Have you ever had a customer call you to ask what the heck happened to your website? Or have you ever visited a site you go to all the time, only to get an unexpected malware warning from your browser?
DNS hijacking is a growing problem, and it can both ruin a company’s business reputation and cause them to experience major losses from a data breach.
When looking at any type of managed network security, you also have to consider the importance of your business website. It’s typically the first place a potential customer will go to find out more about your products and services and whether or not they want to do business with you.
85% of consumers research online first before making a purchase.
When a website is hijacked, it not only takes your online storefront offline, it does something much worse. It can turn your previously trusted domain into a spam site that can inject malware onto the devices that visit it.
What is DNS Hijacking?
A DNS (Domain Name System) is the framework by which the IP address of a server hosting a website, is matched to the WWW domain name of the website. For example, your IP address may be 000.22.222.1, but that’s not easy for anyone to remember, so instead you use a domain name of www.mycompany.com.
Users can type the easy-to-remember domain name into a browser, and the DNS matches that to your website’s IP address so users can see your webpages.
What happens with DNS hijacking (also called DNS redirection) is that the matching capability is taken over. So, when people type in a domain, instead of going to the correct IP address and website they end up at the hacker’s server instead, which is hosting a malicious website.
Some of the things that these malicious sites can do are:
- Inject malware on the user’s computer
- Take over routers
- Intercept or hack DNS communication
DNS hijacking can be done for entire websites and also locally on a user’s computer.
Types of DNS Hijacking
There are a few ways that a hacker can take over your website using DNS hijacking. Understanding how this is done is vital to knowing how to defend against it.
- A site’s DNS Records are Redirected: If you don’t have proper security on the account where you purchased your domain, this can be compromised by a hacker. The hacker then logs in as you and resets the resolving IP address for your domain name.
- Poisoning the DNS Cache: Many websites use caching to serve up faster loading pages to repeat visitors. One way that hackers can hijack a site is by “poisoning” the DNS cache by inserting a forged entry with their alternate IP address.
- Computer-based DNS Redirection: A user can have their local DNS hijacked through trojan malware. What this does is then redirect the user to malicious sites when they try to visit legitimate ones.
- Router-based DNS Redirection: Similar to the device redirection, a router DNS redirection involves a hacker overwriting device DNS settings. This then impacts all users connecting through that router and can send them to malicious sites.
How to Mitigate DNS Hijacking
For website owners wanting to avoid having their site redirected through DNS hijacking, here are some of the protective steps you can take.
Safeguard Your Domain Registrar Account
Whether you use GoDaddy or another company to purchase and register your domain name, you need to ensure that login is secure.
Use a strong password and multi-factor authentication (MFA) to keep your login secure from a breach.
Lock Your Settings
Some domain registrars allow you to lock your domain settings so no one can change them. This is an additional excellent safeguard to use.
What happens is that you lock in the IP address your domain points to and no one else can then change it to redirect to a different address.
Protect Your Hosting Server
If you are hosting your website on your own server or using a 3rd party web host, make sure you have rock-solid protection. This includes:
- Limiting those with administrative access that can log into your server
- Using MFA for server logins
- Keeping all plugins, themes, and software patched in a timely manner
- Using a randomizer to prevent cache poisoning
- Ensuring you don’t have insecure FTP settings
Protections for User Devices
To keep your computer or router from having DNS hijacking done at a local level, it’s important to keep the same types of safeguards in place that are standard to protecting against ransomware, viruses, and other forms of malware.
These protections include:
- Having a reliable antivirus/anti-malware
- Using DNS filtering to block malicious sites
- Keeping devices updated and patched
- Ensuring you have a strong router password
Do Your Network & Website Have the Protections They Need?
The professionals at Neuron Computers can help your San Fernando Valley area business with a wide range of security protections for your network and website to keep your business more secure.
Contact us today to schedule a free consultation. Call 1-833-4-NEURON or reach us online.