Guidance

What to do if your domain name is compromised

Check who to contact if you think your domain is compromised.

Domain names are regularly attacked and sometimes compromised within the DNS system. You should protect your domain name and take action if attackers have compromised your domain name.

If you think your domain name is compromised you must do the following immediately.

  1. Check what services are affected, for example websites, emails and digital services.

  2. Contact your registrar or DNS provider immediately to get help.

  3. If your registrar or DNS provider has changed without your permission, this may be part of the compromise and you should contact the new one.

  4. Report the incident to the National Cyber Security Centre.

  5. Contact the Domain Management team if you are UK government organisation.

What can happen to a compromised domain name

If attackers compromise your domain name you must follow the steps above to recover it. If you do not, attackers could:

  • change name servers

  • intercept and access standard and encrypted traffic

  • re-route, intercept and spoof email

  • redirect websites

  • create and host web email or digital services that look legitimate

  • add DNS records to authenticate the domain’s other services - for example a bulk email service

  • create real SSL certificates

  • spoof servers to capture internal data

  • set long Time-to-live (TTL) records so changes they make take longer to undo

Published 19 December 2019
Last updated 5 May 2021 + show all updates
  1. The Domain Management team has now moved to the Central Digital and Data Office. This update removes any references to the Government Digital Service (GDS).

  2. First published.

  1. Step 1 Check if your organisation can apply

  2. Step 2 Appoint a domain name administrator and choose a registrar

    You must appoint someone to register the domain name. The Government Digital Service (GDS) must be able to contact them.

    1. Appoint a domain name administrator
    2. How to choose a good registrar or Domain Name Service (DNS) provider
  3. Step 3 Choose your domain name

  4. Step 4 Apply for your domain name

  5. Step 5 Appeal your rejected domain name application

  6. Step 6 Use your domain name

    You must follow the Cabinet Office guidelines when your domain is live, or GDS will withdraw it. For example, you must keep your contact details up to date.

    1. Set up and use your domain name
    1. Keep your domain name secure
  7. Step 7 Manage your domain name

    You can make changes to your .gov.uk domain name.

    1. Renew your domain name
    1. Modify or transfer your domain name

    If your organisation no longer needs a domain name, you must take steps to protect it.

    1. Stop using your domain name
    1. You are currently viewing: What to do if your domain is compromised