of the domain
* reversed domain name of the authority, e.g., "com.example"
A while ago a major country health system (think millions of folks)
REQUIRED that every provider install this horrendous java system which only worked with IE, and only an OLD version of Java. This "electronic health record" system was beyond frustrating to use. Getting an account setup took weeks. You had a VPN to connect with (SSL) which had to be (slowly) provisioned for the user, then had to get user credentials. Think passwords that expire every 30 days with insane complexity.
BUT! - The app default loaded an expired .org domain in internet explorer (I think it was intended for announcements).
So two things were true:
Because of system requirements the computers were running OLD windows and OLD java (we all hated the java upgrade nag). So huge security holes that had to be left unpatched! We had to have special machines for this craptastic stuff.
AND they default loaded a website that anyone could have registered!
After a frustrating day dealing with this expensive stupidity, I was tempted to register the domain with a message that said - this system is a waste of money. :)
I buy expired domains legitimately for my business. I get email reminders about dental appointments and restaurant reservations and attempts to login to the associated Facebook accounts even a year later
23 comments
[ 3.3 ms ] story [ 57.3 ms ] threadThe excuse that, somewhere there is a hacker group, who has a list of all social media accounts from various leaks aggregated, realises that my domain expires and executes automatic hacking attempts against my accounts, is now my new favourite bedtime story to scare kids ;)
But really what would the alternative be? Sell them only to people "I trust"? That can't be healthy.
I guess the only right thing to do here is to extend your domain, host a page which clearly states "this page will be unavailable in the future" and when google traffic has dropped to 0, lets say a year later you can set it free?
as for account claiming with expired domains: there are so many reason why that account should have a new email by then or be closed entirely.
Also, a general tip is to treat all domains and subdomains as information assets within your ISMS. Meaning they should have an explicitly assigned responsible owner within the organization.
I've noticed government departments have become bad for this in Canada. It's crazy. Who runs these sites?
A long time ago everything used to be split provincially and you could register private domains under the `.on.ca` namespace [1], so there's not a guarantee a `.on.ca` site is a government website AFAIK.I don't understand the aversion to subdomains. Assuming the government owns `canada.ca`, I'd rather see things like:
That makes it easier to determine if a website is government run or not by looking at the URL.Also, all the government websites use super expensive OV TLS certificates. I don't get that either.
1. https://en.wikipedia.org/wiki/.ca#Third-level_(provincial)_a...
Ultimately everyone hated those k12.<state>.us domains though. I've heard many people describe them as annoying, ugly, old fashioned, etc. The simple reality is that the massive dominance of the .com gTLD basically established second-level domains as a prestige point if not a basic requirement for a modern website. This is the same effect that lead to a police department using the wonderfully '90s domain name "apdonline.com". You know a website's good when it tells you it's on the internet, in the name.
The situation would perhaps be different if the federal government had ever made any serious moves towards using the proposed .fed.us instead of .gov. And perhaps also if "bare" second-level names had been less problematic and not lead to universal use of www, which lead many consumers to view "www" as some sort of universal prefix like http:// and not as an actual particle of the name which could adopt other values. A common practical problem with subdomains today is a tendency of users to stick www. on the beginning, even if it's a third or lower level name, which people with a deeper understanding of the system usually don't expect or account for. Both of these factors sort of discouraged any real understanding of DNS as hierarchical.
But as is, consumers seem to strongly associate third-level and lower domain names as being some combination of sketchy and inconvenient.
Probably part of it too is that as much as John Postel loved the two-letter abbreviations, I don't think anyone else really did... "ci" instead of "city" does not really seem like that worthwhile of an economy.
Does anyone here have an idea of how common this kind of mistake is? Would it be a viable strategy for an attacker to just iterate through VMs on a common service like AWS until one happens to get traffic on an interesting domain?
[0] https://news.ycombinator.com/item?id=28351432
It's very, very easy to find random domains pointing to AWS IPs, although harder to find ones where the company has a bug bounty program. :)
I can log in to the previous owner's TikTok account with just his number.
I signed up for a food delivery service two days ago and it autofilled all the details with his full name and address for me.
How many other sites let you log in with just a phone number? Asking for a friend...
We considered it when I worked for an e-commerce site years ago. We opted not to because of the privacy issues.
Well not logging in, but auto-filling the address.
While I was in jail the domain lapsed. I browsed to the domain the other day to see who bought it (I'd been offered $80K for it just before I got locked up) and was shocked to find the site exactly as I'd left it.
Whoever bought the domain also fished the whole site out of archive.org and carefully reconstructed it, leaving only one small error in the HTML.
* "iqn"
* date (yyyy-mm) that the naming authority took ownership of the domain
* reversed domain name of the authority, e.g., "com.example"
See:
* https://en.wikipedia.org/wiki/ISCSI#Addressing
* https://datatracker.ietf.org/doc/html/rfc3720#section-3.2.6....
This way if the 'naming authority' (example.com) changes hands, the old connection handle is invalidated.
BUT! - The app default loaded an expired .org domain in internet explorer (I think it was intended for announcements).
So two things were true:
Because of system requirements the computers were running OLD windows and OLD java (we all hated the java upgrade nag). So huge security holes that had to be left unpatched! We had to have special machines for this craptastic stuff.
AND they default loaded a website that anyone could have registered!
After a frustrating day dealing with this expensive stupidity, I was tempted to register the domain with a message that said - this system is a waste of money. :)