DOMAIN HIJACKING

In this post I will tell you about how the domain names are hacked and how they can be protected. The act of hacking domain names is commonly known as Domain Hijacking. For most of you, the term “domain hijacking” may seem to be like an alien. So let me first tell you what domain hijacking is all about.
Domain hijacking is a process by which Internet Domain Names are stolen from it’s legitimate owners. Domain hijacking is also known as domain theft. Before we can proceed to know how to hijack domain names, it is necessary to understand how the domain names operate and how they get associated with a particular web server (website).
The operation of domain name is as follows
Any website say for example gohacking.com consists of two parts. The domain name (gohacking.com) and the web hosting server where the files of the website are actually hosted. In reality, the domain name and the web hosting server (web server) are two different parts and hence they must be integrated before a website can operate successfully. The integration of domain name with the web hosting server is done as follows.
1. After registering a new domain name, we get a control panel where in we can have a full control of the domain.
2. From this domain control panel, we point our domain name to the web server where the website’s files are actually hosted.
For a clear understanding let me take up a small example.
John registers a new domain “abc.com” from an X domain registration company. He also purchases a hosting plan from Y hosting company. He uploads all of his files (.html, .php, javascripts etc.) to his web server (at Y). From the domain control panel (of X) he configures his domain name “abc.com” to point to his web server (of Y). Now whenever an Internet user types “abc.com”, the domain name “abc.com” is resolved to the target web server and the web page is displayed. This is how a website actually works.
What happens when a domain is hijacked
Now let’s see what happens when a domain name is hijacked. To hijack a domain name you just need to get access to the domain control panel and point the domain name to some other web server other than the original one. So to hijack a domain you need not gain access to the target web server.
For example, a hacker gets access to the domain control panel of “abc.com”. From here the hacker re-configures the domain name to point it to some other web server (Z). Now whenever an Internet user tries to access “abc.com” he is taken to the hacker’s website (Z) and not to John’s original site (Y).
In this case the John’s domain name (abc.com) is said to be hijacked.
How the domain names are hijacked
To hijack a domain name, it’s necessary to gain access to the domain control panel of the target domain. For this you need the following ingredients
1. The domain registrar name for the target domain.
2. The administrative email address associated with the target domain.
These information can be obtained by accessing the WHOIS data of the target domain. To get access the WHOIS data, goto whois.domaintools.com, enter the target domain name and click on Lookup. Once the whois data is loaded, scroll down and you’ll see Whois Record. Under this you’ll get the “Administrative contact email address”.
To get the domain registrar name, look for something like this under the Whois Record. “Registration Service Provided By: XYZ Company”. Here XYZ Company is the domain registrar. In case if you don’t find this, then scroll up and you’ll see ICANN Registrar under the “Registry Data”. In this case, the ICANN registrar is the actual domain registrar.
The administrative email address associated with the domain is the backdoor to hijack the domain name. It is the key to unlock the domain control panel. So to take full control of the domain, the hacker will hack the administrative email associated with it. Email hacking has been discussed in my previous post how to hack an email account.
Once the hacker take full control of this email account, he will visit the domain registrar’s website and click on forgot password in the login page. There he will be asked to enter either the domain name or the administrative email address to initiate the password reset process. Once this is done all the details to reset the password will be sent to the administrative email address. Since the hacker has the access to this email account he can easily reset the password of domain control panel. After resetting the password, he logs into the control panel with the new password and from there he can hijack the domain within minutes.
How to protect the domain name from being hijacked
The best way to protect the domain name is to protect the administrative email account associated with the domain. If you loose this email account, you loose your domain. So refer my previous post on how to protect your email account from being hacked. Another best way to protect your domain is to go for private domain registration. When you register a domain name using the private registration option, all your personal details such as your name, address, phone and administrative email address are hidden from the public. So when a hacker performs a WHOIS lookup for you domain name, he will not be able to find your name, phone and administrative email address. So the private registration provides an extra security and protects your privacy. Private domain registration costs a bit extra amount but is really worth for it’s advantages. Every domain registrar provides an option to go for private registration, so when you purchase a new domain make sure that you select the private registration option.

CERTAIN TIPS TO MAINTAIN A VIRUS FREE COMPUTER

Is your computer infected with virus? Do you often get mysterious error messages? Well this is a common problem faced by almost all the computer users across the globe. There are many viruses and worms out there that could infect your computer. Some are harmless, but, they do have the capacity to do any number of nasty things, up to and including, erasing all data from your computer. However there are ways to keep viruses away from your PC. Here are the 12 tips to maintain a virus free computer.

