IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [domain]

110 questions
102
votes
8 answers

Can someone read my E-Mail if I lose ownership of my domain?

Let's assume I have a server set up with an email address like me@mydomain.tld. Now I have distributed my business card with the e-mail address to all people all over the world and they keep sending me confidential emails. But now I don't feel like…
Skiddie Hunter
  • 1,098
  • 2
  • 5
  • 12
81
votes
3 answers

Possible reason for displaying two different websites on single domain?

This is something interesting. Try going to http://www.circaventures.com/ You will get a venture capital company. Now go to google and search "Circa Ventures". The first result you get is the exact same domain but the description is "medical…
Maggi Iggam
  • 791
  • 5
  • 5
29
votes
3 answers

Is it technically possible to configure two different SSL certificates for the same domain?

Say I have these URLs: https://example.org/ https://example.org/criticalpath I want the first one to be served with a domain validated commercial SSL certificate and the second one with an extended validation SSL certificate. Is it technically…
Jaime Hablutzel
  • 2,598
  • 3
  • 17
  • 17
9
votes
1 answer

Will enforcing this restriction on Domain Admins "break the network"?

Let's say we secure all servers in the domain.. Domain controllers allow RDP access only from jump servers Domain admins can't connect to non-dc servers And so forth This is all swell and should be considered a safe configuration to prevent the…
Franko
  • 1,530
  • 5
  • 18
  • 30
8
votes
4 answers

A security warning when accessing a site through IP

When I go to https://www.schneier.com/, everything works normal. As soon as I access the same site using its IP address (66.33.204.254), I get a security warning (even if I write something like https://66.33.204.254:443/). The same is not true for…
Pavel Vergeev
  • 185
  • 1
  • 1
  • 6
8
votes
1 answer

Impersonating a computer in a Windows domain

I've been trying to wrap my head around how computers are identified and granted access to a Windows domain. More specifically, I've been asking myself if whatever mechanism is involved really prevents faking the identity of a computer or not, and…
Oskar Lindberg
  • 393
  • 3
  • 10
7
votes
2 answers

Manage SSL certificates for a multi-tenant website

We have given customers the option to allow custom domains which ultimately point to our server by changing the CNAME. Some of our customers would like to have SSL enabled to their domain but I am wondering how to manage certificates for them. I am…
Chandra Paudel
  • 71
  • 3
7
votes
1 answer

Domain redirecting to my site without permission

I noticed that a domain that I don't own or know has been redirected to my site without my permission and has been affecting my SEO. I was able to block some of it by adding the following to the .htaccess file: RewriteEngine on # Options…
user3380039
  • 71
  • 3
6
votes
1 answer

How to reject e-mails spoofing your own domain targeting your employees at Office365?

One problem Office365 users deal with is that an external SMTP server can spoof the domain of an organization and send e-mails to the domain users; where the e-mails appear to be from employees of the organization. On the header the authentication…
Goli E
  • 895
  • 1
  • 11
  • 20
6
votes
2 answers

How can Cloudflare determine the owner of a website?

Assume that we have two websites with two different owners. Both of them set their domain name server to john.ns.cloudflare.com and joly.ns.cloudflare.com. The first owner set both domains in his account in CloudFlare and set server IP to his server…
Ebrahim Poursadeqi
  • 181
  • 4
6
votes
2 answers

Can I use my old SSL certificate with websites in subfolders?

We have a single domain SSL for a website that looks like this: www.website.company.com We are going to expand and do following: www.website.company.com www.website.company.com/dk www.website.company.com/no Since it's still same domain, do we need…
Örebro Studentcentrum
  • 165
  • 5
5
votes
2 answers

Is there a more secure way for users to log into the domain other than just passwords?

Say you have this: An NPS server that grants access to users using client certificates (EAP-TLS). So for example someone managed to snatch the domain administrator's password and they log in to the computer using the domain administrator's username…
Newlo Newly
  • 145
  • 1
  • 1
  • 6
5
votes
3 answers

Receiving lots of spam after registering a new domain on GoDaddy

A couple of days ago I have registered a new domain on GoDaddy without WHOIS privacy option. The next day after registration I have started receiving spam in my mailbox as well as on my phone. The domain is dormant in the sense that it is not used…
Alexander K.
  • 193
  • 6
5
votes
2 answers

How much can I trust domain registrars to honor Whois identity protection services?

Domain name registrars offer whois ID protection services. I do plan to use such a service. But as I'm a relative newbie to the domain name registration world, I don't know whether I can trust it. I'm trying to decide whether it is worth risking…
user541686
  • 2,502
  • 2
  • 21
  • 28
4
votes
3 answers

How to make sure an API request is coming from a specific domain?

I'm opening up some API access to my site and my users are required to specify from which of their websites, such as example.com, they will make the API requests. I'm wondering if there's any way to verify that an HTTP request is indeed from a…
datasn.io
  • 749
  • 1
  • 8
  • 9
1
2 3 4 5 6 7 8