I recently received the following message from Google Webmaster Tools:
Dear site owner or webmaster of http://gotgenes.com/,
[…]
Below are one or more example URLs on your site which may be part of a
phishing attack:http://repair.gotgenes.com/~elmsa/.your-account.php
[…]
What I don't understand is that I never had a subdomain repair.gotgenes.com, but visiting it in the web browser gives an actual website. My DNS is FreeDNS, which does not list a repair subdomain. My domain name is registered with GoDaddy, and the nameservers are correctly set to NS1.AFRAID.ORG, NS2.AFRAID.ORG, NS3.AFRAID.ORG, and NS4.AFRAID.ORG.
I have the following questions:
- Where is repair.gotgenes.com actually registered?
- How was it registered?
- What action can I take to have it removed from DNSs?
- How can I prevent this from happening in the future?
This is pretty disconcerting; I feel like my domain has been hijacked. Any help would be much appreciated.
Best Answer
Sigh. I've had a few clients fall trap to this by using afraid.org as their DNS provider. Because they're free, they allow anyone who wants to to create subdomains off your primary domain, unless you specifically disallow it.
You can see here: https://freedns.afraid.org/domain/registry/?sort=5&q=gotgenes&submit=SEARCH that someone has created 79 subdomains off your primary domain.
Never. ever. ever. ever. use afraid.org for a website you care about.