Host Typo hijacking

I moved my  55+ domains to from Godaddy last year and for the most part have been happy with’s service.  However today I noticed something that absolutely outraged me. I’ve taken steps to correct the problem, but the fact that something like this was turned on by default causes me to seriously question renewing my domains with

This problem comes up with’s DNS service. TCG like most serious web developers host sites off our own small server farm. We made a decision some time ago however to put our “DNS” functions off into the cloud. DNS is one of those things whose failure can take down a website instantly. Most Companies like who offer both domain names and web hosting, also offer DNS hosting, and for simplicity sake we chose as our DNS hoster.

Today I discovered that is hijacking host typos and sending them to a bogus page. I’m not sure how long this has been going on, I only discovered it today.

What is doing is redirecting any host not specifically defined in your DNS Record Management to a bogus site at IP address: The “tag line” for this site is “What you need, when you need it”.  What should be happening is that is a bad host name was entered there such be an error.

To combat this a victim needs to alter their DNS Record Management to include a wild card entry. Wild Card DNS entries work like they do in the command line world, it means “include everything”. When editing in the DNS Record Management scroll down to the bottom and enter a new “cname” record.

Picture 1

The “Record Type” should be “CNAME”, “Record Host” should be an asterisk (shift+8), the “Record Answer” should the the name or CNAME of your web server, and leave the “TTL” at the default value (should be 300). Click “Submit” and you should have a new entry like this:

Picture 3

This will do your own redirect of ANY host name typed in and prevent from hijacking your visitors. In order to make this work properly and your page come up with any host name, you also may need to do some editing on your web server, but even without adjusting your web server, this “should” produce an error when a host name is missed typed rather than it bringing up’s hijack page.

Deeper explanation on DNS Hijacking

Leave a Reply