Friday, January 15, 12:48
Home security Hackers love expired domains

Hackers love expired domains

Sometimes website owners do not want to continue to own a domain name and allow it to expire without attempting to renew it.

This happens all the time and is perfectly normal, but it is important to remember that attackers regularly monitor expired domains and may target specific domains that meet certain criteria.


Domain providers can be a great choice

A "vendor domain" is defined as a site used to host and load third-party Javascript resources. This includes and domains used to load some "Javascript sources" for specific WordPress plugins.

For any reason, a vendor may allow its domain registration to expire, which means that it may be available to entry by one intruder (or anyone else).

Attackers usually perform reconnaissance to determine if a domain is valuable to them or not. For example, if an expired domain is used within a plugin to load a Javascript resource, then it's valuable to them.

This script was recently detected with its inactive plugin visual-website-editor and the domain tidioelements [.] Com. The incident was reported by the owner of a website on the Sucuri blog who encountered suspicious activity while using it.

The attacker's strategy is based on the fact that some sites may still have the plugin installed and enabled and continue to load resources from the expired domain.

Once the attacker "takes over" the domain, then he can "take" control by replacing any legitimate Javascript resources with something malicious.

The plugin will not know that the domain has expired or that Javascript resource is now loading from an attacker's server - the only information which has is the URL of Javascript resource, which it tries to include where the plugin is loaded.

This plugin is no longer available in the WordPress repository.

Intruders were able to take advantage of the expired domain to upload arbitrarily content, which underlines its importance information all of software and remove any old plugins that are not actively used in your environment. Another important tip is to use only official and trusted resources sources.



Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.


Classiscam: Fraudsters "fake" brands and deceive users of European markets!

Dozens of criminal gangs publish fake ads in popular online markets, to attract unsuspecting users to "fraudulent" commercial sites or phishing ...

iOS 14.4: Displays a notification for repairs with non-genuine cameras

Starting with the iPhone 11, Apple has added a notification to iOS that tells the user when the device has a ...

Facebook: Sues Chrome extensions developers for data theft

Facebook has filed a lawsuit against two Portuguese nationals for developing Chrome extensions that collected data from Facebook users.

Cisco does not fix 74 bugs in RV routers that have reached their EOL

Cisco said yesterday that it will not release firmware updates to fix 74 vulnerabilities that have been reported in ...

Hacker commits new crimes while waiting for his release!

A Kosovo hacker was pardoned after his conviction. The hacker provided personally identifiable information over 1.000 ...

Nintendo rules out Game & Watch video hacking

Two copyright claims against a YouTuber have been filed by Nintendo, for a video showing hacking of Super Mario ...

The number of reported CVEs increased by 6%!

According to a new analysis released on the level and volume of vulnerabilities in 2020, the total number of CVEs ...

Google: Removed 164 apps that featured out-of-context ads

Google removed 164 Android applications from the official Play Store, after security researchers discovered that the specific apps were bombarding them ...

Britain: Loss of 150.000 police records from a database

Some 150.000 police records have been deleted from its database as a result of a technical problem, according to the British government.