HomesecurityHackers love expired domains

Hackers love expired domains

Sometimes website owners do not want to continue to own a domain name and allow it to expire without attempting to renew it.

This happens all the time and is perfectly normal, but it is important to remember that attackers regularly monitor expired domains and may target specific domains that meet certain criteria.


Domain providers can be a great choice

A "vendor domain" is defined as a site used to host and load third-party Javascript resources. This includes and domains used to load some "Javascript sources" for specific WordPress plugins.

For any reason, a vendor may allow its domain registration to expire, which means that it may be available to entry by one intruder (or anyone else).

Attackers usually perform reconnaissance to determine if a domain is valuable to them or not. For example, if an expired domain is used within a plugin to load a Javascript resource, then it's valuable to them.

This script was recently detected with its inactive plugin visual-website-editor and the domain tidioelements [.] Com. The incident was reported by the owner of a website on the Sucuri blog who encountered suspicious activity while using it.

The attacker's strategy is based on the fact that some sites may still have the plugin installed and enabled and continue to load resources from the expired domain.

Once the attacker "takes over" the domain, then he can "take" control by replacing any legitimate Javascript resources with something malicious.

The plugin will not know that the domain has expired or that Javascript resource is now loading from an attacker's server - the only information which has is the URL of Javascript resource, which it tries to include where the plugin is loaded.

This plugin is no longer available in the WordPress repository.

Intruders were able to take advantage of the expired domain to upload arbitrarily content, which underlines its importance information all of software and remove any old plugins that are not actively used in your environment. Another important tip is to use only official and trusted resources sources.



Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.