
Ask HN: My site was hijacked, new to security, how to prevent future attacks? - vonklaus
UPDATE:<p>So I thought somehow they were able to exploit something on my site or phish my password and gain root. This does not seem to be the case. It is actually more concerning. I remarked in the original post I was unsure what I had hosted, it turns out nothing.<p>I have the site pointing at ns1.digitalocean etc. but there is no site up. So that means they must have set up their own site on digital ocean. What will happen if I go to host my site and point it at my domain?
======
adventured
Are you running any server management software like Webmin etc on it?

edit: based on what you're saying, I'm a bit unclear as to the problem. I
would immediately check the security of your domain / domain account. I would
check the Digital Ocean server for anything else that might be now running on
it, see if they're running any local cron jobs, etc.

Either way, if you think that instance was compromised, you should destroy it
after you examine it thoroughly to see if you can find out what happened.

~~~
vonklaus
It turns out I have NO droplets running. So I am not sure what is compromised.
The site must be hosted on the attackers own hardware. Maybe they have my
registrar (recently transferred to namecheap) or maybe they just used a stolen
credit card to purchase a VPS from Digital Ocean and have just set up the
CNames as my domain because they realized I have it unhosted.

So my site/hardware/server has not been compromised, it does not exist.
Somehow they have hijacked my domain or atleast have a site hosted at my
domain.

------
vonklaus
Update 2: It is sorted out now, but if someone finds this, I have a question?

In the age of shared VPSs I point my domain at a well-known endpoint of a
major hosting provider. How can I prevent people from also setting up a
competing set of DNS records with my provider? How would digital ocean know
where to send traffic if it had 2 ip addresses with identical DNS settings
running on their platform.

