Are You at Risk? DNS Hijacking Explained

How to protect your domains by Sam Bocetta

Imagine checking your metrics only to find that your click-through rates are not in line with your traffic. If your website is monetized, those ads are your bread and butter. Is it possible that you're losing traffic to a hijacking exploit?

 

Website owners work hard to attract visitors and provide them with quality content. Most of us also strive to establish partnerships with quality advertisers. When hackers sneak in through weak or undefended access points, they can insert code that steals anything from traffic to passwords to identities.

 

Of all the possible exploits and hacks, DNS hijacking is still one of the most prevalent. What's more, your traffic can be redirected for months without your knowledge.

 

How much of your money and reputation are you losing in the meantime?

 

Fortunately, this type of cyber crime is preventable once you know how it happens and what you can do to protect your domain.

What is DNS Hijacking?

 

As of right now, there are more than 1.7 billion domains on the internet and growing. The only logical way for computer users to find the websites they're looking for is through indexing on a DNS server. The server tracks all registered domains in existence and converts them to machine-readable IP addresses whenever someone types the domain into a URL bar.

At the most basic, hijacking involves inserting code through the DNS server that changes an IP address in order to take the user to another website or page. Instead of going to your paid advertisers or product pages, a cyber criminal will take your traffic to their own. This is a basic redirect.

 

Your visitors won't know they've been hijacked, and neither will you until you finally notice that your numbers don't add up. In a worst-case scenario, hijacking will allow the hacker to steal data outright or launch a phishing expedition that tricks the target into giving them information freely. Governments, schools, and employers can also use the same tactics to bar users from accessing certain websites.

How do hackers get in to change the code?

One way is through malware, either introduced into a system through a malicious link or a download sent via email or another messaging system. Another common mode of entry is to find a vulnerability in your router or at any point between your network and connected devices. One of the more common vulnerabilities is through cracking your password, but they can also access your device when you connect to a public or unsecured network.

The most common types of DNS hijacks are:

 

Router hijacking: Hackers gain access through default passwords or outdated firmware.

Local DNS hijacking: Introducing trojans that alter the local DNS settings.
 
Rogue DNS server exploits: An attack directly on the DNS server that alters the record to orchestrate a redirect.

Man-in-the-Middle (MitM) attacks: Attacks that intercept the session between the user and DNS server and changes the destination IP address

 

What You Can Do to Protect Your Domain?

 

If you're concerned, you can find out if you're leaking data by conducting a DNS leak test. Prevention is a matter of taking necessary precautions.

 

1.    Never use a default password. As soon as you get a new router or device, change the password to something unique and hard to guess. You can also use a password manager.

2.    Make sure that your firewalls, anti-malware software, and firmware are kept up to date.

3.    Install a VPN. Virtual private networks encrypt web traffic and mask your IP address. You should have one installed on your router and on any mobile devices you use outside of the home or office.

4.    Monitor your traffic for unusual activity.

Buy Clean Domains


Whether you're registering a custom domain or buying one, it's important that you choose a good registrar. Old domains may have been attached to trouble makers or black hat practices. You can check the history with a simple domain lookup here.

Final Thoughts


If you didn’t before, hopefully you now have a better understanding of how DNS hijacking works and ways to investigate if it might be happening to you. Keeping tabs on this problem is part of the process of securing a new website and maintaining your domain name and IP address in clean and hacker-free condition. This earns the trust of your website visitors and, at least as importantly, keeps you in good stead with Google.

 
Sam Bocetta is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyberwarfare, cyberdefense, and cryptography.,