Prevent Subdomain Takeover in Laravel – Security Guide & Fixes

Understanding Subdomain Takeover in Laravel

Subdomain takeover is a security vulnerability that occurs when a subdomain points to an external service (e.g., GitHub Pages, AWS, Heroku) that is no longer in use. Attackers can claim the abandoned service and take control of the subdomain, potentially hosting malicious content.

Prevent Subdomain Takeover in Laravel – Security Guide & Fixes

In Laravel applications, developers often use subdomains for multi-tenancy, API endpoints, or user-generated content. If not managed properly, these subdomains can become vulnerable to takeover.

How Does Subdomain Takeover Happen?

  1. Dangling DNS Records – A subdomain is still pointing to an external service that no longer hosts content.
  2. Claiming the Service – Attackers check if the service is available and take control of it.
  3. Exploiting the Subdomain – The attacker uploads malicious content or uses it for phishing and scams.

Checking for Vulnerable Subdomains

To prevent subdomain takeover, start by scanning your website for vulnerable subdomains. Use our Free Website Security Scanner to analyze DNS records and detect security risks.

Screenshot of the free tools webpage where you can access security assessment tools.
Screenshot of the free tools webpage where you can access security assessment tools.

Securing Your Laravel Application Against Subdomain Takeover

1. Regularly Audit DNS Records

Run the following command to check DNS records for any abandoned services:

dig CNAME vulnerable.example.com

If it points to an inactive third-party service, update or remove the record immediately.


2. Remove Unused Subdomains

If you have a subdomain that is no longer in use, remove it from your DNS records to prevent takeover.

# Delete subdomain record in Linux
sudo nano /etc/nginx/sites-available/example.com
# Remove the subdomain entry

3. Validate Subdomain Ownership in Laravel

Use Laravel middleware to verify subdomains before routing requests:

// app/Http/Middleware/VerifySubdomain.php
namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;

class VerifySubdomain
{
    public function handle(Request $request, Closure $next)
    {
        $allowedSubdomains = ['user1', 'user2']; // List of valid subdomains
        $subdomain = explode('.', $request->getHost())[0];

        if (!in_array($subdomain, $allowedSubdomains)) {
            abort(403, "Unauthorized subdomain access");
        }

        return $next($request);
    }
}

Register the middleware in app/Http/Kernel.php:

protected $routeMiddleware = [
    'verify.subdomain' => \App\Http\Middleware\VerifySubdomain::class,
];

Then, apply it to routes in routes/web.php:

Route::group(['middleware' => 'verify.subdomain'], function () {
    Route::get('/', function () {
        return "Welcome to the secure subdomain!";
    });
});


4. Set Up Proper Security Headers

Implement security headers in Laravel to prevent domain hijacking:

use Illuminate\Support\Facades\Response;

Route::get('/', function () {
    return Response::make("Secure Laravel App")
        ->header("X-Frame-Options", "DENY")
        ->header("Content-Security-Policy", "default-src 'self'")
        ->header("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
});


5. Monitor DNS Changes Automatically

Use Laravel’s scheduled tasks feature to regularly monitor DNS records and detect unauthorized changes.

Create a new command:

php artisan make:command CheckDNSRecords

Modify app/Console/Commands/CheckDNSRecords.php:

namespace App\Console\Commands;

use Illuminate\Console\Command;
use Illuminate\Support\Facades\Http;

class CheckDNSRecords extends Command
{
    protected $signature = 'check:dns';
    protected $description = 'Monitor DNS records for subdomain security';

    public function handle()
    {
        $domain = "example.com";
        $dnsRecords = dns_get_record($domain, DNS_CNAME);

        if (empty($dnsRecords)) {
            $this->info("No CNAME records found. Subdomain is safe.");
        } else {
            $this->warn("Potential risk detected! Check your DNS settings.");
        }
    }
}

Schedule it in app/Console/Kernel.php:

protected function schedule(Schedule $schedule)
{
    $schedule->command('check:dns')->daily();
}


6. Regularly Assess Website Security

Use automated security tools like our Website Security Checker to monitor and assess vulnerabilities.

An Example of a vulnerability assessment report generated with our free tool, providing insights into possible vulnerabilities.
An Example of a vulnerability assessment report generated with our free tool, providing insights into possible vulnerabilities.

Final Thoughts

Subdomain takeover can lead to serious security risks, including phishing, malware distribution, and data breaches. Laravel developers should regularly audit DNS records, validate subdomain ownership, and use security tools to protect their applications.

For more cybersecurity insights and Laravel security tips, visit our Pentest Testing Blog.

By following these best practices and leveraging security automation to check Website Vulnerability, you can safeguard your Laravel application from subdomain takeover threats. 🚀

Comments

Post a Comment

Popular posts from this blog

Fix Sensitive Data Exposure in Symfony Apps

Image
Symfony is a powerful PHP framework known for its flexibility and robustness. But like any web technology, if it's not properly secured, it can become a target for attackers — especially when it comes to Sensitive Data Exposure . In this post, we’ll explore how this vulnerability occurs in Symfony applications and provide secure coding examples to mitigate the risk. 💡 Need to check your site for security vulnerabilities? Use our Free Website Vulnerability Scanner online  today! 🔍 What is Sensitive Data Exposure? Sensitive Data Exposure occurs when an application unintentionally exposes data such as: Passwords Credit card information Session tokens Personal Identifiable Information (PII) In Symfony, this usually happens due to misconfigurations, improper error handling, or insecure data storage. ⚠️ Common Causes in Symfony Exposing stack traces in production Logging sensitive data (e.g., passwords or tokens) Storing plain-text credentials Weak e...
Read more

Fix Security Misconfiguration Issues in Symfony

Image
Security misconfiguration is one of the most common yet critical vulnerabilities in modern web applications. Symfony, being a powerful PHP framework, offers many configuration options—but when misused or left insecure, it becomes a prime target for attackers. In this blog post, we’ll explore how security misconfigurations can creep into Symfony applications, provide practical coding examples, and show you how to test your website using our Free Website Vulnerability Scanner online . 👉 Also check out more security tips on our blog at Pentest Testing Corp. 🔍 What is Security Misconfiguration? Security misconfiguration refers to improperly configured security controls or settings in software or hardware systems. In Symfony, this can include: Default configurations still active Debug mode enabled in production Insecure HTTP headers Overly verbose error messages Unprotected files and directories Unrestricted administrative panels Misconfigurations can give hacker...
Read more

Prevent Remote Code Execution (RCE) Vulnerabilities in Symfony

Image
Introduction Remote Code Execution (RCE) vulnerabilities are a critical security risk for any web application, and Symfony-based applications are no exception. RCE allows attackers to execute arbitrary code on the server, potentially leading to severe data breaches, system compromises, or full server control. In this post, we’ll explore how RCE vulnerabilities manifest in Symfony, how to prevent them and share practical coding examples. By the end of this article, you’ll have a better understanding of securing Symfony applications against these attacks and using our Website Vulnerability Scanner tool to check for vulnerabilities in your web apps. What is Remote Code Execution (RCE)? Remote Code Execution (RCE) is a type of vulnerability that allows an attacker to run arbitrary code on a target system. This is typically achieved by exploiting flaws in the application that allow user input to be executed as code on the server. In Symfony, common RCE vulnerabilities arise from p...
Read more