Phishing site uses subdomain that I never registered

Posted by gotgenes on Server Fault See other posts from Server Fault or by gotgenes
Published on 2012-09-13T21:26:52Z Indexed on 2012/09/13 21:39 UTC
Read the original article Hit count: 239

Filed under:
|

I recently received the following message from Google Webmaster Tools:

Dear site owner or webmaster of http://gotgenes.com/,

[...]

Below are one or more example URLs on your site which may be part of a phishing attack:

http://repair.gotgenes.com/~elmsa/.your-account.php

[...]

What I don't understand is that I never had a subdomain repair.gotgenes.com, but visiting it in the web browser gives an actual My DNS is FreeDNS, which does not list a repair subdomain. My domain name is registered with GoDaddy, and the nameservers are correctly set to NS1.AFRAID.ORG, NS2.AFRAID.ORG, NS3.AFRAID.ORG, and NS4.AFRAID.ORG.

I have the following questions:

  1. Where is repair.gotgenes.com actually registered?
  2. How was it registered?
  3. What action can I take to have it removed from DNSs?
  4. How can I prevent this from happening in the future?

This is pretty disconcerting; I feel like my domain has been hijacked. Any help would be much appreciated.

© Server Fault or respective owner

Related posts about dns

Related posts about phishing