A parked domain is a domain that is registered but not actively developed. Companies frequently use domain parking to protect certain domains from cybersquatting.
When a company registers a domain but has yet to set up a website on that domain, DNS registrars will usually set up a default website with a simple landing page, advertising that the domain has been registered and is no longer available.
These landing pages may have misconfigurations or vulnerabilities, and we grade them as part of the infrastructure belonging to a company. Even though the landing page is empty, the domain is still registered to a company, so any findings it generates will be attributed to them.
Why does Bitsight emit and grade findings on landing pages?
Conceivably, we could try to detect these landing pages and exclude them from the findings attributed to the company that owns that domain. We don't do that for two reasons:
- Detecting landing pages can only be done manually (or with some sort of machine learning classifier), as there are many hundreds (if not thousands) of different domain registrars. There would likely be classification errors associated with the process, like missing a specific type of landing page or erroneously tagging a valid website as a landing page.
- Vulnerabilities in landing pages can still have real security consequences for the end owner of the domain. Imagine that a landing page has a vulnerability that allows attackers to change its contents completely. An attacker could mount a phishing attack that shows a fake login page on that landing page, tricking users into thinking they are sending their credentials to your company and sending them to the attacker instead.
How can I address this?
You can fix findings attributed to landing pages by configuring the registered domain to point to either no address or another address owned by the company instead of the default IP address. This can usually be configured in the registrar’s account dashboard.
Feedback
0 comments
Please sign in to leave a comment.