Join 1M+ other developers and:
- Get help and share knowledge in Q&A
- Subscribe to topics of interest
- Get courses & tools that help you grow as a developer or small business owner
What is up with DigitalOcean and Domain take-overs?
I would like to understand what happened to DO. I been using DO since it’s very early days. But as of late I noticed some of my domains that are unused but point to DO NS are getting hijacked. I never had problems with Domains being added to some 3rd party DO accounts.
So I had 3 domains that where added to someone else’s account. This is beyond annoying, since I find it silly that DO does not force you to add a TXT record before hand this in part would stop the Domain Hijacking.
Majority of providers require a basic TXT verification to be appended to DNS records for validation of (Hey, I own this Domain). Instead if you have idle Domains sitting around and did not point DNS back to Domain register then your domain can be added and used on DO without your knowledge (not cool).
I also have this odd feeling that DO, does not actually go and suspend this account. Since in logical though process a normal non malicious person would not:
- Register DO account;
- Pay for Server;
- Use others Domains;
This can only mean that the said person is acting in an ill matter most likely for scam, spam or phishing vectors.
Noting that DNS lookup showcased two IP’s (meanwhile I had no Droplets operating at the time). And this two IP’s where pointing to each of the Domains that were Hijacked.
Not to mention one domain that has absolutely “zero” to do with Insurance was pointing to some sort of “Automotive Insurance” landing page asking people to register for $66/mon. So in part my domains are being attached to some random scammy fake site (not cool).
The secondary Hijacked domain points to some European or something Fishing website. Again, both of this domains even with NS pointing to DO should not load up as they point to nothing.
But we have scammy folks on DO who find this domains be it via some sort of tool or something, and add them to DO DNS panel. Thus using them (again not cool).
So yeah. Why isn’t there TXT pre-verification? And do this folks get there accounts banned? For misusing someone else’s domain. That clearly can’t be legal as per DO TOS.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.×