1. Email is one of the common ways by which your computer can catch a virus. So it is always recommended to stay away from SPAM. Open only those emails that has it’s origin from a trusted source such as those which comes from your contact list. If you are using your own private email host (other than gmail, yahoo, hotmail etc.) then it is highly recommended that you use a good anti-spam software. And finally NEVER click on any links in the emails that comes from untrusted sources.

2. USB thumb/pen drives is another common way by which viruses spread rapidly. So it is always a good habit to perform a virus scan before copying any data onto your computer. NEVER double-click the pen drive to open it. Instead right-click on it and select the option “open”. This is a safe way to open a pen drive.

3. Be careful about using MS Outlook. Outlook is more susceptible to worms than other e-mail programs, unless you have efficient Anti-Virus programs running. Use Pegasus or Thunderbird (by Mozilla), or a web-based program such as Hotmail or Yahoo (In Firefox).

4. As we all know, Internet is the main source of all the malicious programs including viruses, worms, trojans etc. In fact Internet contributes to virus infection by up to 80%. So here are the tips for safe surfing habits so that you can ward off virus infection up to the maximum extent.

• Don’t click on pop-up windows that announce a sudden disaster in your city or announce that you’ve won an hourly prize. They are the ways to mislead Internet users and you should never trust them.
• You can also use a pop-up blocker to automatically block those pop-ups.

5. Most of us use search engines like Google to find what we are looking for. It is quite obvious for a malicious website to get listed in the search results. So to avoid visiting those untrusted malicious websites, you can download and install the AVG LinkScanner which is a freeware. This tool can become very handy and will help you to stay away from malicious websites.

6. Install a good antivirus software and keep it updated. Also perform full system scan periodically. It is highly recommended that you turn on the automatic update feature. This is the most essential task to protect your PC from virues. If PC security is your first option then it is recommended that you go for a shareware antivirus software over the free ones. Most of the antivirus supports the Auto-Protect feature that provides realtime security for your PC. Make sure that this feature is turned on.

7. Install a good Antispyware program, that operates against Internet malware and spyware.

8. Never open any email attachments that come from untrusted sources. If it is a picture, text or sound file (these attachments end in the extensions .txt, .jpeg, .gif, .bmp, .tif, .mp3, .htm, .html, and .avi), you are probably safe, but still do a scan before opening.

9. Do not use disks that other people gave you, even from work. The disk could be infected with a virus. Of course, you can run a virus scan on it first to check it out.

10. Set up your Windows Update to automatically download patches and upgrades. This will allow your computer to automatically download any updates to both the operating system and Internet Explorer. These updates fix security holes in both pieces of software.

11. While you download files from untrusted websites/sources such as torrents, warez etc. make sure that you run a virus scan before executing them.

12. And finally it is recommended not to visit the websites that feature illegal/unwanted stuffs such as cracks, serials, warez etc. since they contribute much in spreading of viruses and other malicious programs.

Create a arestore disk and partition

Introduction
When you buy a new computer you will usually get some sort of restore/ recovery disc. This is used to restore your operating system and software back to factory condition so your PC will run as it did when you bought it. This is usually done by saving an image of the partition where the OS & installed programs are located. The image is saved to a single file or split into a spanned set of files if it's total size exceeds FAT32's 4GB file size limitation. This guide will explain various ways to make a restore disc that you can customize and tweak to your needs. Since it uses Symantec Norton Ghost it can be used on just about any computer including those that are custom built or running Linux. The two main methods of doing this is by either storing the image on the hard disk or on a recordable disc. The advantage of storing the image to hard disk is faster speed and the flexibility of overwriting images. Very useful if you make frequent changes to your images. Ghost has the option of burning images directly to CD or DVD. The downside is that it requires the user to use the bootable floppy along with those discs. This tutorial will take it one step further and eliminate the need for a bootable floppy.

Required tools & setup
The screenshots from this tutorial are from a Windows XP machine. The software used is Nero 6 Ultra Edition. If you are using a different Windows operating system or burning program the instructions will differ slightly, but the process is still the same.

