Subdomain Protection

2018-03-06 21_27_11-explain.html.png


You are probably here because you came across a web page that looks something like the above image. First off, let me assure you that your website is not hacked. It is a simple misconfiguration that can be easily remedied.

The domain where you see our page is configured with a CNAME record pointing to CloudFront. There was, however, not a CloudFront distribution configured to serve content for that domain, so we added the domain to our CloudFront distribution. If you would like to show something else on the domain, simply edit or remove the CNAME record and point the domain to your own content.


During the course of our research, we discovered many subdomains that were vulnerable to a "subdomain takeover". This is where a domain points to a location without any content, but where anyone would be able to host content.

A malicious attacker can use these domains to direct unsuspecting victims to dangerous web pages. Instead of leaving that option open for someone to abuse, we hosted content that would be displayed on these domains in order to protect users.