-
Notifications
You must be signed in to change notification settings - Fork 136
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Many hijacked subdomains #572
Comments
From how I understand the needed syntax, it unfortunately doesn't seem realistically possible to do with AdGuard DNS Filter, as the chance of false positives of legitimate subdomains on such domains is very high. |
I opened this issue 3ya (!) as an FYI to @AdguardTeam, so it really might be in the wrong repo per their current structure. Still, the problem is quite active (though some mitigations have been implemented by hosts), going by the issues' activity in the linked repo, so maybe the AG team is keeping this open & in mind as they develop more security tools? |
I'm surprised myself that they never replied to you, but you can try your luck at https://github.com/AdguardTeam/AdguardFilters/issues, where replies are guaranteed within 1 week or so. |
I'm not concerned. There's only 10 open issues here & (currently) 162 there, all to be triaged in a hurry. As you said, this is a thorny problem, & deserves more thorough attention. |
@DandelionSprout I took your advice @ AdguardTeam/AdGuardDNS#740. 🙇🏾♂️ |
According to another in a long-term series of articles, various subdomains of a number of Microsoft-owned domains have been hijacked.
Seizing subdomains. How I took over Microsoft subdomains and how to perform such attacks → https://github.com/EdOverflow/can-i-take-over-xyz has quite a lot of details re: & especially combatting this. Some of the problem involves CNAME hacking.
Hard lists of such seem difficult to find, but https://www.google.com/search?q=hijacked%20microsoft%20domains seems to give more pieces to the puzzle. (Perhaps whenever DNSSEC is widely deployed this'll no longer be an issue.)
The text was updated successfully, but these errors were encountered: