Question

What is up with DigitalOcean and Domain take-overs?

Howdy folks.

I would like to understand what happened to DO. I been using DO since it’s very early days. But as of late I noticed some of my domains that are unused but point to DO NS are getting hijacked. I never had problems with Domains being added to some 3rd party DO accounts.

So I had 3 domains that where added to someone else’s account. This is beyond annoying, since I find it silly that DO does not force you to add a TXT record before hand this in part would stop the Domain Hijacking.

Majority of providers require a basic TXT verification to be appended to DNS records for validation of (Hey, I own this Domain). Instead if you have idle Domains sitting around and did not point DNS back to Domain register then your domain can be added and used on DO without your knowledge (not cool).

I also have this odd feeling that DO, does not actually go and suspend this account. Since in logical though process a normal non malicious person would not:

  1. Register DO account;
  2. Pay for Server;
  3. Use others Domains;

This can only mean that the said person is acting in an ill matter most likely for scam, spam or phishing vectors.

Noting that DNS lookup showcased two IP’s (meanwhile I had no Droplets operating at the time). And this two IP’s where pointing to each of the Domains that were Hijacked.

Not to mention one domain that has absolutely “zero” to do with Insurance was pointing to some sort of “Automotive Insurance” landing page asking people to register for $66/mon. So in part my domains are being attached to some random scammy fake site (not cool).

The secondary Hijacked domain points to some European or something Fishing website. Again, both of this domains even with NS pointing to DO should not load up as they point to nothing.

But we have scammy folks on DO who find this domains be it via some sort of tool or something, and add them to DO DNS panel. Thus using them (again not cool).

So yeah. Why isn’t there TXT pre-verification? And do this folks get there accounts banned? For misusing someone else’s domain. That clearly can’t be legal as per DO TOS.


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Hey @tpMantaRay,

Indeed this sounds like a great idea, sounds like it’d be super useful!

The best thing to do to get your voice heard regarding this would be to head over to our Product Ideas board and post a new idea, including as much information as possible for what you’d like to see implemented.

https://ideas.digitalocean.com/

For this situation, if you open a support ticket the DigitalOcean support team would be able to directly assist you with the situation:

https://www.digitalocean.com/support/

On another note, what I would personally do is to always set the name servers of my domain names to a DNS zone that I control. That way even if people add the domain to any DNS provider, it would not really have any effect.

For example in your case, you could add those domain names to your DigitalOcean account, that way other people would not have the chance to do so. Or rather than setting the nameservers of your domain to point to a DNS zone that you don’t control, you could change the name servers of those domains to a zone that you actually have control over.

Also as a side note, as the name servers of your domain name had already been set to DigitalOcean, once the attackers add the domain to their account, they would be able to add any DNS records, meaning that if they were asked to add a verification record, they would be able to do so as that would have been the active DNS zone.

Generally speaking, the best way to protect yourself against such attacks is to make sure that you actually control your domain name’s DNS zone before changing the nameservers of it.

Best, - Bobby.