Domain and website are an important part of an organisations’ identity and brand on the Internet, hence it is important to secure your accounts with your domain registrar. In this article, we discuss some of the ways to protect your accounts on one of the most popular domain registrars - GoDaddy.
Introduction Steps to secure your GoDaddy Accounts against attackers: Turn the Auto Renew setting on Turn on Privacy Settings Turn on Domain Lock setting Enable MFA for the account Check account activity for new device or sign-in methods Be aware of phishing attacks Protect your email address attached to your GoDaddy Account Conclusion
GoDaddy is one of the most popular domain registrars with a huge customer base around the world. Millions of customers purchase and manage their domains on GoDaddy. Domains are such an important part of any business or brand identity.
Given the popularity of the platform, on one hand it is a go to choice for many people and businesses, but on the other hand, it is also an attractive target for the attackers. A number of attack attempts ranging from breaching the platform to taking control over popular domains are well known.
Though we know that for any service the responsibility of securing the platform lies with the service provider, however the part of the service under user’s control must be secured by the users themselves. This article helps in understanding how one can secure their GoDaddy account. It provides insights into what threats are posed by insecure account settings, what one can do about it, and what are the things to look out for.
Steps to secure your GoDaddy Accounts against attackers:
Turn the Auto Renew setting on
An important part of managing your domains is to ensure that the domains are renewed from time to time, since they are an important part of your business identity. If you fail to do so, your domain expires and becomes available for sale again.
There have been known cases where domain names that got expired were purchased by attackers and used for setting up fake e-commerce websites impersonating popular brands. These were primarily skimming stores where when a visitor attempted to make a purchase, their credit card details would get captured by the attackers. Attackers are always on the lookout for such mistakes where popular websites or brands fail to renew their domains on time and the attackers take advantage of this by taking control of the domain and using it for serving malware, phishing visitors, etc.
GoDaddy provides an Auto Renew feature which helps in making sure that when the domain expires, it can be automatically renewed for the customer. Though one should make sure that the payment methods and details have been set up appropriately and are always up to date for the Auto Renew to work smoothly on your behalf.
Turn on Privacy Settings
In GoDaddy we have an option to turn on Privacy Settings. If Privacy Settings are turned on it protects personal information of the user that registered the domain. They also provide paid plans such as Full and Ultimate Domain Protection. Along with protection from threats like domain hijackers, they also prevent mistakes like accidental transfers or expirations and shield your domain from any unauthorised access.
Imagine what an attacker could do if your name, address and phone number was available to them. The domain owner could fall prey to phishing attacks and lose access to their GoDaddy account. This would result in the attacker taking over all the domain names present in the account, their DNS settings etc. which could be used to attack users, distribute malware, bring disrepute to the business by hosting malicious content and letting users' systems get infected. Losing access to the primary domain of an online business would result in severe financial loss and bad publicity.
Turn on Domain Lock setting
Domain Lock in GoDaddy is a way to prevent the transfer of your domain name to another registrar. Your Domain is locked by default. Also the locking of domains is not chargeable.
If the domain is not locked, then an opportunity is presented to attackers where unauthorised transfers may be executed. An attacker who has gained access to a GoDaddy session may be able to complete the entire transfer without requiring additional authentication. An attacker gaining access to a domain post transfer, gains access to the domain's DNS settings as well. This could be used to attack users, distribute malware, bring disrepute to the business by hosting malicious content and letting users' systems get infected. Losing access to the primary domain of an online business would result in severe financial loss and bad publicity.
Enable MFA for the account
It is extremely important to turn on Multi Factor Authentication so that your account cannot be accessed by any malicious user even if they have the username and password.
So it is a good habit to enable the MFA and avoid malicious user logins. A user whose 2FA is disabled could fall prey to a stolen credential attack and could lose access to their accounts to attackers if multi factor authentication is not set up.
Check account activity for new device or sign-in methods
In GoDaddy we can check the new devices which are logged into the account along with the date, time, and place of logging in. Regularly monitor the account activity to spot any anomalous activities as early as possible.
Be aware of phishing attacks
Always try to login to your GoDaddy account from the official site. Phishing attacks are quite common where one may receive an email posing to be from a genuine person or company and prompts one to click on a link and provide their username and password. The moment this happens, attackers get access to the credentials which can then be misused by attackers in various ways like leaking credentials, taking over the control of the victim's account, using a hijacked account for conducting more phishing attacks in the victim’s name.
Protect your email address attached to your GoDaddy Account
The Email address attached to your GoDaddy account should have MFA enabled so that if anyone gets access to your email address credentials, they are not able to access your email which is where you receive important information from your GoDaddy account.
As soon as someone gets access to your email, it will be possible to access the domains by resetting the Password in a few clicks.
GoDaddy’s huge customer base reflects its popularity as a domain registrar amongst individuals and businesses. For this very reason it is also a popular target for attackers who are always looking for gaps within the platform as well as the way the customers set up their accounts for managing their domains on the platform.
This article attempts to provide a view of what all security practices can be followed to securely setup and manage GoDaddy accounts. A number of settings and features are available on GoDaddy that the customers must leverage for better security of their accounts.
This article is brought to you by Kloudle Academy, a free e-resource compilation, created and curated by Kloudle. Kloudle is a cloud security management platform that uses the power of automation and simplifies human requirements in cloud security. Receive alerts for Academy by subscribing here.
Cloud Security Specialist
Priyam is a Cloud Security Specialist at Kloudle. She also has experience as DevSecOps Engineer. She is part of security communities such as Infosecgirls and null - The Open Security Community. An active speaker and contributor to various security communities. She has given various technical talks and published content on DevSecOps.