this post was submitted on 24 Jan 2025
204 points (99.0% liked)
Technology
61456 readers
3983 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I believe this is done using IP rerolling. Basically; a DNS record is created by the domain's owners to an IP address to verify its ownership. However over time, there might be reasons where the original servers loses the initial IP they were given. This is typically not a problem as long as the IP in the DNS records is updated. However if the subdomain stops being used via official means and people behind it does not delete their subdomain records from the DNS; A malicious actor could reroll their IP until they get the desired IP; and they can control that subdomain if they do.
Btw, slightly related: never abandon your old email adress.
In this day and age you need to be very careful abandoning anything in the cloud. My employer regularly contracts with HackerOne to test the security of our websites. On at least one occasion they demonstrated an exploit by creating an AWS S3 bucket with the same name as a bucket we stopped using years ago. We still had an old DNS record pointing to that old bucket if I recall correctly…