Phishing site uses subdomain that I never registered

Posted by gotgenes on Server Fault See other posts from Server Fault or by gotgenes
Published on 2012-09-13T21:26:52Z Indexed on 2012/09/13 21:39 UTC
Read the original article Hit count: 236

Filed under:

dns

|

phishing

I recently received the following message from Google Webmaster Tools:

Dear site owner or webmaster of http://gotgenes.com/,

[...]

Below are one or more example URLs on your site which may be part of a phishing attack:

http://repair.gotgenes.com/~elmsa/.your-account.php

[...]

What I don't understand is that I never had a subdomain repair.gotgenes.com, but visiting it in the web browser gives an actual My DNS is FreeDNS, which does not list a repair subdomain. My domain name is registered with GoDaddy, and the nameservers are correctly set to NS1.AFRAID.ORG, NS2.AFRAID.ORG, NS3.AFRAID.ORG, and NS4.AFRAID.ORG.

I have the following questions:

Where is repair.gotgenes.com actually registered?
How was it registered?
What action can I take to have it removed from DNSs?
How can I prevent this from happening in the future?

This is pretty disconcerting; I feel like my domain has been hijacked. Any help would be much appreciated.

© Server Fault or respective owner

Related posts about dns

Master/Slave DNS setup vs. rsync'ed DNS servers

as seen on Server Fault - Search for 'Server Fault'
We currently have primary and secondary DNS servers on our corporate network. They are setup in a master/slave type setup, where the slave gets its DNS information from the master. I'm trying to figure out what the real advantage is for the master/slave setup instead of just setting up an automated… >>> More
Updating Windows DNS records from a remote windows DNS server

as seen on Server Fault - Search for 'Server Fault'
Does anyone know if it is possible for a windows 2003 DNS server to update the records for a domain so that it contains all the records of a domain of of a remotely based DNS server? Im almost certain that doesn't quite explain the problem so I shall illustrate with an example: We have two offices… >>> More
OpenVPN DNS: VPN DNS stomping local VPN

as seen on Super User - Search for 'Super User'
I've finally noodled with OpenVPN enough to get it working. Even better, I can mount samba drives, ping network machines through the TUN device, etc - it's all great. However, I'm noticing that if I have the directive: push "dhcp-option DNS 10.0.1.1" # Push our local DNS to clients Then some of… >>> More
Random DNS Client Issue with BIND9/Windows Server 2003 DNS

as seen on Stack Overflow - Search for 'Stack Overflow'
Within our office, we have a local server running DNS, for internal related "domains", (e.g. .internal, .office, .lan, .vpn, etc.). Randomly, only the hosts configured with those extensions will stop resolving on the Windows-based workstations. Sometimes it'll work for a couple weeks without issue… >>> More
DNS Tools - DNS and Few of its Concerning Terms and Tools

as seen on Article City - Search for 'Article City'
A DNS or Domain Name System lets you locate computers on a network or the Internet TCP/IP network by domain name. The DNS server sustains a database of domain names or host names along with their cor... [Author: Daisy Osbaldo - Computers and Internet - April 02, 2010] >>> More

Related posts about phishing

List of free hosted domains (phishing prevention)

as seen on Stack Overflow - Search for 'Stack Overflow'
Does anyone has a compiled list of free hosting domains? On the website, when user clicks on external link I want them to be redirected to my page that will check if that external link is on free hosting or not. If it is, I want to warn the user, but right now I can't find a list of such domains… >>> More
Phishing Ploy Forces Twitter to Reset Passwords

as seen on Internet.com - Search for 'Internet.com'
The microblogging site has reset some Twitter users' passwords after a phishing attack attempted to steal their login information. >>> More
Phishing Ploy Forces Twitter to Reset Passwords

as seen on Internet.com - Search for 'Internet.com'
The microblogging site has reset some Twitter users' passwords after a phishing attack attempted to steal their login information. >>> More
how do I get rid of the secure nonsecure warning on page with iframe under SSL with phishing filter?

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a page under SSL with an iframe that refreshes itself every 20 seconds through an HTTP refresh prgama. If I browse the site with IE7 and phishing filter enabled I receive secure-nonsecure content warnings in irregular intervals which cease if phishing filter is disabled. Does anybody have an… >>> More
Mac OS X Update 10.6.8 weird phishing behaviour

as seen on Super User - Search for 'Super User'
I just updated to Mac App Store 1.0.2 with the update to 10.6.8. The Mac App Store said I have one update available, for Angry Birds.... I do not have Angry Birds on my system, but when I clicked the update button I got the following message. "You have updates available for other accounts… >>> More