Sometimes, website owners do not want to have a website name and that they allow it to expire without attempting to renew it.
This happens all the time and is completely normal, but it’s important to recollect that attackers regularly monitor domain expirations and should target certain domains that meet specific criteria.
Vendor domains can be an easy backdoor
A vendor (supplier) domain is defined as an internet site that wants to host and cargo third party Javascript resources — for instance , something sort of a live chat widget or also advertisements. This also includes domains wont to load Javascript sources for specific WordPress plugins.
For whatever reason, a vendor may allow their domain’s registration to expire, which suggests it can become available for an attacker (or anyone else) to operate it.
Attackers typically perform reconnaissance to determine whether or not a website is effective to them. For example, if the expired domain is used within a plugin to load a Javascript resource, then it will be a perfect target.
We recently found that the exact scenario with the now defunct WordPress plugin visual website editor and its domain tidioelements.com, which was kindly reported to us by a website owner that encountered suspicious activity while using it.
The attacker’s strategy depends on the fact that some websites might still be having the plugin installed and activated, and continue to load resources and advantages from the expired domain.
Once the attacker registered the domain, they can then assume the control by replacing any legitimate Javascript resources with something malicious to take advantage of.
The plugin doesn’t know that the domain has expired or that the Javascript resource is now loading from an attacker’s server — the only information it has is the URL to the Javascript resources, which it will include wherever the plugin is loaded.
The project idea was dropped and is no longer available for download in the WordPress repository. Nevertheless, attackers were able to take advantage of the expired domain to load the content, which highlights the importance of keeping all software up to date and remove any old plugins that are not actively used in your day to day time. Another important tip to harden your website is to only use resources from official, trusted and reputable sources.
