IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [sub-domain]

The domain name system tree structure or DNS hierarchy has a root domain at the top and all the child nodes in the tree are called sub-domains.

Basically a sub-domain in a domain that is a part of a larger domain. e.g. a.mysite.com and b.mysite.com are sub-domains of mysite.com which is a sub-domain of a top level domain .com

67 questions
1
vote
3 answers

Are subdomains a cure for phishing?

Seeing as phishing is getting more popular and users are becoming less concerned about security, I am trying to come up with a solution for a new site of mine that can stop phishers. For instance, any one can create a new site that looks exactly…
ElectricSignal
  • 33
  • 6
1
vote
1 answer

SSL on domain will affect un-secured sub-domain

I have a plan to buy a SSL certificate for my domain. I don't have much budget so I decided to buy standard SSL with no support for sub-domains. I have a WCF web-service that works on sub-domain. This WCF service is consumed by the website on the…
Aishwarya Shiva
  • 121
  • 7
1
vote
0 answers

secure authentication between subdomains hosted seperately

The web tools we are developing for a client require seamless interoperability with an existing user management sytem and commerce tools (the "mainsite"). The mainsite is built and maintained by a third party. We've developed a plan to interact…
jedierikb
  • 111
  • 3
1
vote
0 answers

Can I buy a standard SSL certificate to protect a website i.e. certificates.xxxxxx.com?

I don't have much experience in buying and installing ssl certificates. I have one website like certificates.xxxxx.com. So, my question is that can I buy a standard ssl certificate from GoDaddy to protect this one website. xxxxx.com itself is a…
Stacky
  • 11
  • 1
1
vote
0 answers

Phishing/spam websites using the same domain as legitimate websites?

I have found links to an obvious bait website. Link to PHISHING website. However, I was very surprised to see the domain is "holidayinn.com". On first sight this appears to be a genuine subdomain. How is this possible? EDIT: An extra link. I do not…
username193228
  • 11
  • 2
1
vote
2 answers

Are subdomains secure from one another if they are on separate servers?

I'm writing an application (example.com) that gives users their own sub-domains to run arbitrary user applications off of (user.example.com). Each user application will be run on separate servers with distinct domains, and my application will route…
sahil
  • 111
  • 1
1
vote
0 answers

Is subdomain takeover possible in this case?

I found out that the domain xyz.example.com gives me a 404 error when visited. This domain has the following CNAME > xyz.example.com.ent.syn-alias.com (same 404 page) Which is pointing to another CNAME > xyz.example.com.ent.cmh.syn-alias.com (same…
Jyosk Natalm
  • 61
  • 3
1
vote
2 answers

Cross subdomain PHP security?

I understand there are security risks with regards to cross subdomain session cookie attacks which are covered in other posts. However what about PHP script security? If a user with subdomain FTP access on a cPanel server uploads a PHP script, can…
Nick W
  • 111
  • 1
1
vote
1 answer

How can I determine the vulnerability for a sub domain takeover attack?

I have found research efforts on explaining how sub domain takeovers can take place authored by a gentleman named "Patrik Hudák". Through his site's blogs he illustrates and conveys an understanding of the…
Azaam Alfi - CCNA Security
  • 23
  • 2
1
vote
1 answer

What is this phishing technique called using subdomains

I'm writing a blog post analyzing a list of phishing domains and I'm coming across a lot of IDN homograph attack domains and these "subdomain attack domains" but I cannot find the technical/good way to describe it. For example, this type of domain…
hd.
  • 158
  • 9
1
vote
1 answer

Can the subdomains have different certificates from the main domain if I use HSTS includeSubDomains and preload?

I have a main domain where I serve my website, and then I have subdomains that I use to deploy other projects which may be temporary. Having set up a deployment system with docker and letsencrypt, each project automatically has their own…
progress44
  • 13
  • 2
1
vote
1 answer

My company is considering collapsing from multiple independent domains to one trust network

Currently, we have a number of domains for various purposes like back office, production, DMZ, partners, etc. There has been a change in management thinking to simplification. They want all the resources to fall under one trust. I'm responsible for…
oBreak
  • 470
  • 3
  • 5
1
vote
1 answer

Subdomain Takeover

I'm familiar with subdomain takeover when the following is the situation: a.site.com CNAME site.mktoweb.com If site.mktoweb.com isn't registered then you can create an account on Heroku and try to register the subdomain for yourself. I'm…
megmay
  • 21
  • 4
1
vote
1 answer

Does HSTS inlcudeSubDomains directive include subdomains on all levels?

I asked this question on Stack Overflow, but thought its more relevant here. Regarding the HSTS includeSubDomains directive. Does this include every subdomain underneath e.g. example.com. So abc.def.example.com is also included? In the RFC: The…
W Khan
  • 11
  • 1
1
vote
1 answer

Are there still some ssl domains containing the nul character for testing purposes?

Some years ago, there was a bug with host name checking in ssl so that connection towww.paypal.com%00.thoughtcrime.orgwould look aswww.paypal.comat the certificate level. The issue seems to be over for web browsers. But some tools and popular…
user2284570
  • 1,402
  • 1
  • 14
  • 33
1 2
3
4 5