Phishing site uses subdomain that I never registered
Posted
by
gotgenes
on Server Fault
See other posts from Server Fault
or by gotgenes
Published on 2012-09-13T21:26:52Z
Indexed on
2012/09/13
21:39 UTC
Read the original article
Hit count: 239
I recently received the following message from Google Webmaster Tools:
Dear site owner or webmaster of http://gotgenes.com/,
[...]
Below are one or more example URLs on your site which may be part of a phishing attack:
http://repair.gotgenes.com/~elmsa/.your-account.php
[...]
What I don't understand is that I never had a subdomain repair.gotgenes.com, but visiting it in the web browser gives an actual My DNS is FreeDNS, which does not list a repair subdomain. My domain name is registered with GoDaddy, and the nameservers are correctly set to NS1.AFRAID.ORG, NS2.AFRAID.ORG, NS3.AFRAID.ORG, and NS4.AFRAID.ORG.
I have the following questions:
- Where is repair.gotgenes.com actually registered?
- How was it registered?
- What action can I take to have it removed from DNSs?
- How can I prevent this from happening in the future?
This is pretty disconcerting; I feel like my domain has been hijacked. Any help would be much appreciated.
© Server Fault or respective owner