1) Windows Millennium startup diskette ( http://www.bootdisk.com ) or Ghost boot disk
2) CD or DVD burning program capable of making a bootable disc. ( http://www.nero.com, http://www.roxio.com )
3) CD or DVD burner
4) BIOS capable of booting up from a CD or DVD ( El Torito format specification. )
Creating Ghost image
This part assumes you know how to use the home or business versions of Symantec Norton Ghost. Create your partition image (partition to image). Choose the partition that the operating system & programs are installed on. Ghost does not use alphabetical DOS drive assignment. Instead it uses numeric assignment in the form of Number1:Number2. the first number is the drive. The second number is the partition within that drive. If you have no clue what this means just pay attention to the size and volume label of the partition you are selecting. Make note of what it says on the very last menu screen. What you need to know is the source & destination locations. It also says this at the very bottom of the screen. 1:2\ghost\winxp.gho usually means the image will be written to a file called winxp.gho inside a folder called ghost on drive D: So 1:1 would usually be drive C: the typical source partition where the OS & programs are install to. When restoring 1:1 will be our destination so it is reversed.






Preparing files
The Windows Millennium startup diskette is going to provide the files used to make our restore disc bootable. The configuration files of the boot data cannot be changed after the disc is burned. There may be a lot of trial and error so using a re-writable CD will save you from burning tons of coasters. There are hidden & system files we need to edit inside the startup disk. You need to change folder options to see them by enabling "show hidden files" and disabling "hide OS files".



View the contents of the Windows Millennium startup diskette. We need to change only two files: autoexec.bat and config.sys. Open autoexec.bat with notepad or WordPad. We are going to tell ghost.exe where the image is stored and where to restore it to. Note if ghost.exe is in some other folder than you must specify the directory before you issue this command. After the Millennium diskette boots the computer it will start executing what we really need it to do. These are the Ghost command line switches.

IF "%config%"=="NOCD" GOTO QUIT
IF "%config%"=="HELP" GOTO HELP
LH %ramd%:\MSCDEX.EXE /D:mscd001 /L:%CDROM%
ghost.exe -clone,mode=pload,src=1:2\ghost\winxp.gho:1,dst=1:1
::If MSCDEX doesn't find a drive...
IF ERRORLEVEL 1 SET CDPROB=1
::
GOTO QUIT

In this example src=1:2\ghost\winxp.gho:1 is the location of the image file (source) with :1designating the partition number within the image. If your image contains multiple partitions you can restore a specific partition by specifying the partition number inside the image. The comma is a separator so ,dst=1:1 (destination) means we are restoring this image to partition one on physical hard disk one (this is usually drive C:). You cannot restore an image to the same partition it is saved to. If it's a spanned image all files have to be located in the same folder. This example is for an image saved to hard disk. Using a CD or DVD burner is still very similar. You would replace the source with something like src=CDR0001\ghost\winxp.gho:1 or whichever your burner is assigned as in Ghost.

Click here for [more Ghost command line switches]

http://service1.symantec.com/SUPPORT/ghost.nsf/docid/1998082413392025?
Open&src=sg&docid=1998082612540625&nsf=ghost.nsf&view=40c79ec65
039a2b588256a0d004ca98e&dtype=&prod=&ver=&osv=&osv_lvl=

Config.sys
Open config.sys and edit the following to the very top of the configuration. We are reducing the DOS menu to only one choice which will execute in one second:

Original:
[menu]
menuitem=HELP, Help
menuitem=CD, Start computer with CD-ROM support.
menuitem=NOCD, Start computer without CD-ROM support.
menuitem=QUICK, Minimal Boot
menudefault=HELP,30
menucolor=7,0

Revised:

[menu]
menuitem=CD, Restore Ghost Image.
menudefault=CD,1
menucolor=7,0
Optional: If you want to show people what a Sci-Fi geek you are open setramd.bat and edit the echo messages like this. This step is not necessary and will be displayed while the computer is being booted up:

@echo off
set RAMD=
set CDROM=

echo.
echo Retinal Scan Sequencing.....
echo Optical Neural Net Database .....Searching....Verified
echo Access Granted
echo.
--------------------------------------------------


a:\findramd

if "%RAMD%"=="C" goto c_drive

goto success

:c_drive
echo Initializing Partition Load Sequence.
echo System Sequence Initialized. Executing Primary Command.
echo Please wait.......
echo.
goto success

Another method which I haven't tried is using a Ghost boot floppy. This floppy can be made with Ghost within windows. This method would replace the Millennium disk entirely. It would also provide DOS mouse, USB2.0, firewire, and network support with Ghost. You will still have to append the command line switches to an autoexec.bat file otherwise the user will have to choose the target and source manually which makes doing all of this pointless.

