## page was renamed from DNS/hijacking/thehackerblog/Floating Domains == thehackerblog/Floating Domains == <> 最後まで読むことを勧める。-- ToshinoriMaeno <> https://thehackerblog.com/floating-domains-taking-over-20k-digitalocean-domains-via-a-lax-domain-import-system/index.html Domain hosting services - can you take over "floating" domains? (2016) https://www.peerlyst.com/posts/domain-hosting-services-can-you-take-over-floating-domains-karl-m-1 https://0xpatrik.com/subdomain-takeover-ns/ == DNS ホスティングにおける問題点 == 任意のドメイン(注ゾーン)を登録することができる。 (ドメイン名の権利確認をしないものがほとんど) {{{ No pesky domain validation to impede your ability to add any arbitrary domain to your account, no need to recall who is on your domain’s WHOIS, and no need to set your domain to specific nameservers as is needed with systems such as Cloudflare. }}} {{{ In fact all you have to do is the following: “Within the Networking section, click on Add Domain, and fill in the the domain name field and IP address of the server you want to connect it to on the subsequent page.” }}} ドメインとゾーンとが区別できていないが、より正確にはゾーンという場面だ。-- ToshinoriMaeno <> == もし委譲を残したままだったら == 同じNSが割り当てられるまで、登録を繰り返す。(route53は手間だが) domaincontrol, googledomains 辺だと、 名前の数が多くはない。 JPは名前固定のものが多いから、恐ろしい。-- ToshinoriMaeno <> == The Route53 == Set Up Process 簡単な解説 {{{ So, if I deleted my domain and you wanted to take it over, you’d have to keep trying until you get the same nameserver set as above in order to do so. }}} == DigtalOceanでは == {{{ Returning to DigitalOcean, the answer to the question “what happens when I delete my domain from DigitalOcean but forget to change the nameservers?” becomes clear. If you delete the domain from your account anyone can immediately re-add it to their own account without any verification of ownership and take it over. }}} == com/net zone files == To start we’ll acquire the zone files for the .com and .net TLDs because they are easily acquirable from Verisign for research purposes. == The Sinkholed Traffic == Most from search engines the rest are legitimate users navigating to the now redirected websites !!! == my DigitalOcean account had been locked. == こうなった。 I’m stuck receiving thousands of requests a minute from various sites.