Differences between revisions 12 and 13
Revision 12 as of 2022-05-16 23:42:08
Size: 4961
Comment:
Revision 13 as of 2022-05-22 09:46:11
Size: 5321
Comment:
Deletions are marked like this. Additions are marked like this.
Line 6: Line 6:

https://twitter.com/CryptoE95991110/status/1527406720070344705?s=20&t=A6ppQUtKiwsgC-o8MkaMrA


QuickSwap’s GoDaddy Domain Hijack: How it Happened & Our Proposal to Restore the Community
May 19, 2022 by QuickSwap Official
https://cryptoexchangenews.net/2022/05/quickswaps-godaddy-domain-hijack-how-it-happened-our-proposal-to-restore-the-community/

1. DNS/Domain hijacking/Godaddy

1.1. 2022

/QuillAudits

https://twitter.com/CryptoE95991110/status/1527406720070344705?s=20&t=A6ppQUtKiwsgC-o8MkaMrA

QuickSwap’s GoDaddy Domain Hijack: How it Happened & Our Proposal to Restore the Community May 19, 2022 by QuickSwap Official https://cryptoexchangenews.net/2022/05/quickswaps-godaddy-domain-hijack-how-it-happened-our-proposal-to-restore-the-community/

https://twitter.com/QuillAudits/status/1526116255757139968?s=20&t=ibneKTbF6IFYVnNueNxzpA

GoDaddy (DNSサービス)でも乗取が起きているそうだ。 そうだろう。ドメイン名の権利を確認しているようにも見えないから。

Scammers hijacked GoDaddy domains to apply bomb threat spam and other attacks Updated at March 18, 2021 https://gatefy.com/blog/scammers-hijacked-godaddy-domains-apply-spam/

https://blog.knowbe4.com/scammers-still-exploit-hijacked-godaddy-domains

1.2. 2020

https://twitter.com/briankrebs/status/1330214272111173634?s=20

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Central European Time (CET), cyptocurrency mining service NiceHash disccovered that some of the settings for its domain registration records at GoDaddy were changed without authorization

In response to questions from KrebsOnSecurity, GoDaddy acknowledged that “a small number” of customer domain names had been modified after a “limited” number of GoDaddy employees fell for a social engineering scam.


https://jp.cointelegraph.com/news/liquid-by-quoine-may-have-a-personal-data-breach

11月13日午前5時58分ごろに、同社が利用するドメインホスティングプロバイダーであるGoDaddyのアカウント・ドメインの登録情報が第三者によって変更されたことを確認。外部からシステム・インフラの一部に不正アクセスできるようになった。

11月14日午前1時39分頃に「GoDaddy」により必要な再設定とQuoine側への復旧が確認された。

GoDaddy利用ドメインが乗取られていることをSpamhausが報告している。

  • ただし、手口の説明はされていない。-- ToshinoriMaeno 2020-05-06 08:57:43

https://twitter.com/SpamhausTech/status/1257658577810046976?s=20

https://www.youtube.com/watch?v=AHlhLx85PRc&feature=youtu.be&utm_content=128329880&utm_medium=social&utm_source=twitter&hss_channel=tw-719587158164692992

The Current State of Domain Hijacking, and a specific look at the ongoing issues at GoDaddy

2020-04-17 12:04:54 UTC | by Spamhaus Team | Category: domains, dbl, domain hijacking, godaddy

https://www.spamhaus.org/news/article/797/the-current-state-of-domain-hijacking-and-a-specific-look-at-the-ongoing-issues-at-godaddy

No useful explanation has been provided to them by GoDaddy.

---> What is going on over at GoDaddy? Published on February 12, 2020

https://www.linkedin.com/pulse/what-going-over-godaddy-simon-forster/

One of our researchers has reported over 5,000 hijacked domains to GoDaddy and 
there seems to be no end in sight. Another 700 today.

/GoDaddyの返答

Scammers Still Exploit Hijacked GoDaddy Domains

https://blog.knowbe4.com/scammers-still-exploit-hijacked-godaddy-domains

DNS/orphaned_internet /Krebs

1.3. 2019

Beware of "orphan" domains

https://arstechnica.com/information-technology/2019/01/godaddy-weakness-let-bomb-threat-scammers-hijack-thousands-of-big-name-domains/

Crooks Continue to Exploit GoDaddy Hole https://krebsonsecurity.com/2019/02/crooks-continue-to-exploit-godaddy-hole/


1.4. 歴史

GoDaddy Vulnerability Allows Domain Hijacking January 21, 2015Swati Khandelwal

https://thehackernews.com/2015/01/godaddy-vulnerability-allows-domain_20.html

  • Cross-Site Request Forgery (CSRF or XSRF) vulnerability


GoDaddy takes down 15,000 subdomains used for online scams https://www.zdnet.com/article/godaddy-takes-down-15000-subdomains-used-for-online-scams/

GoDaddy wasn't the party who discovered this massive network of shady domains, but Palo Alto Networks security researcher Jeff White.

Scammers hacked into GoDaddy accounts

Once they gained access to GoDaddy accounts, the operators of this scam would create a subdomain for the customers' legitimate sites, which they'd later use to host one of the shady product promo pages and lure users with email spam campaigns.

アカウントを盗んだという説は怪しい。-- ToshinoriMaeno 2019-10-07 00:25:18

1.5. ヘルプ

https://www.godaddy.com/help/what-is-dns-665

https://jp.godaddy.com/help/dns-20165

  • おかしな日本語訳?が表示されるので、英語版をみるのがよい。

https://www.godaddy.com/help/dns-20165

https://www.godaddy.com/help/manage-dns-zone-files-680

Moin2Qmail: DNS/Domain hijacking/Godaddy (last edited 2022-05-22 09:46:11 by ToshinoriMaeno)