home Domains NameCheap to notify customers of a misconfiguration issue that allowed subdomains creation

NameCheap to notify customers of a misconfiguration issue that allowed subdomains creation

Share

Richard Kirkendall, CEO for the ICANN-accredited registrar, said on Twitter that the company is currently conducting an audit and plans on “contacting any affected customers directly” following the discovery of a misconfiguration issue on its nameservers. He went on to say that NameCheap has implemented a fix and that it’s a “high priority” for the enterprise to inform customers of what happened.

The issue first came to light on 5 February when NameCheap customer Kirk McElhearn received an email from Google warning him that it appeared someone had hacked a few of his subdomains.

A screenshot of the email received by McElhearn from Google. (Source: kirkville.com)

Concerned, McElhearn checked Cpanel to see if anyone had hacked into his account. He didn’t find any new subdomains, including the ones Google told him about in its email.

After changing his password for safe measure, McElhearn contacted NameCheap. The registrar looked into the matter and told McElhearn it had detected a misconfiguration issue on one of its nameservers. Essentially, another customer of NameCheap had abused the weakness to add the sudomains for kirkville.com to their own hosting account.

That’s not all the flaw allowed, however. As McElhearn explains in a blog post:

Even though I have SSL on my website – meaning that it uses https instead of http in its URL – and any incoming traffic to ht​tp://www.kirkville.com is automatically redirected to the https version of the site, the sub-domains were parsed by name servers before they reached my site’s server, so they weren’t redirected.

From those unprotected pages, unauthorized actors could capitalize on the prominence of another customer’s website like McElhearn’s to distribute spam and (Read more…)

This is a Security Bloggers Network syndicated blog post authored by David Bisson. Read the original post at: The State of Security

Source

Share
TAGS:

James Barnley

I’m the editor of the DomainingAfrica. I write about internet and social media, focusing mainly on Domains. As a subscriber to my newsletter, you’ll get a lot of information on Domain Issues, ICANN, new gtld’s, Mobile technology and social media.