Burning Boot Disc
Open Nero and create a Boot CD or Boot DVD compilation. Don't use the expert settings unless you have a reason to. If you are restoring the image from hard disk than a recordable CD is good enough. If you want to save the image to disc you can either span the it over multiple CD's or DVD's. If you are spanning images you must enable spanning option within ghost before creating the image. You cannot split them after the image is made. You can also choose to password protect your image. When this disc is being made it will read the Millennium diskette we just edited. Make sure you do not finalize this compilation. Don't add any extra files to it yet.

After it is burnt put the recordable disc back in the drive and create a CD-ROM ISO continue with multisession. There is only session you can continue from so choose it. It will complain about the CD not created using the multisession option, just ignore than and accept. Here is where the files will be added. You can add whatever other files you want, but leave room for the images unless it is on hard disk. For the other spanned images just burn them to separate CD's. Ghost will prompt you to insert the next volume when it's done reading each spanned image. They must be read in consecutive order.






When you burn the second part of the boot disc the required file you need to add to the compilation is ghost.exe. You need at least Ghost version 2003 if you are restoring an image with an operating system using an NTFS filing system.

Notes
You can use Ghost Explorer to add and replace files within a Ghost image if it is saved to hard disk. This saves you the hassle of creating new images if you need to make only minor changes. Gdisk can create hidden hard disk partitions. Useful if you want to save images to a hidden partition for user protection. Compaq/ HP sometimes put the images to a hidden partition because people can't screw with it unless they know the partition is there. But than again some people will still delete these partitions with a partitioning utility like FDISK not knowing what it is or what it holds. After you make a partition hidden with GDISK you can still save images to it with Ghost. GDISK is also partitioning utility like FDISK. It can also be used to perform secure disk wiping to US Department of Defense standards. This insures no data can be recovered from the hard disk.

Here's an example from my own machine. Note the H indicating a hidden partition. It is where the Ghost image is stored

C:\Program Files\Symantec\Norton Ghost 2003>gdisk32.exe /? GDISK32 Fixed Disk Partitioning Utility  GDISK32 [disk] [/STATUS] [/RAW|/LBA] [/SER] [/X] [/I] [/S] [/Y] [/R] GDISK32 disk /[-]ACT /P:partn-no [/X] [/I] [/S] [/Y] [/R] GDISK32 disk /[-]HIDE /P:partn-no [/X] [/I] [/S] [/Y] [/R] GDISK32 /BOOTINI {/ADD|/REMOVE|/DEFAULT} [/D:disk-no] [/P:partn-no]         [/DESC:desc] [/ENTRY:no] [/TIMEOUT:sec] [/INIFILE:filename]         [/BSECTFILE:filename] [/WINNT [/SYSFOLDER:folder]] [/R] GDISK32 [disk] /BATCH[:filename] [switch[switch...]] GDISK32 /? [/STATUS|/[-]ACT|/[-]HIDE|/BOOTINI|/BATCH]  Copyright (C) 1998-2002 Symantec Corp. All rights reserved. 2003.775.  C:\Program Files\Symantec\Norton Ghost 2003>gdisk32.exe 1 /status Disk  Partitions  Cylinders  Heads  Sectors  Mbytes  Model   1        4        14593     255      63  114473.5  WDC WD1200JB-00CRA1  Partition  Status   Type     Volume Label   Mbytes   System   Usage  C:  1        A    PRIMARY                 20481.3  NTFS/HPFS  18%      2             EXTENDED                93989.7             82%      3             LOGICAL                 81925.2  UNKNOWN    72%      4        H    LOGICAL                 12064.4  NTFS/HPFS  11%

Usage
Set your CD-rom as the first boot device in your motherboard's BIOS. Pressing F8 or DELETE keys at computer bootup will usually get you into the CMOS configuration setup utility.

BIOS SETUP UTILITY
------BOOT-------
1st Boot Device [ATAPI CD-ROM]
2nd Boot Device [Floppy]
3rd Boot Device [Hard Disk]
Other Boot Device [Enabled]

Put the restore disc in your CD-rom drive and restart the computer. It will boot up and at the very end Ghost will prompt a message asking "Proceed with Partition Clone YES/NO?". It typically takes five minutes to restore the operating system & software back depending on the total size of the image. If you make changes to the image on hard disk you can still use the same restore disc to initiate the process as long as the image location and destination are still the same.