We have a client site at example.org (I'd rather not divulge the real url publicly). For branding purposes, we also registered other domain extensions (ie. example.com, example.info, example.net). We discovered yesterday that one of those extensions (example.com) was redirecting to a Russian porn site. The real website (example.org) was working fine and the other domain extensions were redirecting to example.org properly.
When I examined the DNS record for example.com, I noticed that the name servers were set to Cloudflare. This was odd because we don't have example.com setup in our Cloudflare account. I can only assume that when I setup example.org in Cloudflare I accidentally changed the name server records for example.com as well.
I was able to correct the problem by switching the name servers to GoDaddy and setting up a proper redirect. My question is how could this happen? How could someone take over a domain they don't own that isn't hosted anywhere? Is there a way to prevent it from happening again? Thanks!
Hi Matt, How strange that this should occur. As you appear to know the DNS settings can only be controlled from the account containing the domain(s) unless you are using third party DNS and intentionally exporting control elsewhere. While not knowing the history of how this did or could have occurred, there are some recommendations I could make.
Register with GoDaddy. Domains registered through us are set-up to automatically send notifications to the account holder when changes are made to the DNS. In fact, if "example.com" was registered with us, you might check for notifications you may have received for clues to when this occurred.
Further, if you think someone may have accessed the account, you can increase security through support or set-up two-step verification: https://www.godaddy.com/help/enable-two-step-verification-7502
I hope that helps,
Thomas D. - GoDaddy | Community Moderator
24/7 support available at x.co/247support
Thanks for your reply Thomas. The domain was/is indeed registered with GoDaddy. It's quite possible that I accidentally made the name server change when I changed the .org domain (when we moved its DNS to Cloudflare). So what I'm wondering is how could someone take over the DNS of the .com and redirect it to another site?